[syslog-ng]replacing part of prog name with hostname
Noam Meltzer
tsnoam@excite.com
Thu, 2 Jan 2003 15:28:49 -0500 (EST)
--EXCITEBOUNDARY_000__dc771879cefe0aa5c319614b826c3a72
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
I thing you confused it a little...
According to my last message (and a similar thread I created recently)
The problem with the hostname resolving of Solaris is fixed with using:
keep_hostname(no)
But, I would really like to understand what's going on in there.
Is my assumption correct?
Noam
--- On Thu 01/02, Balazs Scheidler wrote:From: Balazs Scheidler [mailto: bazsi@balabit.hu]To: syslog-ng@lists.balabit.huDate: Thu, 2 Jan 2003 10:43:45 +0100Subject: Re: [syslog-ng]replacing part of prog name with hostnameOn Tue, Dec 31, 2002 at 02:05:34PM -0800, Nate Campi wrote:> I have syslog-ng 1.5.24 on solaris 8, reading from /etc/.syslog_door and> I have a log entry like this:> > Dec 31 13:48:15 larry 6.0[8704]: [ID 702911 local0.warning] [0] Can't> stat file in FlushFile [news/PointCast]: No such file or directory> > ...but the program name was sent from the app was: "ctlds 6.0[8704]:"> and syslog-ng replaced the first part of the messed up program name with> the host's name. > > In the next version, can syslog-ng "learn" that it don't get a hostname> from solaris ever and that the entire text coming in is actually the log> message? I'm losing information this way. I wonder how many other apps> split up the program name and lose data - most people would never know> as end users.the problem is ctlds sends a space in the program name tag, thus syslog-nginterprets 'ctlds' as hostname and '6.0' as program name. askeep_hostname() is set to no it rewrites originating host name.Try setting keep_hostname() to yes, it will not touch the hostname then.-- BazsiPGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1_______________________________________________syslog-ng maillist - syslog-ng@lists.balabit.huhttps://lists.balabit.hu/mailman/listinfo/syslog-ngFrequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
--EXCITEBOUNDARY_000__dc771879cefe0aa5c319614b826c3a72
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
I thing you confused it a little...
According to my last message (and a similar thread I created recently)
The problem with the hostname resolving of Solaris is fixed with using:
keep_hostname(no)
But, I would really like to understand what's going on in there.
Is my assumption correct?
Noam
<br><br> --- On Thu 01/02, Balazs Scheidler < bazsi@balabit.hu > wrote:<br>From: Balazs Scheidler [mailto: bazsi@balabit.hu]<br>To: syslog-ng@lists.balabit.hu<br>Date: Thu, 2 Jan 2003 10:43:45 +0100<br>Subject: Re: [syslog-ng]replacing part of prog name with hostname<br><br>On Tue, Dec 31, 2002 at 02:05:34PM -0800, Nate Campi wrote:<br>> I have syslog-ng 1.5.24 on solaris 8, reading from /etc/.syslog_door and<br>> I have a log entry like this:<br>> <br>> Dec 31 13:48:15 larry 6.0[8704]: [ID 702911 local0.warning] [0] Can't<br>> stat file in FlushFile [news/PointCast]: No such file or directory<br>> <br>> ...but the program name was sent from the app was: "ctlds 6.0[8704]:"<br>> and syslog-ng replaced the first part of the messed up program name with<br>> the host's name. <br>> <br>> In the next version, can syslog-ng "learn" that it don't get a hostname<br>> from solaris ever and that the entire text coming in is actually the log<br>> message? I'm losing information this way. I wonder how many other apps<br>> split up the program name and lose data - most people would never know<br>> as end users.<br><br>the problem is ctlds sends a space in the program name tag, thus syslog-ng<br>interprets 'ctlds' as hostname and '6.0' as program name. as<br>keep_hostname() is set to no it rewrites originating host name.<br><br>Try setting keep_hostname() to yes, it will not touch the hostname then.<br><br>-- <br>Bazsi<br>PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1<br><br>_______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br><br><p><hr><font size=2 face=geneva><b>Join Excite! - <a href=http://www.excite.com target=_blank>http://www.excite.com</a></b><br>The most personalized portal on the Web!</font>
--EXCITEBOUNDARY_000__dc771879cefe0aa5c319614b826c3a72--