[syslog-ng] Syslog-ng options bad_hostname & check_hostname
Scheidler, Balázs
balazs.scheidler at oneidentity.com
Wed May 8 00:24:28 UTC 2019
On Mon, May 6, 2019, 10:25 Delon Lee Di Lun <lee.delon2005 at gmail.com wrote:
> Hi, you referring to bad_hostname or check_hostname?
>
Both. They result in the same action, just decide whether the hostname it's
considered bad differently.
check-hostname uses a hardcoded set of characters, bad-hostname uses a
regular expression.
> On Mon, 6 May 2019 at 15:45, Scheidler, Balázs <
> balazs.scheidler at oneidentity.com> wrote:
>
>> If those options match in the hostname field, syslog-ng will assume it
>> didn't get a hostname, and shifts that value to the start of the message
>> field, so they will be parsed into PROGRAM.
>>
>> alternatively you can use the no-parse flag, fix the value and apply a
>> syslog-parser() later.
>>
>> On Mon, May 6, 2019, 03:21 Delon Lee Di Lun <lee.delon2005 at gmail.com
>> wrote:
>>
>>> Hi,
>>>
>>> Anybody used the syslog-ng options bad_hostname & check_hostname?
>>>
>>> How does that works?
>>>
>>> I have syslog-ng listening on UDP, and found that there are some
>>> gibberish logs in the folder. Was thinking if using the above two options
>>> would help reduce the gibberish.
>>>
>>> Yours Sincerely,
>>> Delon
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190508/59a1405c/attachment.html>
More information about the syslog-ng
mailing list