On 01/17/2011 02:39 PM, [email protected] wrote:
On Mon, 17 Jan 2011, Joe McDonagh wrote:
On 01/17/2011 02:23 AM, [email protected] wrote:
look at /etc/hosts on the client. see if you have the short name or
long name listed first.
If you have the short name listed first, try switching it to long
name first. (when looking something up in /etc/hosts by IP, you get
the first name on the list)
If this doesn't work, then what I suspect is happening is that the
sending system is putting just it's hostname in the logs when it
sends. some distros let you put a FQDN in the /etc/hostnames file
without problems. If your distro lets you do this, try doing that
and see if this then changes what's getting logged by rsyslog.
The third thing you can try is on the server, change it from using
the default template that logs %HOSTNAME%, which is the name the
client puts in the log to %FROMHOST%, which is the name (looked up
from the IP) of the machine that sent the log packet to the
receiving rsyslog
David Lang
So, I just realized FROMHOST won't work since I am using SSL via
stunnel, which makes all messages look like they came from 127.0.0.1.
one thing you could do (ugly to maintain) is to change the template on
the sending machine to hard-code the hostname in the messages.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
It actually wouldn't be that bad since I could push that out from a
single source in puppet, how do you edit the default template? I have
the page open for editing templates but don't see how to override the
default...
I don't know though I think I'd really rather understand the problem
since I would guess this would affect someone else. Are you a developer
for rsyslog? I recognize your name from somewhere...
I could check out the source but it might be faster if someone familiar
with the code base could tell me what the algorithm for evaluating
%HOSTNAME% is. I am pretty sure you are right that the evaluation on the
node is failing. If there is a specific syscall it's using I can
probably just go on that for more troubleshooting.
--
Joe McDonagh
Operations Engineer
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
