Changing ip to hostname when ingesting via syslog?

conolly · August 18, 2022, 9:38pm

I’ve got promtail set up to take syslog from syslog-ng, as I have dozens of centos 5 hosts that I can’t set up the promtail client on. These hosts send to the host, which are picked up and converted to the proper log format and then are sent to promtail on port 1514.

I’ve set this up in promtail:

  - job_name: syslog
    syslog:
      listen_address: 0.0.0.0:1514
      idle_timeout: 60s
      label_structured_data: yes
      labels:
        job: "syslog"
        agent: syslog
    relabel_configs:
      - source_labels: ['__syslog_message_hostname']
        target_label: 'host'

I thought the source label section would save a hostname, but instead each host is populating as an IP address instead of a hostname. Is there a way to accomplish this?

obiwan · August 25, 2022, 1:42pm

Perhaps the IP address is what is contained in the __syslog_message_hostname label.

conolly · August 26, 2022, 7:26pm

Thanks, I had tried that, to no avail.

What it turned out being was a broken RDNS zone - once that was fixed everything works as you’d expect it to.

system · August 26, 2023, 7:27pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.