For some reasons, we redirect syslog events from RHEL 6 (with rsyslog) to RHEL 5 (with syslogd).
On RHEL 6 in rsyslog.conf:
*.* @10.30.46.211
On RHEL 5 in /etc/sysconfig/syslog:
SYSLOGD_OPTIONS="-r -m 0"
On RHEL 6, the event looks like (/var/log/secure):
Oct 25 02:10:03 rh6q32 sshd[1849]: pam_unix(sshd:session): session
closed for user root
On RHEL 5, the same event looks like (/var/log/secure):
Oct 25 02:10:03 rh6q32 rh6q32 sshd[1849]: pam_unix(sshd:session):
session closed for user root
The difference is double using of host name (rh6q32).
The question: is it possible to get rid of double hostname?
Thanks,
Yuri
Best Answer
the difference is that apparently 6 is using rsyslog insteal of the old syslog. You can customize rsyslog with templates:
from kkoncepts.net