[syslog-ng]replacing part of prog name with hostname
Nate Campi
nate@campin.net
Fri, 3 Jan 2003 11:56:06 -0800
There's one thing I've left out of all this, which is important.
Syslog-ng loses the ctld string when logging only locally. It seems to
think it's getting a hostname from the local socket, and rewrites it
automatically.
Solaris syslogd has this:
Jan 3 10:57:13 larry cmd 6.0[8704]: [ID 702911 local0.error] [0]
MetaTemplate info contains no cache key
cmd is another prog that does the same thing (same software suite as
ctld).
Syslog-ng will do this:
Dec 31 13:48:11 larry 6.0[8704]: [ID 702911 local0.warning] [0] Bad
request (400): Malformed template area
So on the local host, solaris syslogd realized that it's only getting a
message, not a hostname and logged (locally) correctly. You see the
program has the same pid, even over several days. The only difference is
what syslog daemon is running.
Now suppose I set "keep_hostnames(no)" on syslog-ng? I'd imagine I'll
now get
Dec 31 13:48:11 cmd 6.0[8704]: [ID 702911 local0.warning] [0] Bad
request (400): Malformed template area
...written to my local logfile. That's not good either - especially when
solaris syslogd figured out how to properly write this. Of course when
solaris syslogd sends this over the network it'll look like this:
<PRI>Dec 31 13:48:11 cmd 6.0[8704]: [ID 702911 local0.warning] [0] Bad
request (400): Malformed template area
...and any decent self-respecting syslog daemon will think cmd is the
hostname *all over again*. My syslog daemon knows about this and fixes
it, but locally I *still* can't run syslog-ng and get filtering or TCP
transport because it misinterprets the hostnames where syslogd does not.
Does this all make sense now?
--
Nate Campi http://www.campin.net
"The will to win is not nearly as important as the will to prepare to
win." - BOBBY KNIGHT