[syslog-ng] syslog driver: IP instead of hostname
Balazs Scheidler
bazsi77 at gmail.com
Thu Feb 27 10:00:50 UTC 2020
it depends on where the message is coming from. if it is coming from
localhost
On Wed, Feb 26, 2020 at 7:40 PM Alexandre Santos <
alexandre.rosas.santos at gmail.com> wrote:
> Hello,
>
> I have the following a syslog-ng server and a syslog-ng client, which
> configurations I am sending in attachment.
> I am using the syslog driver in order to have full compatibility with
> RFC5424.
> I want to use the IP address and not the hostname, but I keep seeing the
> hostname in tcpdump:
>
> [root at tests tests]# tcpdump -A -i virbr0 port 60514 or 514
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on virbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 18:30:09.810757 IP 192.168.122.11.34512 > tests.syslog: SYSLOG local0.info,
> length: 100
> E..... at .@..K..z...z......l..<134>1 2020-02-26T18:30:09+00:00 localhost
> root 9519 - - This is a local0 info buffer filler string
>
> and in logfile:
>
> <134>1 2020-02-26T18:30:09+00:00 localhost root 9519 - - This is a local0
> info buffer filler string
>
> Can you help me?
>
> Thanks in advance,
> Alex
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200227/a83cac0f/attachment-0001.html>
More information about the syslog-ng
mailing list