Hostname with forwarding

Postby Caro1906 » Tue Aug 30, 2016 8:03 am


I have a rsyslog server (vm-1) and kiwi syslog server. My equipments send informations to my rsyslog server, after i make forwarding to my kiwi syslog server.
The forwarding is "ok" but the hostname is the name to my rsyslog server "vm-1". Can we have the name of the original equipment in rsyslog server?

Re: Hostname with forwarding

Postby uppsalanet » Mon Sep 05, 2016 3:29 pm

Try use a template for ffwd using %FROMHOST%:
Code: Select all
template (name="fwdCSIRT" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %FROMHOST% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%")

Or use from sendig part:
#Rsyslog uses the glibc routine gethostname() or gethostbyname() to determine the hostname
#of the local machine The gethostname() or gethostbyname() routine check the contents of
#/etc/hosts for the fully qualified domain name (FQDN) if you are not using BIND or NIS.
#The output of hostname --short will be used by rsyslog when writing log messages. You will
#have to add $PreserveFQDN on to the beginning of the file (before using any directive that
#write to files). This is because, rsyslog reads config file and applies it on-the-go and
#then reads the later lines.
Code: Select all
$PreserveFQDN on
Re: Hostname with forwarding

Postby PCnetMD » Thu Jul 13, 2017 5:17 pm

Did this get resolved?
If so, can you share what you did?
Thank you.
