[syslog-ng]log files showing short name.
Balazs Scheidler
bazsi@balabit.hu
Fri, 15 Feb 2002 15:35:02 +0100
On Fri, Feb 15, 2002 at 09:05:45AM -0500, Yan Lau wrote:
> Hello,
>
>
> I am using syslog-ng 1.5.14. I am trying to get the log messages to display the
> full hostname instead of the short name.
>
> For instance,
>
> Feb 4 10:06:42 mailhost su: 'su toto' succeeded for ylau on /dev/pts/0
>
> We have several servers with the name "mailhost" so I would like it to show
> mailhost.nyc1.globix.net so I can tell which one it is.
>
>
> Here are the options I have set:
>
> options { sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> create_dirs (yes);
> chain_hostnames (no);
> use_dns (no);
> use_fqdn (yes);
> };
>
>
> Where is it picking up the short name and how can I get it to show the full
> name? Sometimes the log shows IP addresses, that is OK.
hmm. if keep_hostname is true, it should not touch the hostname, if it is
false, the hostname should always be rewritten.
if (!self->keep_hostname || !logmsg->host) {
... rewrite host ...
}
Thus, if keep_hostname() is false (default), the hostname is always rewritten.
Ops, I think I have the problem. get_source_hostname() function in
sources.c:
if (... received from network ...) {
... resolve source ip, chomp domain if use_fqdn is false ...
}
else {
... this message is local ...
getshorthostname(), even if use_fqdn() is true.
}
thus the hostname you are picking up comes from a local message. Try this
patch:
diff -u -r1.28 sources.c
--- sources.c 2001/03/30 15:02:31 1.28
+++ sources.c 2002/02/15 14:34:00
@@ -184,7 +184,14 @@
else {
if (!hostname) {
char buf[128];
- hostname = c_format_cstring("%z", getshorthostname(buf, sizeof(buf)));
+ if (usefqdn) {
+ gethostname(buf, sizeof(buf) - 1);
+ buf[127] = 0;
+ }
+ else {
+ getshorthostname(buf, sizeof(buf));
+ }
+ hostname = c_format_cstring("%z", buf);
}
ol_string_use(hostname);
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1