[syslog-ng] [Fw: keep_hostname (yes); and source file]
Steven Blatchford
sblatchford at gmail.com
Sat May 28 00:44:46 CEST 2011
There seems to be no hostname associated with file() so it uses the first
word of the message. The first word of the log message is 'DEBUG'. On
the central log server I added 'DEBUG' to the filter host and it worked.
Is there a way to set the hostname when the source uses file() ?
-steve
----- Forwarded message from Steven Blatchford <sblatchford at gmail.com> -----
>From: Steven Blatchford <sblatchford at gmail.com>
>Subject: keep_hostname (yes); and source file
>To: syslog-ng at lists.balabit.hu
>Date: Fri, 27 May 2011 18:29:41 -0400
>
>Hello,
>
>I have a file, /srv/http/foo/var/log/system.log that I would like sent
>to our central log. This config was not working:
>
> @version: 3.0
> #
> # /etc/syslog-ng.conf
> #
>
> options {
> stats_freq (0);
> flush_lines (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames(off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> perm(0640);
> group("log");
> };
>
> source s_foo { file("/srv/http/foo/var/log/system.log"); };
>
> log { source(s_foo); destination(d_net); };
>
> destination d_net { udp("host.org"); };
>
>It does work if I comment out 'keep_hostname (yes);'. Can someone
>explain to me why this is?
>
>-steve
----- End forwarded message -----
More information about the syslog-ng
mailing list