I am using a remote log server to collect logs from remote hosts.
on some of my remote hosts I've installed syslog and on the others rsyslog.
the issue is here that on the hosts which are configured by classic syslog, raw message logs do not contain neither ip address nor hostname. it is sth as below :


Facility auth (4), Severity critical (2)
Msg: Oct 10 11:06:06 su: [ID 810491 auth.crit] 'su root' failed for app on /dev/pts/2


However my raw messages from servers configured by rsyslog are receiving such as below :

Facility authpriv (10), Severity notice (5)
Msg: Oct 10 11:14:05 mnp su: pam_unix(su-l:auth): authentication failure; logname=app uid=32005 euid=0 tty=pts/0 ruser=app rhost= user=root

"mnp" is hostname of my remote host.

I am wondering where is the problem??? also it's not possible to change classic syslog to rsyslog in my remote hosts. I need an identifier such as hostname or at least IP address in my syslog messages.

Thanks in Advance

If there is a problem (I didn't see any relevant configuration files nor debug output) then it's probably buried in the Related RFCs and working groups part of the Rsyslogd Wiki page... (as in enhancement of RFC 3164).


Well then you're basically stuck.