[syslog-ng] Openbsd 3.5 on SPARC64 not login network hostname
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 26 Aug 2004 13:37:29 +0200
On Thu, 2004-08-26 at 11:23, Darren J. Wise wrote:
> Hi,
>
> I have a Sun Ultra 5 that I am setting up as a log server using
> OpenBSD 3.5 with the stable port of syslog-ng 1.5.24.
>
> In the syslog-ng.conf file I have got the following options:
>
> options {
> sync(0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (no);
> use_dns (yes);
> use_fqdn (no);
> create_dirs(yes);
> chain_hostnames (no);
> keep_hostname (yes);
> perm (0600);
> };
>
> And the following network related source, destination and log options:
>
> source s_net { udp(); };
> destination d_net { file("/export/syslog-ng/$HOST/messages"); };
> log { source(s_net); destination(d_net); };
>
> I have got a Sparc Solaris 9 box and Linux box logging to this
> machine using the default Solaris/Linux syslog.
>
> The problem that I am seeing is that the log server logs all
> messages as if they have came from the localhost, an example from the
> Linux machine on the log server (loghost-test is the name of the log
> server) :
>
> Aug 24 12:53:38 loghost-test xfs: Entry deleted from font path.
>
> I have also compiled syslog-ng 1.6.5 with libol 0.3.14 and still
> get the same problem.
>
keep_hostname() tells syslog-ng not to touch the hostname as received
from the network, except when there is no hostname at all, in which case
it performs a reverse DNS lookup (if use_dns is enabled) and adds that
hostname to the message.
I'd first check how the log message is received from the network. (e.g.
tcpdump)
--
Bazsi