Well I did think it was the local server trying to resolve the IP to hostname via DNS, but it doesn't seem to be.  I tried an nslookup and it can't resolve the switches IP, plus there is no local host file, I'm not sure how it is getting this name.

Can you post an example of the message you're getting?

The message that's actually logged and sent from the switch doesn't actually have a name or IP address in the message. This can be seen in the tshark capture from my SYSLOG server below:

root@rhel8 ~]# tshark -V -i bond0 host 192.168.2.131 and port 514

Frame 1 (157 bytes on wire, 157 bytes captured)

[..]

Ethernet II, Src: Cisco_20:59:00 (00:13:5f:20:59:00), Dst: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)

    Destination: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)

    [..]

    Type: IP (0x0800)

Internet Protocol, Src: 192.168.2.131 (192.168.2.131), Dst: 192.168.11.115 (192.168.11.115)

    Version: 4

    [..]

    Source: 192.168.2.131 (192.168.2.131)

    Destination: 192.168.11.115 (192.168.11.115)

User Datagram Protocol, Src Port: 61623 (61623), Dst Port: syslog (514)

    Source port: 61623 (61623)

    Destination port: syslog (514)

    Length: 123

    Checksum: 0xe45f [correct]

        [Good Checksum: True]

        [Bad Checksum: False]

Syslog message: LOCAL7.NOTICE: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up

    1011 1... = Facility: LOCAL7 - reserved for local use (23)

    .... .101 = Level: NOTICE - normal but significant condition (5)

    Message: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up

As you can see there's no name or IP address other than that in the IP header.

Regards

I realize that this entry is 3 years old, but I am stuck on a simple issue here. I see that your router name is in your log entries without any IP address referenced. We are trying to accomplish the same thing but the solution is eluding us. The closest that we got was entering the command "logging origin-id hostname" so our configurations look like this.

logging buffered 500000
logging event link-status default
logging alarm informational
logging trap debugging
logging origin-id hostname
logging source-interface Vlan15

And our log output looks like this.

May 19 16:45:17 172.16.50.2 3655: SWCORE01: 003592: May 19 21:45:16.418 UTC: %SYS-5-CONFIG_I: Configured from console by admdcarrasco on vty0 (192.168.10.10)

How did you get JUST the router hostname in your logs?

Hi David,

    Did you try to remove the "logging source-interface Vlan15" configuration statement and re-add it after that ? It did work for me on a WS-C3560X-48 running IOS 15.0(2)SE10. Please let me know if it did work.

Did you find a resolution to this problem?  I also am experiencing an issue where both hostname and IP are printing in logs and I want JUST hostname.  Thanks.