The problem is that sysklogd does not properly parse the syslog header and does NOT expect a hostname inside it. sysklogd always uses the hostname from the udp layer, thus the duplication.
However, it is easy to work around: you need to create a special template (that does not contain the host name) and use that template in the forwarding action. Would probably make sense to include a stock template for this purpose... HTH Rainer On Thu, 2009-01-22 at 18:52 +0100, Michael Biebl wrote: > Nikita V. Youshchenko wrote: > > Package: rsyslog > > Version: 3.18.6-3 > > Severity: normal > > > > Looks like fresh lenny installs come with rsyslog instead of old > > syslogd. > > > > In our network, logs from all hosts are sent to one server, called > > loghost, using remote logging. There, logs are checked by logcheck. > > > > Most of the net, including loghost, currently runs etch. But there are > > several new hosts with lenny. > > > > On these hosts, I've added this to /etc/rsyslogd.conf: > > > > # Send all logs to loghost > > *.* @loghost.lvknet > > > > This works, however on loghost (running syslogd from etch), all lines > > got from lenny hosts have hostname doubled: > > > > Jan 22 19:20:22 buki.lvknet buki /USR/SBIN/CRON[31333]: (root) CMD (cd / && > > run-parts --report /etc/cron.hourly) > > > > Here, hostname (buki) is written twice. > > > > This is not good, since that breaks all logcheck rules that come from > > various packages. > > > > Btw, in local log files, hostname is not doubled. > > > > Any possibility to make rsyslogd not to double hostname when sending > > logs to remote? > > > > I can not reproduce this, but then I have rsyslog running on the syslog > server. > > So this might actually be a problem in sysklogd. > > Rainer, is there an incompatibility when forwarding messages from an rsyslog > client to a sysklogd server? Can this be worked around in rsyslog? > > Cheers, > Michael > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org