Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 03-06-2003, 03:10 PM   #1
LQ Newbie
Registered: Mar 2003
Posts: 1

Rep: Reputation: 0
Question forwarding syslog messages overwrites original hostname

Hopefully some of you gurus out there can help me. I've been banging my head against the wall on this problem and can't seem to find any answers.

I am a network admin and have 1000s of network devices syslogging to a few *nix servers in North America. I recently started playing around with some message correlation tools. Instread of re-configuring all of my devices to syslog to a new server, I decided to have my syslog servers forward their messages to one central server.

This works -- sort of. I've got a NetBSD box that is forwarding syslog messages OK. On my solaris central logging host, it displays the syslog messages in this format: <timestamp> <NetBSDLogServer> <Original Device> <Message>, where <Original Device> is the ip or hostname of the device that originated the message. I do not know what version of syslogd is running on the NetBSD Box.

On a redhat box that handles syslog for Europe, I seem to be forwarding a different format. Again, on my Solaris central logging host, the syslog receives messages from the redhat server in the format <timestamp> <redhat Server> <message>. In effect, it does not include the hostname of the original device that sent the syslog in the first place. I am running syslogd 1.4.1 on the redhat box.

Does anyone know how to force the two syslogd apps to send in the same format? If not, is there a way I can force the redhat box syslogd to send the Original device hostname?


Old 09-30-2003, 06:45 PM   #2
LQ Newbie
Registered: Sep 2002
Location: Morristown, NJ
Distribution: RH 7.3
Posts: 5

Rep: Reputation: 0
looks like we are in the same boat. I posted a simalar thread today and have not heard back from anyone. Did you ever figure out how to maintain the original hostname in the syslog message? Any help would be great!
Old 10-30-2009, 09:24 AM   #3
LQ Newbie
Registered: Jun 2008
Posts: 4

Rep: Reputation: 0
I know this thread has been idle for years but I'm having the same problem. Has anybody figured out how to resolve this yet?

I have set up several servers in a secure DMZ to syslog both locally and to a DMZ loghost. Logging works perfectly. On the DMZ loghost I can see the source IP address of the server that generated any given event.

I have configured this DMZ loghost to forward all messages on to central loghost that collects logs for the entire network. The other servers in the DMZ are unable to connect to this central loghost. Unfortunately this forwarding of logs is not working the way I want.

The central log host is receiving log entries from all of the servers in the DMZ but they are all listed as coming from the IP of the DMZ loghost. Therefore I can't tell which server has generated a particular event.

Is there any way I can configure the DMZ loghost to retain the originating IP address when it forwards on messages? All servers are running RHEL5.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Syslog messages... stevemad Slackware 4 10-15-2005 03:45 PM
weird hostname appeared, want the original back rksanders Debian 2 12-05-2004 05:53 PM
syslog sorting by hostname the-chains Linux - Software 2 11-10-2004 06:26 AM
syslog forwarding pallocca Linux - Networking 0 09-30-2003 02:30 PM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:33 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration