There is a defect found within the syslog-ng Agent for Windows where the ${.SDATA.win@18372.4.EVENT_HOST} metadata is not being sent along with the logs to the endpoint.
The issue was fixed in version 6.0.19.
Resolution
Upgrade to the latest version available at our support portal.
Workaround
If the fully qualified domain name (FQDN) of the host is required for filters, rewrites, etc... please set up the syslog-ng Agent for Windows to use the FQDN option. Once this option is configured the ${HOST} macro will contain the FQDN of the host.
To enable the FQDN option within the syslog-ng Agent for Windows please open the configuration options for the Agent and at the top level, navigate to the "Global Settings", double click on this option.
Next, enable the Global Options setting in the window, click the "Hostname" tab on top, and choose "FQDN" for the hostname.
Click "Apply", and close out of the configuration settings.
The Agent is now configured to send the FQDN of the host and the ${HOST} macro can be used correctly.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center