[syslog-ng] syslog driver: IP instead of hostname
Balazs Scheidler
bazsi77 at gmail.com
Thu Feb 27 10:04:42 UTC 2020
sorry, sent too soon.
1) on the client side, if the message is from a local transport (e.g.
system() source, unix-stream and the like), the hostname field will
automatically be filled with the name of the host as set with the hostname
command (e.g. /etc/hostname). you could change this logic by setting the
$HOST macro to your local IP address.
2) on the server side, when we receive a message, we can either accept it
as sent by the client (e.g. keep-hostname(yes) or keep-hostname(no)). If
accepted, then we just accept the literal value as sent by the client. If
you don't trust the client's idea of its hostname, simply set
keep-hostname(no) on the server side. In this case the server will attempt
to determine the HOST value based on the IP address of the sender. In this
phase it either uses DNS (use-dns(yes) setting) or it doesn't. If it uses
DNS, it will populate the HOST field with the reverse-resolved DNS name. If
you set use-dns(no), you'll get an IP address.
Hope this helps,
On Thu, Feb 27, 2020 at 11:00 AM Balazs Scheidler <bazsi77 at gmail.com> wrote:
> it depends on where the message is coming from. if it is coming from
> localhost
>
> On Wed, Feb 26, 2020 at 7:40 PM Alexandre Santos <
> alexandre.rosas.santos at gmail.com> wrote:
>
>> Hello,
>>
>> I have the following a syslog-ng server and a syslog-ng client, which
>> configurations I am sending in attachment.
>> I am using the syslog driver in order to have full compatibility with
>> RFC5424.
>> I want to use the IP address and not the hostname, but I keep seeing the
>> hostname in tcpdump:
>>
>> [root at tests tests]# tcpdump -A -i virbr0 port 60514 or 514
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on virbr0, link-type EN10MB (Ethernet), capture size 262144
>> bytes
>> 18:30:09.810757 IP 192.168.122.11.34512 > tests.syslog: SYSLOG
>> local0.info, length: 100
>> E..... at .@..K..z...z......l..<134>1 2020-02-26T18:30:09+00:00 localhost
>> root 9519 - - This is a local0 info buffer filler string
>>
>> and in logfile:
>>
>> <134>1 2020-02-26T18:30:09+00:00 localhost root 9519 - - This is a local0
>> info buffer filler string
>>
>> Can you help me?
>>
>> Thanks in advance,
>> Alex
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
> --
> Bazsi
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200227/e2be7080/attachment.html>
More information about the syslog-ng
mailing list