syslog RAW message does not contain IP or Hostame
I am using a remote log server to collect logs from remote hosts.
on some of my remote hosts I've installed syslog and on the others rsyslog.
the issue is here that on the hosts which are configured by classic syslog, raw message logs do not contain neither ip address nor hostname. it is sth as below :
Facility auth (4), Severity critical (2)
Msg: Oct 10 11:06:06 su: [ID 810491 auth.crit] 'su root' failed for app on /dev/pts/2
However my raw messages from servers configured by rsyslog are receiving such as below :
Facility authpriv (10), Severity notice (5)
Msg: Oct 10 11:14:05 mnp su: pam_unix(su-l:auth): authentication failure; logname=app uid=32005 euid=0 tty=pts/0 ruser=app rhost= user=root
"mnp" is hostname of my remote host.
I am wondering where is the problem??? also it's not possible to change classic syslog to rsyslog in my remote hosts. I need an identifier such as hostname or at least IP address in my syslog messages.
Thanks in Advance
Last edited by ftm66711; 10-10-2016 at 03:35 AM.
|