Another option is to modify the syslog-ng global options to not keep the host name when received and have syslog-ng insert the system name as the host string. Below is the tmsh commands and output.
root@ltm1(Standby)(/Common)(tmos) modify /sys syslog include "options {keep_hostname(no);};"
root@ltm1(Standby)(/Common)(tmos) list /sys syslog
sys syslog {
include "options {keep_hostname(no);};"
remote-servers {
remotesyslog1 {
host 10.1.1.1
remote-port 514
}
}
}
root@ltm1(Standby)(/Common)(tmos) quit
[root@ltm1:Standby] config bigstart restart syslog-ng
Shutting down syslog-ng: [ OK ]
Starting syslog-ng: [ OK ]
[root@ltm1:Standby] config
One other thing, some syslog receivers utilize the incoming ip address to set the host header within the logs. To force this to use the management ip address of the LTM add the local-ip setting. No additional management static routes are needed if the local ip address is utilized. See below for details....
root@ltm1(Standby)(/Common)(tmos) modify /sys syslog { remote-servers modify { remotesyslog1 { local-ip 10.2.1.3 } } }
root@ltm1(Standby)(/Common)(tmos) list /sys syslog sys syslog {
include "options {keep_hostname(no);};"
remote-servers {
remotesyslog1 {
host 10.1.1.1
local-ip 10.2.1.3
remote-port 514
}
}
}
root@lltm1(Standby)(/Common)(tmos)