0

my client machine has syslog-ng and my remote machine has rsyslog configuration. my server/remote machine manages many clients and I need to differentiate which machine is sending which logs. normally I would use syslog-ng on the server side but these machines aren't meant to have them. Also would like to mention it isn't for apache or web servers just physical machines.

On the client's side

  1. Tried altering and adding different options or changing them to yes/no respectively.

    options { 
keep_hostname(yes);
create_dirs(no);
use_dns(no);
};

    for eg:keep_hostname to no, it worked but only when I changed the hostname to the machine's ip address. which is not what I want.

  2. Using a template

    template("$(ISODATE) $(FULLHOST_FROM) $(SOURCEIP) $(HOST) $(HOSTNAME) ${PROGRAM}: ${MESSAGE}\n")

    output:

    day time localhost abc[ID]  .source.s_local SourceIP=127.0.0.1 localhost localhost (root) CMD (xyz.conf)#ID

    this isn't the output I want, it is printing in the message section when I want it in the place of the "host" and I don't understand how the source ip is the loopback address.

  3. Using structured logging

    rewrite r_sourceip{
set('${SOURCEIP}' value(HOST));
};


    log { source(s_local); rewrite(r_sourceip);destination(d_syslog_tcp); };

    output: and the ip is displayed in the logs as the loopback address instead of the machine ip. day date time 127.0.0.1 syslog-ng.service: Succeeded.

  4. Tried installing rsyslog on my client but it doesn't work

    sudo add-apt-repository ppa:adiscon/v8-stable
sudo apt-get update
sudo apt-get install rsyslog

    I kept running into many errors, fixing them was impossible due to the difference in OS version or type maybe. add apt repository command not found wget command not found

On the server's side

  1. Using a template which creates a folder with the client's hostname and stores the logs in that particular folder. not the solution I want.

    $template DynaFile,"/var/log/%FROMHOST-IP%/%syslogfacility-text%.log"
*.* -?DynaFile

    I want the logs to appear as such

    day date time `client's ip address`  syslog-ng.service: Succeeded.

Can someone suggest me a solution and why I keep getting the loopback address as my client's ip?

James Z
  • 12,209
  • 10
  • 24
  • 44
error
  • 1
  • 3
  • This Q is not about `if-tnen-else` programming as defined for StackOverflow. It **may** be more appropriate on [unix.se] OR [sf] . Please read [What topics can I ask about here?](https://stackoverflow.com/help/on-topic) , [How do I ask a good question?](https://stackoverflow.com/help/how-to-ask) , [What types of questions should I avoid asking?](https://stackoverflow.com/help/dont-ask) and [mcve] before posting more Qs here. Good Luck. – shellter Feb 19 '23 at 17:40
  • @shellter Thank you so much for the advice, I will alter and post in a more appropiate website. – error Feb 21 '23 at 06:56

0 Answers0