At one point, this was working correctly...but now I'm not sure what
went wrong.  I have a Sparc 5 running Solaris 2.6 and sending syslog
logins to a central syslog server.  The problem is that for whatever
reason, I now no longer get the hostname (or IP address) in the syslog
header, and the server doesn't know what to do with it.

The following is a tcpdump of the syslog message that was sent for a
successful login:

=========

18:11:43.164547 IP qasparc5.32925 > qa36.q1labs.lab.514: UDP, length 90

E..v .@...........<$.....b..<37>Aug 10 14:28:49 login: [ID 254462
auth.notice] ROOT LOGIN /dev/pts/2 FROM 10.100.50.42

=========

Notice in that packet that where there should normally be the hostname,
following the timestamp, is the start of the data instead (ie: "login:"
instead of "qasparc5").

The machine is in DNS, and can resolve its own hostname fine:

# uname -a
SunOS qasparc5 5.8 Generic sun4m sparc SUNW,SPARCstation-5
# cat /etc/hosts
#
# Internet host table
#
127.0.0.1       localhost
172.16.20.198   qasparc5        qasparc5.q1labs.lab
# hostname
qasparc5
# grep host /etc/nsswitch.conf
# "hosts:" and "services:" in this file are used only if the
hosts:      files dns
#

Can anyone tell me what's wrong?  Here's the syslog.conf snippet of
what to send:

*.err;auth.notice                       @172.16.60.36
*.err;daemon.notice;mail.crit   @172.16.60.36
user.err                                        @172.16.60.36
user.alert                                      @172.16.60.36