[syslog-ng] Syslog-ng options bad_hostname & check_hostname

Delon Lee Di Lun lee.delon2005 at gmail.com
Tue May 7 23:59:12 UTC 2019 

Hi,

I was wondering what would happen when the log received hostname matches
the bad-hostname and check-hostname options. Its not written in the
documentation clearly.

My use case was, i have syslog running on my server that is receiving logs
from multiple servers. I have all of them into a central folder.

A pesudo config I am using would be:
source s_udp { network(ip("1.1.1.1") transport("udp") port(514)); };
destination d_servers { file("/mnt/logs/$HOST/$YEAR-$MONTH-$DAY.log"); };
log { source(s_udp); destination(d_servers); };
However, with this config i received weird stuff in the /mnt/logs folder.

[image: image.png]

I was thinking if using both check-hostname and bad-hostname would help
reduce such stuffs.

Yours Sincerely,
Delon


On Mon, 6 May 2019 at 16:25, Delon Lee Di Lun <lee.delon2005 at gmail.com>
wrote:

> Hi, you referring to bad_hostname or check_hostname?
>
> On Mon, 6 May 2019 at 15:45, Scheidler, Balázs <
> balazs.scheidler at oneidentity.com> wrote:
>
>> If those options match in the hostname field, syslog-ng will assume it
>> didn't get a hostname, and shifts that value to the start of the message
>> field, so they will be parsed into PROGRAM.
>>
>> alternatively you can use the no-parse flag, fix the value and apply a
>> syslog-parser() later.
>>
>> On Mon, May 6, 2019, 03:21 Delon Lee Di Lun <lee.delon2005 at gmail.com
>> wrote:
>>
>>> Hi,
>>>
>>> Anybody used the syslog-ng options bad_hostname & check_hostname?
>>>
>>> How does that works?
>>>
>>> I have syslog-ng listening on UDP, and found that there are some
>>> gibberish logs in the folder. Was thinking if using the above two options
>>> would help reduce the gibberish.
>>>
>>> Yours Sincerely,
>>> Delon
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190508/881bfc86/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 2551 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190508/881bfc86/attachment-0001.png>

More information about the syslog-ng mailing list