I have a server (e7) and a remote machine (xilinx). Remote log messages are sent to port 514 and accepted by the server. I can see them in the relevant log files (messages, cron etc.)

in /etc/rsyslog.conf I have

module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514")

So the remote messages are processed same as the local ones. syslog shows: Feb 22 10:38:10 xilinx systemd[1]: Starting Stop ureadahead data collection... Feb 22 10:38:10 xilinx systemd[1]: Started Stop ureadahead data collection.

However I do not see the remote messages in the journal (or maybe I am not using the correct journalctl command?).

I tried using the following, hoping it will output to the journal:

module(load="omjournal") ruleset(name="remote") { action(type="omjournal") } input(type="imtcp" port="514" ruleset="remote")

and I could now see the messages in the journal BUT they do not include the correct source hostname: 2025-02-22T10:39:57+11:00 e7.eyal.emu.id.au systemd[1]:[2445734]: Starting Update APT News... I want 2025-02-22T10:39:57+11:00 xilinx systemd[1]: Starting Update APT News...

'e7.eyal.emu.id.au [2445734]' is the hostname and pid of the rsyslogd service on the SERVER.

In /var/log/syslog I see these message:

Without ruleset (correct hostname service[pid[): Feb 22 10:38:10 xilinx systemd[1]: Starting Stop ureadahead data collection... Feb 22 10:38:10 xilinx systemd[1]: Started Stop ureadahead data collection.

With ruleset (incorrect hostname): Feb 22 10:39:57 e7 systemd[1]:[2445734]: Starting Update APT News... Same line on xilinx syslog is Feb 22 10:39:57 xilinx systemd[1]: Starting Update APT News...

I want both the syslog and the journal to at least identify the source hostname correctly, in syslog and in the journal.

TIA