[syslog-ng]chain_hostname(yes) complicates use of $HOST variable
John A. Parker
jap54@cornell.edu
Thu, 14 Sep 2000 06:54:56 -0400
--=====================_154441521==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
Per the extracts from our syslog-ng.conf file shown below, our syslog
server logs messages to machine specific locations based on the sourcing
host name. After turning on the chain_hostnames option, the host name value
in log messages now appear as concatenations of strings. For the most part
they appear similar to:
aaaa.bbbb.cornell.edu/aaaa.bbbb.cornell.edu
Messages like the above are still logged correctly. However, we now also
get messages in the formats:
src@aaaa
and
Message/aaaa.bbbb.cornell.edu
last/aaaa.bbbb.cornell.edu
The first message (src delimited by an ampersand) is logged correctly.
However, the messages prefixed by Message and last are logged to the
directories /logs/machine_specific/Message and /logs/machine_specific/last.
Is there a variable other than $HOST I should be using when the
chain_hostnames option is enabled?
Thanks!
#######################################################################################
options { long_hostnames(off);
use_fqdn(yes);
log_fifo_size(1000);
chain_hostnames(yes); };
source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };
destination d_all_ms
{ file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};
# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };
# Forward all messages to machine specific log monitored by system admins
log { source(src);
filter(f_no_cisco);
destination(d_all_ms);
};
#######################################################################################
---
John A. Parker Senior Programmer/Analyst - AIX Cornell University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
--=====================_154441521==_.ALT
Content-Type: text/html; charset="us-ascii"
Per the extracts from our syslog-ng.conf file shown below, our syslog
server logs messages to machine specific locations based on the sourcing
host name. After turning on the chain_hostnames option, the host name
value in log messages now appear as concatenations of strings. For the
most part they appear similar to:
aaaa.bbbb.cornell.edu/aaaa.bbbb.cornell.edu
Messages like the above are still logged correctly. However, we
now also get messages in the formats:
src@aaaa
and
Message/aaaa.bbbb.cornell.edu
last/aaaa.bbbb.cornell.edu
The first message (src delimited by an ampersand) is logged
correctly. However, the messages prefixed by Message and
last are logged to the directories
/logs/machine_specific/Message
and /logs/machine_specific/last.
Is there a variable other than $HOST I should be using when the chain_hostnames option is enabled?
Thanks!
#######################################################################################
options { long_hostnames(off);
use_fqdn(yes);
log_fifo_size(1000);
chain_hostnames(yes); };
source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };
destination d_all_ms
{ file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};
# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };
# Forward all messages to machine specific log monitored by system admins
log { source(src);
filter(f_no_cisco);
destination(d_all_ms);
};
#######################################################################################
---
John A. Parker Senior Programmer/Analyst - AIX Cornell University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)
--=====================_154441521==_.ALT--