[syslog-ng] malformed syslog packets?
Patrick H.
syslogng at feystorm.net
Tue Aug 30 03:52:59 CEST 2011
Sent: Mon Aug 29 2011 19:36:28 GMT-0600 (MST)
From: Matt Zagrabelny <mzagrabe at d.umn.edu>
To: syslogng at feystorm.net "Syslog-ng users' and developers' mailing
list" <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] malformed syslog packets?
>>
>> That would be the issue. You want $HOST_FROM
> Super! I have tweaked the configs.
>
>> From the user guide:
>>
>> HOST
>>
>> Description: The name of the source host where the message originates from.
>> If the message traverses several hosts and the chain_hostnames() option is
>> on, the first host in the chain is used. To use this macro, make sure that
>> the keep_hostname() option is enabled.
> Okay. However there is only one host in the chain:
>
> APC UPS (udp 514)-> syslog_server
>
> doesn't syslog-ng do (reverse) name lookups when using the HOST macro?
It uses the host name as provided by the remote server. So the APC is
using its IP as the hostname, while all your other hosts were using an
actual hostname as the hostname.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110829/8459ce34/attachment.htm
More information about the syslog-ng
mailing list