[syslog-ng]replacing part of prog name with hostname
Sander de Boer
sander@sanderscorner.com
Wed, 1 Jan 2003 23:50:33 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
,
On Tuesday 31 December 2002 23:05, you wrote:
> I have syslog-ng 1.5.24 on solaris 8, reading from /etc/.syslog_door an=
d
> I have a log entry like this:
>
> Dec 31 13:48:15 larry 6.0[8704]: [ID 702911 local0.warning] [0] Can't
> stat file in FlushFile [news/PointCast]: No such file or directory
>
> ...but the program name was sent from the app was: "ctlds 6.0[8704]:"
> and syslog-ng replaced the first part of the messed up program name wit=
h
> the host's name.
>
> In the next version, can syslog-ng "learn" that it don't get a hostname
> from solaris ever and that the entire text coming in is actually the lo=
g
I looked at my logs from Solaris 8 systems using standard solaris syslog =
and=20
with the exception of some kernel messages the hostname is perfectly ok. =
Both=20
the 'HOST' and 'FULLHOST' macros in the syslog-ng config file return the=20
proper host name.
The only problem are some kernel messages in which the hostname indeed=20
contains the first one or two words of the message as does the 'PROGRAM'=20
field. But even then I found that the 'FULLHOST' macro returns the correc=
t=20
host in its last field (like 'Error/<hostname>').
Possibly this has to do with some awkward way the kernel writes its messa=
ges.
> message? I'm losing information this way. I wonder how many other apps
> split up the program name and lose data - most people would never know
> as end users.
- --=20
Sander de Boer
- --=20
My public key is available at http://www.sanderscorner.com/file/pgp-pubke=
y.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+E3DIhNL8OKskREIRAtLrAJ0Wgs8QSXCiuVQjhSp1IMpZc3rapgCg7Amz
Qu/Y/0Ult7I5FJLL4uvfUI4=3D
=3Dk6V0
-----END PGP SIGNATURE-----