I am not a Unix / AIX admin, but am working with one that doesn't seem to know how to set up syslog to forward messages to me the way I need them. Every message they send me has "Message forwarded from <insert host name here>:" but I need it to only have the host name.
In the examples below, the first one is how I am receiving the syslog messages (verified by using TCPDUMP) and the second one is how I would like to receive it. cola041 is the host name.
<142>Mar 25 18:27:15 Message forwarded from cola041: Oracle Audit[2265272]: LENGTH: "219" SESSIONID:[7] "1740145" ENTRYID:[5] "16867" STATEMENT:[4] "2337" USERID:[6] "DBSNMP" USERHOST:[7] "cola041" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[3] "SYS" OBJ$NAME:[13] "V$ALERT_TYPES" OS$USERID:[6] "oracle"
<142>Mar 25 18:27:15 cola041 Oracle Audit[2265272]: LENGTH: "219" SESSIONID:[7] "1740145" ENTRYID:[5] "16867" STATEMENT:[4] "2337" USERID:[6] "DBSNMP" USERHOST:[7] "cola041" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[3] "SYS" OBJ$NAME:[13] "V$ALERT_TYPES" OS$USERID:[6] "oracle"
The admin did start using the -n option for syslog, but now there is no host name or "Message forwarded from cola041:". Can someone tell me if this is possible and how I need to ask our admin to set this up properly?
Many thanks.
Matt