[syslog-ng] $FULLHOST doesn't work
Thomas Haupt
t.haupt at ff-muenchen.de
Mon Oct 16 09:23:54 UTC 2017
Hi,
I'm trying to use the hostname from inside the syslog message as
filename but it doesn't work for me:
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-macros.html#macro-fullhost
my config:
@version: 3.9
options { keep_hostname(yes); use-dns(no); };
source s_system { udp(ip("0.0.0.0") port(514)); };
destination d_all { file("/tmp/${FULLHOST}.log"); };
log { source(s_system); destination(d_all); };
The result is my ip address instead of "my-hostname", but I expect
"my-hostname":
syslog-ng -Fevd
....
[2017-10-16T10:32:15.188058] Incoming log entry; line='<14>1
2017-10-16T10:32:15.151157+02:00 my-hostname lampelogtest 54321 111111 -
Test syslog message'
[2017-10-16T10:32:15.188327] Initializing destination file writer;
template='/tmp/${FULLHOST}.log', filename='/tmp/10.3.25.4.log'
Some more information:
syslog-ng --version
syslog-ng 3.9.1
Installer-Version: 3.9.1
Revision:
Module-Directory: /usr/lib64/syslog-ng
Module-Path: /usr/lib64/syslog-ng
Available-Modules:
add-contextual-data,afamqp,affile,afprog,afsocket,afstomp,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,dbparser,disk-buffer,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,syslogformat,system-source,tfgetent
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
The system is a SLES11SP4
Regards,
Thomas
More information about the syslog-ng
mailing list