On Thu, 2010-11-11 at 13:41 -0500, Brian A. Seklecki wrote:
Quick question:
How does use_fqdn() interact with the various HOST, HOST_FROM, FULLHOST, FULLHOST_FROM?
My understanding is that $FULLHOST and $FULLHOST_FROM are the only ones that will include the FQDN.
use_fqdn() is only used in one case: when syslog-ng itself is resolving hostnames. It doesn't cause truncation of the hostname field received from the network. If that's to be trusted and changed, either it should be configured on the originating system, _or_ rewritten locally. syslog-ng _always_ resolves hostnames and puts the result in the $HOST_FROM name-value pair (thus that value always reflects the use_fqdn setting) Then, depending on the configuration the $HOST value is overridden or not. $HOST is overridden in these cases: 1) keep_hostname is FALSE 2) the incoming message has no hostname information
Does use_fqdn() override that?
Is the ideal config to have use_fqdn(yes) + use_dns(yes) + keep_hostname(no) and set $FULLHOST_FROM or $FULLHOST everywhere you want a FQDN so long as DNS is there?
FULLHOST is only different from HOST in case chained_hostnames() are in use. In case chained_hostnames() is in effect, $HOST is a derived value: basically it extracts the last hostname from a chained_hostname() format, $FULLHOST is the complete stuff. So if you have this in your hostname field: original/relay1/relay2/relay3 The $HOST would be "original", $FULLHOST would be the full string. That's the only difference between FULLHOST & HOST. So it doesn't care about fqdn() setting, it just uses the value already there. This means that right now you don't have any functionality to truncate the domain part from a hostname using macros. if you want that, you need to make sure everything is resolved as an FQDN and then use a rewrite rule to store the truncated hostname in a different name-value pair. E.g. options { use_fqdn(yes); use_dns(yes); keep_hostname(no); }; rewrite r_hostnames { # the FQDN is made available in HOST_FQDN set("$HOST" value("HOST_FQDN")); # HOST is truncated to only contain the hostname without domain (beware: regexp untested!) subst('^([\-a-zA-Z])\..*$', '$1' value("HOST")); }; -- Bazsi