Quoting Bob (gobroncosat_private) on Thu, Sep 13, 2001 at 08:00:40PM +0200: > I'm trying to use Loghost1 to relay (or "forward") syslog messages that it > receives from the remotes (plus its own) to another centralized syslog host > (let's call it Loghost2). I've got it working, but all the syslog messages > in Loghost2's logs appear to come from Loghost1 (this is, the hostname of > the remotes is being replaced with Loghost1). > > Is that the normal behavior of syslog? Is there a way to avoid losing the > hostnames in the messages? Do I need a different flavor of syslogd? Get the SuSE syslogd, I hacked it two years ago to include a forwarding field (via command line switch) so that I can relay DMZ stuff through a firewall. Just use the source rpm. Or switch to syslog-ng from http://www.balabit.hu/en/products/syslog-ng/ Don't know how well it works nowadays, When I played with it several years ago it was beta, but looked very promising. (Anyone on the list with production experience of syslog-ng?) cheers afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you! --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 06:27:30 PDT