Re: [syslog-ng]chain_hostname(yes) complicates use of $HOST variable
On our AIX server, I'm getting a "Parse error reading configuration file, exiting." when I use the keep_hostnames option. This does not happen on our Solaris instance. Any ideas? Thanks! --- John A. Parker Senior Programmer/Analyst - AIX Cornell University jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
On our AIX server, I'm getting a "Parse error reading configuration file, exiting." when I use the keep_hostnames option. This does not happen on our Solaris instance.
Are you using GNU bison to generate the configuration parser? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
Bazsi, I wasn't, but grabbed and installed the bison package and rebuilt and installed the syslog-ng package this morning. I get the same error. Before we spend a lot of time on this though, how will messages look different using keep_hostnames vs chain_hostnames? Will using keep_hostnames get rid of the logging problem I first reported due to src, Message, and last being prepended to the messages?
src@aaaa Message/aaaa.bbbb.cornell.edu last/aaaa.bbbb.cornell.edu
On our AIX server, I'm getting a "Parse error reading configuration file, exiting." when I use the keep_hostnames option. This does not happen on our Solaris instance.
Are you using GNU bison to generate the configuration parser?
--- John A. Parker Senior Programmer/Analyst - AIX Cornell University jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
I wasn't, but grabbed and installed the bison package and rebuilt and installed the syslog-ng package this morning. I get the same error. Before we spend a lot of time on this though, how will messages look different using keep_hostnames vs chain_hostnames? Will using keep_hostnames get rid of the logging problem I first reported due to src, Message, and last being prepended to the messages?
When syslog-ng receives a message it tries to rewrite the hostname it contains unless keep_hostname is true. If the hostname is to be rewritten (e.g. keep_hostname is false), it checks whether chain_hostnames (or long_hostname which is an alias for chain_hostnames) is true. If chain_hostnames is true, the name of the host syslog-ng received the message from is appended to the hostname, otherwise it's replaced. So if you have a message which has hostname "server", and which resolves to "server2", the following happens: keep_hostname(yes) keep_hostname(no) chain_hostname(yes) server server/server2 chain_hostname(no) server server2 I hope this makes things clear. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
Baszi, I've noticed that chain_hostname and chain_hostnames have been used interchangeably in some of our communications. (Singular in your last note, plural in the manual.) Without a reference to keep_hostname in the manual, I somehow made the option plural in the syslog-ng.conf file. When I changed it to singular the parse error went away and the logs started looking like you've described below. Thanks for the extra detail. However, I guess I'm still not sure how "server" becomes "src@", "Message", or "last" on my server? Messages like "Sep 18 10:38:04 Message forwarded from hostname:" where the hostname is the system short name and the field typically populated by a FQDN now have Message. Have I something configured incorrectly?
So if you have a message which has hostname "server", and which resolves to "server2", the following happens:
keep_hostname(yes) keep_hostname(no) chain_hostname(yes) server server/server2 chain_hostname(no) server server2
--- John A. Parker Senior Programmer/Analyst - AIX Cornell University jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
participants (2)
-
Balazs Scheidler
-
John A. Parker