[syslog-ng] FQDN's in syslog-ng

Steven Hajducko steven.hajducko at digitalinsight.com
Thu Aug 24 22:22:40 CEST 2006 

Well, as long as it's possible to sort by FQDN rather than just by
hostname, I can at least present it as a viable alternative to what we
have now.

I'll have to set it up in a lab for now and see if I can get it working.

--
sh 

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Russell Fulton
Sent: Thursday, August 24, 2006 1:18 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] FQDN's in syslog-ng

There are a several of different options for dealing with host names and
I have not managed to sort them all out yet.  The single line
explanations in the manual are not enough to work out the details.

Be aware that the hostname can be set on either the central log server
or on the system generating the logs.  The default seems to be that the
central server will keep the host name that is in the packet, if there
is no hostname in the packet it will do a reverse lookup to determine
it.  We want to override this but have not spent a lot of time fiddling
with the options to see what works.

What you want to do is possible it just a matter of figuring out which
options you need on the client and server.

What is bothering us at the moment is that SUN monitoring crap called
SRS manages to generate some syslog records with SRS in the hostname
field.  So on the central server these all turn up in the same file.

I really must sort this out today, sigh...

I'd be happy to hear from someone who has already sussed out how these
options work!

Russell

Steven Hajducko wrote:
> Hi everyone,
> 
> We've currently got a syslog setup that centralizes our logs from many

> of our different teirs into one location, using each system's prebuilt

> syslog.  It works at the moment, but we've got some issues.
> 
> Our main one is that we name our hosts the same in different 
> environments, mainly because these environments are for moving code 
> and configs from 1 step to the next, so to make it easier on people so

> they don't have to change configurations each time the code moves, 
> hosts share similar names.
> 
> The problem is that when all the logs come back to the central syslog 
> server, they can't be seperated by host because of the similiarities.
> So 'web5' in our QA is the same as 'web5' in production.
> 
> Because of that, we were looking at syslog-ng and while I found a 
> couple references to using FQDN, I've been unable to tell whether or 
> not this is possible.
> 
> Our machines DO have different FQDNs.  For example, 
> web5.qa.location.domain.com vs. web5.prod.location.domain.com.  If we 
> run our main central server on syslog-ng and replace all the syslog 
> daemon's on each system with it, can we force the FQDN to be given 
> rather then just the base hostname and have the central log server 
> sort the logs into different directories based on the FQDN?
> 
> Thanks!
> 
> --
> sh
> 
> 
> ----------------------------------------------------------------------
> --
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu 
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list