1.) Start by editing the main Syslog-ng configuration file (syslog-ng.conf) where the global options are listed using any text editor.
2.) Under the global options or in the source configuration create an entry for keep-hostname(yes); which should look similar to the following:
Global configuration (affects all incoming logs):
};
Per source configuration:
sources_net {
network(
ip(10.10.10.10)
keep-hostname(yes);
use-dns(no)
);
};
NOTE: use-dns() needs to be set to "no" otherwise hosts with an IP address will have their IP Address changed to the corresponding DNS entry. See the above examples for including the use-dns(no) option.
3.) Save the modified configuration file.
4.) Reload the Syslog-ng configuration by using the following command: /opt/syslog-ng/sbin/syslog-ng-ctl reload
5.) The hostname(s) of the original log source should now be kept and passed correctly.
1.) Log into the WebUI of the Syslog-ng Store Box (SSB).
2.) Navigate to Log > Sources.
3.) Under the option "Hostname and time-stamp related settings:" check the box for "Trusted".
NOTE: Use DNS option must be set to "no" otherwise hosts with an IP address will have their IP Address changed to the corresponding DNS entry.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center