[syslog-ng] Duplicate header ?
Evan Rempel
erempel at uvic.ca
Thu Jun 8 18:07:49 UTC 2017
That is what you get when you set keep_hostname(yes)
The first IP address is the one placed into the message (on the wire) by the source device.
The second one is added by the local/receiving syslog-ng system. If you enabled the DNS for this, you would get the locally resolved DNS name for that IP.
Evan.
On 06/08/2017 11:04 AM, Scot wrote:
> I seem to be getting a duplicate host header in my udp syslog input where the IP is printed twice.
>
> IP/IP any ideas where it comes from ?
>
>
> Same result for either of these.
> #source s_net_udp {udp(ip(0.0.0.0) port(514) keep_hostname(yes) so_rcvbuf(262142));};
> #source s_net_udp {syslog(ip(10.189.252.62) port(514) transport("udp") flags(no-hostname) so_rcvbuf(262142));};
>
>
>
> Jun 8 13:55:21 *192.168.10.10/192.168.10.10 <http://192.168.10.10/192.168.10.10> * fw-aplha %ASA-4-106 ..............
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170608/99f581a9/attachment.html>
More information about the syslog-ng
mailing list