RE: [logs] SYSLOG "forwarding"

From: Jeremy W. Chalfant (jeremy@private)
Date: Mon Jan 31 2005 - 12:24:29 PST

I would have to agree here, using syslog-ng may eliminate much of the
hassel you are experiencing, not to mention that it has additional
features you may find suprising.  Very good software IMHO.


On Sat, 2005-01-29 at 10:52 -0800, Tina Bird wrote:
> > Router sends syslog to server1, server1 sees the message, 
> > logs it locally and forwards it to server2.  That's all well and good.
> > 
> > However, the log entry on server1 says that it's from 
> > 'router' - what I want to see; the log entry on server2 says 
> > that it's from 'server1' - not what I want to see.
> Stock syslog uses UDP as its transport protocol, and only retains source and
> destination hostnames/IP addresses based on its UDP headers.  If you want to
> retain the (quite valuable) information about the original source, not the
> last source, the easiest thing to do is run syslog-ng with the chain
> hostname variable set to yes.  I'm sure there are equiv features in other
> syslog replacements, but syslog-ng is what I'm familiar with.
> cheers - tbird

LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Tue Feb 01 2005 - 04:25:48 PST