Issue with nxlog agent sending logs containing IP instead of hostname

#1 LM_19 1 year ago

Hello,

My current architecture is a windows nxlog agent sending logs to a remote syslog server. The agent is translating Windows event logs to json encapsulated syslog before sending them.

I've encountered an inconsistency with the hostname field of the sent log, most of the sent logs contain the hostname as expected, but some only contains the IP address which creates a mess on the sorting I made on the remote syslog server.

I haven't tried anything yet as I don't really know where to look for. My take is that it is a windows event log issue that can't be fixed but i'd like your opinions.

Thank you for your help.

Permalink

#2 gahorvath Nxlog ✓ 1 year ago (Last updated 1 year ago )

Hey,

You can override that, if you want, even conditionally.

There is a function to get the hostname, another to get the ip address.

Exec $Hostname = hostname();
Exec $IpAddress = host_ip();

Or you can use a literal string to override:

Exec $Hostname = 'literally-the-hostname';

Ref: https://docs.nxlog.co/ce/v3.0/index.html#core_funcs