[syslog-ng] Selective application of keep-hostname()?

Peter Kokai (pkokai) Peter.Kokai at oneidentity.com
Mon Nov 29 21:40:15 UTC 2021 

Hello,

The keep-hostname cannot be applied based on message content. You could do exactly as you stated with multiple sources,
or as an alternative use a rewrite to set hostname conditionally.
First set keep-hostname to yes, and add a conditional *set* to use $HOST_FROM value.

        rewrite {
                set("$HOST_FROM" value("HOST") condition("${SOURCEIP}" eq "127.0.0.1"));
        };

--
Kokan

________________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Steve Bernacki <steve at copacetic.net>
Sent: 29 November 2021 21:41
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Selective application of keep-hostname()?

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


I have a use case where I need to selectively apply keep-hostname(yes)
to messages from certain source IPs, while defaulting to
keep-hostname(no) for the rest of my sources. I know I can apply this
option on a per-source basis, but in this case I want to be able to
selectively apply this option based on the source IP of the message. I'm
trying to avoid having to set up an alternate port if I can.

Thanks
Steve

______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=StmreyM%2BOhehLZ3MnV5%2FuJD%2FK7Qpfqvk2Ce2LLjDBDI%3D&reserved=0
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zSZPhvZP7h6ccYseeUag%2FrUDA06eOWb0a3RQhCiNrNM%3D&reserved=0
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cpeter.kokai%40oneidentity.com%7C38fe75a710404f01f4cc08d9b378a32c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637738152997971289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qkHvuxq5Tf9lJlhCkbeXieres4H1pKFXdPvvXsUxYQQ%3D&reserved=0

More information about the syslog-ng mailing list