Souce name resolution OR change name of sources

rafaelcarsetimo · March 25, 2017, 10:22pm

I’m changing the names of the servers in our infrastructure, and I need the new names in graylog “source” field. I registered the names in /etc/hosts and I put the search for “files dns” in /etc/nsswitch.conf, and already created a entry A in my DNS, but the messages are still using the old source name. Can you guys give me a hint to force Graylog to use the hosts file to register the sources or another method? Can I rename Sources in Graylog?

Thanks!

Rafael Carvalho

jan · March 27, 2017, 7:08am

Hej @rafaelcarsetimo

you did not loose a word about how you ingest your messages. Because if you use syslog messages the sending Server will send his name and only if the sending server change the name this will be honored and displayed in Graylog.

Said that you can modify the source with pipelines (for example) and rewrite that.

regards
Jan

Topic		Replies	Views
Source coming in as IP address and not resolved DNS name Graylog Central (peer support)	15	6661	April 22, 2019
Source shown is "localhost" and not hostname Graylog Central (peer support)	5	3581	October 11, 2017
Making source field show hostname instead of ip-address Graylog Central (peer support) pipeline-rules	5	11908	December 11, 2018
Replacing the Name in the Source Field Graylog Central (peer support)	6	6434	November 8, 2019
Source address is showing as ip address insted of hostname (Name) Graylog Central (peer support)	4	3646	October 5, 2018

Souce name resolution OR change name of sources

Related topics