I don't understand chain_hostnames option & why it fixes this problem...
My little brainless syslog-ng.conf below NEEDS the one option you see or else the log file will refer to host as "src@myhostname" instead of just "myhostname". Please explain a little better what chain_hostnames does/means and why it fixes this problem. Is there some other simpler way to fix aforementioned problem?? options {chain_hostnames(no);}; source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();}; destination dest {file("/var/log/messages");}; log {source(src); destination(dest);}; -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
My little brainless syslog-ng.conf below NEEDS the one option you see or else the log file will refer to host as "src@myhostname" instead of just "myhostname".
Please explain a little better what chain_hostnames does/means and why it fixes this problem.
Is there some other simpler way to fix aforementioned problem??
I think the FAQ may help http://www.campin.net/syslog-ng/faq.html This has an explanation. Sorry if you've already seen this and meant something else. Jim
There was a question in FAQ titled: What is with all the "hostname" options? Is that the one you were referring to? I copied the explanation below. It does not explain why the source alias is part of the hostname and why these options add or remove them. Chris When syslog-ng receives a message it tries to rewrite the hostname it contains unless keep_hostname is true. If the hostname is to be rewritten (e.g. keep_hostname is false), it checks whether chain_hostnames (or long_hostname which is an alias for chain_hostnames) is true. If chain_hostnames is true, the name of the host syslog-ng received the message from is appended to the hostname, otherwise it's replaced. So if you have a message which has hostname "server", and which resolves to "server2", the following happens: keep_hostname(yes) keep_hostname(no) chain_hostname(yes) server server/server2 chain_hostname(no) server server2 I hope this makes things clear. Chris On Thu, Oct 23, 2003 at 02:56:38PM +0100, Jim Mozley wrote:
My little brainless syslog-ng.conf below NEEDS the one option you see or else the log file will refer to host as "src@myhostname" instead of just "myhostname".
Please explain a little better what chain_hostnames does/means and why it fixes this problem.
Is there some other simpler way to fix aforementioned problem??
I think the FAQ may help
http://www.campin.net/syslog-ng/faq.html
This has an explanation. Sorry if you've already seen this and meant something else.
Jim
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
There was a question in FAQ titled:
What is with all the "hostname" options?
Is that the one you were referring to?
I copied the explanation below. It does not explain why the source alias is part of the hostname and why these options add or remove them.
Chris
When syslog-ng receives a message it tries to rewrite the hostname it contains unless keep_hostname is true. If the hostname is to be rewritten (e.g. keep_hostname is false), it checks whether chain_hostnames (or long_hostname which is an alias for chain_hostnames) is true. If chain_hostnames is true, the name of the host syslog-ng received the message from is appended to the hostname, otherwise it's replaced.
So if you have a message which has hostname "server", and which resolves to "server2", the following happens:
keep_hostname(yes) keep_hostname(no) chain_hostname(yes) server server/server2 chain_hostname(no) server server2
I hope this makes things clear.
I see what you mean. I read it as it (chain_hostname) keeps the original name as well as the one it resolves to. I had problems with keep_hostname so turned if off and just resolved the IP to a hostname. I don't have chain_hostname in my configuration (I suspect the default is no) so haven't tried it. Jim
participants (2)
-
Jim Mozley
-
seberino@spawar.navy.mil