[syslog-ng] (U) Find the source systems that write to specific Syslog Server
Scheidler, Balázs
balazs.scheidler at oneidentity.com
Tue Jul 3 12:41:54 UTC 2018
Hi,
the syslog messages contain a $HOST field, which relates to the hostname
they are posted by. Not all OSes fill this field, in that case syslog-ng
attempts to do a reverse-DNS lookup.
In cases where a log message travels multiple hops (e.g. multiple relays)
and where the $HOST field is not kept in-tact, this information can be lost.
also, syslog-ng (at least recent releases) can optionally keep an internal
table of counters, which contain host specific counters at stats-level(2)
or stats-level(3), I can't remember which.
Bazsi
On Tue, Jul 3, 2018 at 2:38 PM, Amin, Jitesh CTR DISA JSP (US) <
jitesh.amin.ctr at mail.mil> wrote:
> CLASSIFICATION: UNCLASSIFIED
>
> Hello,
>
> We have multiple servers running syslog. By looking at the syslong.conf
> file we can identify where the syslog servers are forwarding the data to.
>
>
>
> But what we really want to know is what all sources are writing their logs
> to our syslog servers. Is there a way for us to look somewhere within
> syslog configuration and find out which all systems are forwarding/writing
> logs to a specific syslog server?
>
>
>
> Thanks
>
> Jitesh AminCLASSIFICATION: UNCLASSIFIED
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180703/adfaff1d/attachment.html>
More information about the syslog-ng
mailing list