Quick question: How does use_fqdn() interact with the various HOST, HOST_FROM, FULLHOST, FULLHOST_FROM? My understanding is that $FULLHOST and $FULLHOST_FROM are the only ones that will include the FQDN. Does use_fqdn() override that? Is the ideal config to have use_fqdn(yes) + use_dns(yes) + keep_hostname(no) and set $FULLHOST_FROM or $FULLHOST everywhere you want a FQDN so long as DNS is there? That doesnt seem to be working for me, use_fqdn(no) just kills all FQDNs everywhere regardless of $HOST* variable. I'm running the latest 2.x because I suck so much; maybe this is fixed in 3.x Thanks, ~BAS
That doesnt seem to be working for me, use_fqdn(no) just kills all FQDNs everywhere regardless of $HOST* variable.
Assuming one has options{...}; : use_dns(yes); chain_hostnames(yes); keep_hostname(yes); use_fqdn(no); And a UDP/TCP listener, it seems to me, based on the documentation, that: - $HOST should return the hostname value embedded in the packet, unmodified - $HOST_FROM should return short/UFQDN of relaying host - $FULLHOST should return FQDN of embedded/original packet hostname value as processed by DNS Resolver - $FULLHOST_FROM should return the FQDN of the relaying host If use_fqdn(yes) == True, then: $HOST == $FULLHOST (override) $HOST_FROM = $FULLHOST_FROM (Disable short names) This doesn't seem to be the case, though. Also, if keep_hostname(no) = TRUE, not sure what $FULLHOST or $HOST would really be worth. Highly ambiguous, or maybe I just haven't had my 5 vicodin yet today. ~BAS
On Thu, 2010-11-11 at 13:41 -0500, Brian A. Seklecki wrote:
Quick question:
How does use_fqdn() interact with the various HOST, HOST_FROM, FULLHOST, FULLHOST_FROM?
My understanding is that $FULLHOST and $FULLHOST_FROM are the only ones that will include the FQDN.
use_fqdn() is only used in one case: when syslog-ng itself is resolving hostnames. It doesn't cause truncation of the hostname field received from the network. If that's to be trusted and changed, either it should be configured on the originating system, _or_ rewritten locally. syslog-ng _always_ resolves hostnames and puts the result in the $HOST_FROM name-value pair (thus that value always reflects the use_fqdn setting) Then, depending on the configuration the $HOST value is overridden or not. $HOST is overridden in these cases: 1) keep_hostname is FALSE 2) the incoming message has no hostname information
Does use_fqdn() override that?
Is the ideal config to have use_fqdn(yes) + use_dns(yes) + keep_hostname(no) and set $FULLHOST_FROM or $FULLHOST everywhere you want a FQDN so long as DNS is there?
FULLHOST is only different from HOST in case chained_hostnames() are in use. In case chained_hostnames() is in effect, $HOST is a derived value: basically it extracts the last hostname from a chained_hostname() format, $FULLHOST is the complete stuff. So if you have this in your hostname field: original/relay1/relay2/relay3 The $HOST would be "original", $FULLHOST would be the full string. That's the only difference between FULLHOST & HOST. So it doesn't care about fqdn() setting, it just uses the value already there. This means that right now you don't have any functionality to truncate the domain part from a hostname using macros. if you want that, you need to make sure everything is resolved as an FQDN and then use a rewrite rule to store the truncated hostname in a different name-value pair. E.g. options { use_fqdn(yes); use_dns(yes); keep_hostname(no); }; rewrite r_hostnames { # the FQDN is made available in HOST_FQDN set("$HOST" value("HOST_FQDN")); # HOST is truncated to only contain the hostname without domain (beware: regexp untested!) subst('^([\-a-zA-Z])\..*$', '$1' value("HOST")); }; -- Bazsi
The following ended up working: #rewrite r_hostnames { # # the FQDN is made available in HOST_FQDN # set("$HOST" value("HOST_FQDN")); # # HOST is truncated to only contain the FQDN per FS#19379 # # used in log ... (messages) near end # subst('^([a-zA-Z0-9\-\@]+)\..*$', '$1' value("HOST")); #}; On Sun, 14 Nov 2010, Balazs Scheidler wrote:
subst('^([\-a-zA-Z])\..*$', '$1' value("HOST"));
participants (2)
-
Balazs Scheidler
-
Brian A. Seklecki