[syslog-ng]FQDN in the destination
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 1 May 2003 00:06:48 +0200
On Wed, Apr 30, 2003 at 02:24:32PM -0700, Glasser, Rob wrote:
> I'm trying to use the fully qualified domain name in my directory naming
> structure in a destination function. Here is what I have:
>
> options {
> dns_cache(yes); (tried without)
> chain_hostnames(no); (tried yes as well)
> keep_hostname(yes); (tried no as well)
> long_hostnames(off); (tried on)
> use_dns(yes); (tried without)
> use_fqdn(yes);
> };
>
>
> Then in the destination I've tried:
>
> destination network_log {
> file("/var/log/syslog-ng/$HOST/$FACILITY.$YEAR$MONTH$DAY"
> owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs(yes)
> );
> };
>
> and
>
> destination network_log {
> file("/var/log/syslog-ng/$FULLHOST/$FACILITY.$YEAR$MONTH$DAY"
> owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs(yes)
> );
> };
>
> Neither seems to create a directory with the fqdn, I always end up with
> the short name. Am I missing something or does this just not work?
use_fqdn() and either $FULLHOST or $HOST should do the trick. Are you sure
that your reverse DNS contains full hostnames? The correct settings should
be:
keep_hostname(no) to force syslog-ng to do name lookup
use_fqdn(yes) to avoid stripping domain name
and $HOST to insert the hostname only regardless the setting of chain_hostnames()
The interesting function for you to look at is
sources.c:do_add_source_name() and macros.c:expand_macro() the latter is
ineresting to see what the difference between FULLHOST and HOST is.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1