Host value showing docker ingress network

[bobbytables2048]

Hi lux4rd0

First, thanks for such a great write up and example project. I've used your compose and config files to setup promtail and syslog-ng.

I have a 3 node docker swarm and this is working well for devices that send RFC 5424 messages, but I have an issue with RFC 3164. The hostname populated in the host label is an IP from the docker ingress network. In my case, 10.0.0.3. There is no way to differentiate between hosts as all RFC 3164 messages are recorded as 10.0.0.3 in Loki.

I have tested this with pfSense, it has an option to switch between RFC standards. When set to RFC 5424 the host value in Loki is correct.

Another example is Ubiquiti EdgeSwitchOS uses RFS 3164.

Do you know how to fix this so I can properly see the source host of the logs?