Re: [rsyslog] Syslogging FQDN logfile/logdir howto/links/examples

Wed, 01 Feb 2012 17:51:28 -0800 

HOSTNAME is the hostname that was in the message
FROMHOST-IP is the IP address that sent you the message (not necessarily the machine the message originated from, NAT, syslog relays, etc will change this) 


FROMHOST is the name that rsyslog finds from doing a reverse lookup of 
FROMHOST-IP



In at least some versions, if you start with the -x option to disable 
reverse lookups FROMHOST contains the IP address and FROMHOST-IP doesn't 
contain anything.



The older syslog RFCs said that the hostname should not be fully 
qualified, and that is why the default is to strip the remainder of the 
name. As a side note, it's a really good idea to make your short hostnames 
unique, this is only one of the places where having the same short 
hostname on multiple boxes will cause grief. In most cases you can work 
around the grief, but it's not that hard to make the hostnames unique.


David Lang

 On Wed, 1 Feb 2012, Michael Maymann wrote:


Hi,

%FROMHOST% seems to be using the hostname that the host reports
(not-always-FQDN), not what DNS reports (always FQDN).
What should I use to get the DNS_HOSTNAME...?

Br.
~maymann

2012/1/31 Michael Maymann <[email protected]>


Hi Rainer,

just noticed the same - see new post...:-) !
Thanks for your help.

Br.
~maymann



2012/1/31 Rainer Gerhards <[email protected]>


-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of [email protected]
Sent: Friday, January 27, 2012 7:35 PM
To: rsyslog-users
Subject: Re: [rsyslog] Syslogging FQDN logfile/logdir

howto/links/examples


the surest way to tell that the DNS cache is working is to look at

traffic
to your

DNS server (or more precisely the lack of traffic to that host)


I just checked the code. In the current v6-devel, the dns cache is always
active.

Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/





_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


























					Reply via email to