I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages appear to all be coming from the DMZ syslog ie it loses the original hostnames.
{Hosts} -> {DMZ syslog: openbsd: syslog v 1.17} -> {Internal Syslog: rsyslog v3}
How can I preserve the hostnames?
Thanks!
Best Answer
Personally I would recommend using syslog-ng for your internal server - it provides a whole lot more than rsyslog. Of specific interest in your case it provides some much better handling for managing / rewriting / etc for the hostnames.
If you decide to stick with rsyslog this configuration does preserve both the remote and local hostnames - it is what I used before switching to syslog-ng.
I also was using the "-c 4" options in my init script, if it matters.