|Main Archive Page > Month Archives > syslog-ng-users archives|
did you try setting the keep_hostname(yes) global option?
On 07/05/2011 09:05 PM, Ricardo Oliveira wrote:
> I'm having some problems properly storing messages received from AIX servers.
> The format which they come in is like this:
> "Jul 5 19:30:59 Message forwarded from server2: su: from root to ..."
> According to a thread on this mailing list
> (https://lists.balabit.hu/pipermail/syslog-ng/2006-October/009372.html), and if
> I understood correctly, this should be OK, and I should get the expected
> behaviour of replacing this with the form:
> "Jul 5 19:30:59 server2 su: from root to ..."
> However, what I get in the log is:
> "Jul 5 19:30:59 192.168.1.1 su: from root to ..."
> Where the 192.168.1.1 is the IP of the machine I got the message from and not
> the name of the server (server2 in this case).
> The issue here is that these messages belong to several machines which are
> sending their syslog messages to a NIM server which in turn forwards them to our
> syslog server, so the IP we end up with is not the machine's IP, but rather the
> NIM server IP, which is not what we need.
> I tried parsing the message on arrival, but it doesn't work, I suppose it's
> because syslog-ng processes it before the parsers kick in.
> Is there a way to do this?
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng