Souce name resolution OR change name of sources

rafaelcarsetimo · March 25, 2017, 10:22pm

I’m changing the names of the servers in our infrastructure, and I need the new names in graylog “source” field. I registered the names in /etc/hosts and I put the search for “files dns” in /etc/nsswitch.conf, and already created a entry A in my DNS, but the messages are still using the old source name. Can you guys give me a hint to force Graylog to use the hosts file to register the sources or another method? Can I rename Sources in Graylog?

Thanks!

Rafael Carvalho

jan · March 27, 2017, 7:08am

Hej @rafaelcarsetimo

you did not loose a word about how you ingest your messages. Because if you use syslog messages the sending Server will send his name and only if the sending server change the name this will be honored and displayed in Graylog.

Said that you can modify the source with pipelines (for example) and rewrite that.

regards
Jan

Topic		Replies	Views
Source coming in as IP address and not resolved DNS name Graylog Central (peer support)	15	6160	April 22, 2019
Source shown is "localhost" and not hostname Graylog Central (peer support)	5	3367	October 11, 2017
Source address is showing as ip address insted of hostname (Name) Graylog Central (peer support)	4	3419	October 5, 2018
Switch Logs message Graylog Central (peer support)	15	2134	April 25, 2019
How to fix source name inputs Graylog Central (peer support)	3	344	February 8, 2021

Souce name resolution OR change name of sources

Related Topics