keep_hostname(yes) and use_fqdn(yes) actually does make sense. I use these options together and it makes a difference. If I have keep_hostname(yes) and use_fqdn(no), I get messages with such names as gw1, gw2, gw3. I have 14 gw1 hosts in my area of control so needless to say that is not very revealing. If I use keep_hostname(yes) and use_fqdn(yes), I get names like gw1.mydomain.com, and gw1.otherdomain.com. It does make a difference. You certainly don't want to use chain_hostnames(yes) and keep_hostname(yes) those, I believe, are mutually exclusive. Regards, Drew
-----Original Message----- From: Gregor Binder [SMTP:gbinder@sysfive.com] Sent: Friday, March 23, 2001 1:31 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Syslog Chaining doesn't work as expected
Wiktor Wodecki on Fri, Mar 23, 2001 at 01:05:10PM +0100:
Hi Wiktor,
depending on how your systems are configured, you might get good results with turning keep_hostname on if that's an option.
nope, that didn't do it, it still writes logs with canonical name and not the fqdn.
well, I could've said that before, it would require your systems know themselves by their FQDN (and use this name for their log messages).
- Do you use FQDNs in /etc/hosts?
yes, on LOGGINGSERVER, not on GATESERVER
If I understand your setup correctly, DNS config on GATESERVER (or how names get resolved and all that) matters, so you do want to make sure the log clients that go through GATESERVER can be properly qualified.
options { long_hostnames(yes); sync(2); use_dns(yes); use_fqdn(yes); create_dirs(yes); log_fifo_size(1000); time_reopen(2); chain_hostnames(yes); keep_hostname(yes); };
keep_hostname(yes) does not make sense with use_dns(yes) and use_fqdn(yes) since it means "keep the hostname that the log message contains". IIRC long_hostnames is just an alias for use_fqdn.
I think you want the following options (besides those not related to DNS/hostnames):
LOGGINGSERVER: keep_hostname(yes); chain_hostnames(no); use_fqdn(yes); GATESERVER: use_dns(yes); use_fqdn(yes);
And make sure GATESERVER can determine FQDNs.
If you have clients logging directly to LOGGINGSERVER, you might want to check if you can specify those options in the source and not global, since otherwise you would get inconsistent naming. I am not sure if you can do that though.
Greetings,
-- Gregor Binder <gregor.binder@sysfive.com> http://sysfive.com/ sysfive.com GmbH UNIX. Networking. Security. Applications. PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng