[syslog-ng] AIX Syslog Messages
Fekete Robert
frobert at balabit.hu
Wed Jul 6 09:04:51 CEST 2011
Hi,
did you try setting the keep_hostname(yes) global option?
Robert
On 07/05/2011 09:05 PM, Ricardo Oliveira wrote:
> Hi,
>
> I'm having some problems properly storing messages received from AIX servers.
> The format which they come in is like this:
>
> "Jul 5 19:30:59 Message forwarded from server2: su: from root to ..."
>
> According to a thread on this mailing list
> (https://lists.balabit.hu/pipermail/syslog-ng/2006-October/009372.html), and if
> I understood correctly, this should be OK, and I should get the expected
> behaviour of replacing this with the form:
>
> "Jul 5 19:30:59 server2 su: from root to ..."
>
> However, what I get in the log is:
>
> "Jul 5 19:30:59 192.168.1.1 su: from root to ..."
>
> Where the 192.168.1.1 is the IP of the machine I got the message from and not
> the name of the server (server2 in this case).
>
> The issue here is that these messages belong to several machines which are
> sending their syslog messages to a NIM server which in turn forwards them to our
> syslog server, so the IP we end up with is not the machine's IP, but rather the
> NIM server IP, which is not what we need.
> I tried parsing the message on arrival, but it doesn't work, I suppose it's
> because syslog-ng processes it before the parsers kick in.
>
> Is there a way to do this?
>
> TIA,
> Ricardo.
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list