[syslog-ng]BUG: Number in Hostnames?
Jonathan Marchand
gore@webnet.qc.ca
Mon, 17 Jun 2002 13:53:15 -0400
Balazs,
On both hosts the DNS lookup and reverse lookup are working fine:
Name: nexus1.webnet.qc.ca
Address: 209.71.224.10
And reverse:
10.224.71.209.in-addr.arpa name = nexus1.webnet.qc.ca.
Also, I added the line:
209.71.224.10 nexus1.webnet.qc.ca nexus1
to /etc/hosts on both hosts.
I did try to sniff the traffic using tcpdump, I used "sniff" to translate
the output from hex to ascii. However, the messages were fine but the
hostname was not translated properly, it was still hex codes. You know a
tool I could use to reliably sniff and translate syslog traffic?
Thanks,
Jonathan.
>
> ----- Original Message -----
> From: "Balazs Scheidler" <bazsi@balabit.hu>
> To: <syslog-ng@lists.balabit.hu>
> Sent: Monday, June 17, 2002 1:02 PM
> Subject: Re: [syslog-ng]BUG: Number in Hostnames?
>
>
> > On Mon, Jun 17, 2002 at 12:05:07PM -0400, Jonathan wrote:
> > > Hi,
> > >
> > > I've been toying a bit with syslog-ng, I'm quite happy so far with all
> the
> > > possibilities it offer me. But I got a problem getting it to work in
my
> > > environment.
> > >
> > > I want to log normal syslogd machines to a LogHost which would run
> > > syslog-ng. I've installed syslog-ng 1.5.18 on my LogHost and ran a few
> > > tests.
> > >
> > > With this config:
> > >
> > > options { sync (0);
> > > time_reopen (10);
> > > log_fifo_size (1000);
> > > long_hostnames (no);
> > > chain_hostnames (no);
> > > use_dns (no);
> > > use_fqdn (no);
> > > create_dirs (no);
> > > keep_hostname (yes);
> > > };
> > >
> > > source s_sys { unix-stream ("/dev/log"); internal();
> > > udp (ip(209.71.224.21) port (514)); };
> > > destination mail1 { file("/var/log/mail1"); };
> > > filter filter_mail1 { host("mail1");};
> > > log { source(s_sys); filter(filter_mail1); destination(mail1); };
> > >
> > > As you can see, I want to log a host named "mail1" to a file "mail1".
> > > However, it doesn't work. The host send its log entries syslog-ng but
> > > doesn't recognize "mail1".
> > >
> > > But, if I change the host("mail1") to host("mail"), it work perfectly.
> The
> > > hostname in the /var/log/mail1 file is "mail" tho, not "mail1".
> > >
> > > I ran syslogd into debug mode on my "mail1" machine. I saw it does
send
> the
> > > logs out with the "mail1" tag.
> > >
> > > I tried this with another of my host, its name is nexus1, I
experienced
> the
> > > same behavior.
> > >
> > > So, I'm wondering if syslog-ng doesn't like having a number at the end
> of
> > > the hostname.
> > >
> > > The hosts running syslogd are RedHat 7.2 and 7.1.
> > >
> > > Any ideas? :) I'd like to get this working, all my hostnames got
> numbers....
> >
> > hmm.. I don't care if hostnames contain numbers or not. Does reverse DNS
> of
> > those hosts contain the correct name (with the number ?)
> >
> > You could sniff your network interface to see if the hostname is really
> > present. (sometimes it is missing, and is added by syslog-ng based on
the
> > DNS name of the host)
> >
> > --
> > Bazsi
> > PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
> 8EB1
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >
> >
>
>