[syslog-ng]Syslog Chaining doesn't work as expected
Gregor Binder
gbinder@sysfive.com
Fri, 23 Mar 2001 13:30:36 +0100
Wiktor Wodecki on Fri, Mar 23, 2001 at 01:05:10PM +0100:
Hi Wiktor,
> > depending on how your systems are configured, you might get good
> > results with turning keep_hostname on if that's an option.
>
> nope, that didn't do it, it still writes logs with canonical name and
> not the fqdn.
well, I could've said that before, it would require your systems know
themselves by their FQDN (and use this name for their log messages).
> > - Do you use FQDNs in /etc/hosts?
>
> yes, on LOGGINGSERVER, not on GATESERVER
If I understand your setup correctly, DNS config on GATESERVER (or how
names get resolved and all that) matters, so you do want to make sure
the log clients that go through GATESERVER can be properly qualified.
> options { long_hostnames(yes); sync(2); use_dns(yes); use_fqdn(yes);
> create_dirs(yes); log_fifo_size(1000); time_reopen(2);
> chain_hostnames(yes); keep_hostname(yes); };
keep_hostname(yes) does not make sense with use_dns(yes) and
use_fqdn(yes) since it means "keep the hostname that the log message
contains". IIRC long_hostnames is just an alias for use_fqdn.
I think you want the following options (besides those not related to
DNS/hostnames):
LOGGINGSERVER: keep_hostname(yes); chain_hostnames(no); use_fqdn(yes);
GATESERVER: use_dns(yes); use_fqdn(yes);
And make sure GATESERVER can determine FQDNs.
If you have clients logging directly to LOGGINGSERVER, you might want to
check if you can specify those options in the source and not global,
since otherwise you would get inconsistent naming. I am not sure if you
can do that though.
Greetings,
--
Gregor Binder <gregor.binder@sysfive.com> http://sysfive.com/
sysfive.com GmbH UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55