On Fri, Sep 07, 2007 at 10:53:54AM +0200, Delphine D wrote:
The others also return the hostname and not the FQDN (Ex : 'server2' and not 'server2.ourdomain.be') but they are using syslog instead of syslog-ng... That's the only difference...
Then it's because this host sends the hostname in the syslog message (syslog-ng always has a full and complete syslog message on the wire), but the boxes using syslogd don't actually send a hostname. A message on your central syslog-ng server from a Linux box running syslogd will be written to disk something like: Sep 7 07:16:20 hostname in.qpopper[7736]: connect from 12.12.12.12 ...but on the wire it looks like this: <13>in.qpopper[7736]: connect from 12.12.12.12 ...and syslog-ng has to put in the rest of the info. This means that syslog-ng on the central box is putting in the FQDN for you. syslog-ng on the client is putting in a full message, including the short hostname, and the central syslog-ng is keeping it. See http://www.campin.net/syslog-ng/syslog.html#missing_parts for more on this. See http://www.campin.net/syslog-ng/faq.html#hostname to figure out the hostname options you want on your central syslog-ng server. Probably "keep_hostname(no)", plus "use_fqdn(yes);" to get the FQDN. HTH, -- Nate Like medieval peasants, computer manufacturers and millions of users are locked in a seemingly eternal lease with their evil landlord, who comes around every two years to collect billions of dollars of taxes in return for mediocre services. --Mark Harris, Electronics Times