I would have to agree here, using syslog-ng may eliminate much of the hassel you are experiencing, not to mention that it has additional features you may find suprising. Very good software IMHO. Jeremy On Sat, 2005-01-29 at 10:52 -0800, Tina Bird wrote: > > Router sends syslog to server1, server1 sees the message, > > logs it locally and forwards it to server2. That's all well and good. > > > > However, the log entry on server1 says that it's from > > 'router' - what I want to see; the log entry on server2 says > > that it's from 'server1' - not what I want to see. > > Stock syslog uses UDP as its transport protocol, and only retains source and > destination hostnames/IP addresses based on its UDP headers. If you want to > retain the (quite valuable) information about the original source, not the > last source, the easiest thing to do is run syslog-ng with the chain > hostname variable set to yes. I'm sure there are equiv features in other > syslog replacements, but syslog-ng is what I'm familiar with. > > http://www.balabit.com/products/syslog_ng/ > > cheers - tbird > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Feb 01 2005 - 04:25:48 PST