I am using the below line in my syslog-ng configuration file. destination maillog { file("/var/log/clients/$YEAR/$MONTH/$HOST/mail.log"); }; I am looking to add a variable for the domain name and have been unable to find one. Can someone help me out? Thank you. Jason Breitman jason.breitman@blackrock.com THE INFORMATION CONTAINED IN THIS MESSAGE AND ANY ATTACHMENT MAY BE PRIVILEGED, CONFIDENTIAL, PROPRIETARY OR OTHERWISE PROTECTED FROM DISCLOSURE. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and permanently delete it from your computer and destroy any printout thereof.
On Tue, 2006-03-07 at 16:00 -0500, Breitman, Jason wrote:
I am using the below line in my syslog-ng configuration file.
destination maillog { file("/var/log/clients/$YEAR/$MONTH/$HOST/mail.log"); };
I am looking to add a variable for the domain name and have been unable to find one.
Can someone help me out?
The problem is that 'domain name' is ambiguous, is it the name after the first dot in the fqdn? not necessarily, for example: prep.ai.mit.edu, the domain name is probably mit.edu and not ai.mit.edu So this is not currently implemented, however I could be convinced given a good definition of 'domain name'. -- Bazsi
i suppoer jason could process the FQDN to where he wants it, in the short term. As for the nebulous definition of Domain, wouldn't it be the string before the last dot..? Balazs Scheidler wrote:
On Tue, 2006-03-07 at 16:00 -0500, Breitman, Jason wrote:
I am using the below line in my syslog-ng configuration file.
destination maillog { file("/var/log/clients/$YEAR/$MONTH/$HOST/mail.log"); };
I am looking to add a variable for the domain name and have been unable to find one.
Can someone help me out?
The problem is that 'domain name' is ambiguous, is it the name after the first dot in the fqdn? not necessarily, for example: prep.ai.mit.edu, the domain name is probably mit.edu and not ai.mit.edu
So this is not currently implemented, however I could be convinced given a good definition of 'domain name'.
-- Rob Munsch Solutions For Progress IT
On Mon, 2006-03-13 at 17:15 -0500, Rob Munsch wrote:
i suppoer jason could process the FQDN to where he wants it, in the short term. As for the nebulous definition of Domain, wouldn't it be the string before the last dot..?
You mean that string _after_ the last dot? -- Bazsi
that would be the TLD, yes: but i got the impression jason means 'domain' more like xyz.com foo.edu how.de so therefore 'starting with the string before the last dot.' Balazs Scheidler wrote:
On Mon, 2006-03-13 at 17:15 -0500, Rob Munsch wrote:
i suppoer jason could process the FQDN to where he wants it, in the short term. As for the nebulous definition of Domain, wouldn't it be the string before the last dot..?
You mean that string _after_ the last dot?
-- Rob Munsch Solutions For Progress IT
Rob, Monday, March 13, 2006, 11:47:52 PM, you wrote:
that would be the TLD, yes: but i got the impression jason means 'domain' more like xyz.com foo.edu how.de
so therefore 'starting with the string before the last dot.'
That doesn't work, as many domains outside of the US have a 3-part domain, as in xyz.co.uk. -- Best regards, David mailto:dma@pern.co.uk
David Anderson wrote:
That doesn't work, as many domains outside of the US have a 3-part domain, as in xyz.co.uk.
While we're on the subject, I think a great feature would be the ability to encode & transmit the originator's full domain name _as it thinks it is_ (such as the output of "hostname -f" on linux), or its primary IP address. We have many hosts that transmit their logs through stunnel to our central syslog-ng servers, so naturally their IP addresses are not available for reverse lookups. Unfortunately, many of these hosts have the same hostname, but different domain names--so their logs are indistinguishable. This might be quicker to implement than built-in SSL. Thanks, Alexi -- Respectfully, Alexi Papaleonardos, CISSP Enterprise Security Dept. Hypermedia Systems, Inc. 700 S. Flower St., 32nd Floor Los Angeles, CA. 90017 Tel: 213.452.1122 Fax: 213.452.0552 alexi.papaleonardos@hypermediasystems.com
oh yes, of course i forgot. we certainly wouldn't want the US to stick .us on the end of their domains and create the impression of a global standard or anything, sigh... David Anderson wrote:
Rob,
Monday, March 13, 2006, 11:47:52 PM, you wrote:
that would be the TLD, yes: but i got the impression jason means 'domain' more like xyz.com foo.edu how.de
so therefore 'starting with the string before the last dot.'
That doesn't work, as many domains outside of the US have a 3-part domain, as in xyz.co.uk.
-- Rob Munsch Solutions For Progress IT
On Tue, 14 Mar 2006 09:04:13 GMT, David Anderson said:
Rob,
Monday, March 13, 2006, 11:47:52 PM, you wrote:
that would be the TLD, yes: but i got the impression jason means 'domain' more like xyz.com foo.edu how.de
so therefore 'starting with the string before the last dot.'
That doesn't work, as many domains outside of the US have a 3-part domain, as in xyz.co.uk.
And even within the US, the number of levels in the domain are quite flexible. For instance, most of our hosts are of the form 'hostname.dept.vt.edu' - but in a few cases, we have only 3 levels (mostly central servers), and in others we have 5 levels - the CS department has a few hosts of the form 'hostname.project.cs.vt.edu' for some large long-term groups. The only sane definition is "everything between the *first* period and the *final* period" (yes, there's a (usually implicit) trailing period in there, and some DNS resolvers would consider that 'foo.cc.' was a domain under the 'cc' top-level domain, and 'foo.cc' was 'foo.cc.vt.edu'. And forgetting the trailing dot is a favorite way to hose up an entry in a BIND zone file. ;) echo ${FQDN} | cut -d. -f2- is what you want.
participants (6)
-
Alexi Papaleonardos
-
Balazs Scheidler
-
Breitman, Jason
-
David Anderson
-
Rob Munsch
-
Valdis.Kletnieks@vt.edu