[syslog-ng]Syslog Chaining doesn't work as expected

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD HamiltonA@hq.5sigcmd.army.mil
Fri, 23 Mar 2001 13:58:24 +0100 

keep_hostname(yes) and use_fqdn(yes) actually does make sense.  I use these
options together and it makes a difference.  If I have keep_hostname(yes)
and use_fqdn(no), I get messages with such names as gw1, gw2, gw3.  I have
14 gw1 hosts in my area of control so needless to say that is not very
revealing.  If I use keep_hostname(yes) and use_fqdn(yes), I get names like
gw1.mydomain.com, and gw1.otherdomain.com.  It does make a difference.  You
certainly don't want to use chain_hostnames(yes) and keep_hostname(yes)
those, I believe, are mutually exclusive.

Regards,
Drew

> -----Original Message-----
> From:	Gregor Binder [SMTP:gbinder@sysfive.com]
> Sent:	Friday, March 23, 2001 1:31 PM
> To:	syslog-ng@lists.balabit.hu
> Subject:	Re: [syslog-ng]Syslog Chaining doesn't work as expected
> 
> Wiktor Wodecki on Fri, Mar 23, 2001 at 01:05:10PM +0100:
> 
> Hi Wiktor,
> 
> > > depending on how your systems are configured, you might get good
> > > results with turning keep_hostname on if that's an option.
> > 
> > nope, that didn't do it, it still writes logs with canonical name and
> > not the fqdn.
> 
> well, I could've said that before, it would require your systems know
> themselves by their FQDN (and use this name for their log messages).
> 
> > > - Do you use FQDNs in /etc/hosts?
> > 
> > yes, on LOGGINGSERVER, not on GATESERVER
> 
> If I understand your setup correctly, DNS config on GATESERVER (or how
> names get resolved and all that) matters, so you do want to make sure
> the log clients that go through GATESERVER can be properly qualified.
> 
> > options { long_hostnames(yes); sync(2); use_dns(yes); use_fqdn(yes);
> > create_dirs(yes); log_fifo_size(1000); time_reopen(2);
> > chain_hostnames(yes); keep_hostname(yes); };
> 
> keep_hostname(yes) does not make sense with use_dns(yes) and
> use_fqdn(yes) since it means "keep the hostname that the log message
> contains". IIRC long_hostnames is just an alias for use_fqdn.
> 
> I think you want the following options (besides those not related to
> DNS/hostnames):
> 
> LOGGINGSERVER: keep_hostname(yes); chain_hostnames(no); use_fqdn(yes);
> GATESERVER:    use_dns(yes); use_fqdn(yes);
> 
> And make sure GATESERVER can determine FQDNs.
> 
> If you have clients logging directly to LOGGINGSERVER, you might want to
> check if you can specify those options in the source and not global,
> since otherwise you would get inconsistent naming. I am not sure if you
> can do that though.
> 
> Greetings,
> 
> -- 
> Gregor Binder       <gregor.binder@sysfive.com>      http://sysfive.com/
> sysfive.com GmbH               UNIX. Networking. Security. Applications.
> PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng