Syslog forwarding loses original hostname

Configure /etc/rsyslog.conf to preserve the FQDN: $PreserveFQDN on

Personally I would recommend using syslog-ng for your internal server - it provides a whole lot more than rsyslog. Of specific interest in your case it provides some much better handling for managing / rewriting / etc for the hostnames.

If you decide to stick with rsyslog this configuration does preserve both the remote and local hostnames - it is what I used before switching to syslog-ng.

$ModLoad imuxsock.so
$ModLoad imklog.so      
$ModLoad imudp.so
$UDPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

I also was using the "-c 4" options in my init script, if it matters.