[syslog-ng] Weird ${HOST} values
Wolfram Schlich
lists at wolfram.schlich.org
Thu Nov 23 21:04:11 CET 2006
Hi,
I just experienced some weird behaviour regarding the resolution
of the ${HOST} variable/macro. There seems to be a difference
whether the remote log client runs sysklogd or syslog-ng.
Basic setup
===========
syslog-ng 2.0 log server
------------------------
/etc/hosts:
host1.syslog-ng.local 192.168.10.1
host1.sysklogd.local 192.168.20.1
/etc/syslog-ng/syslog-ng.conf:
normalize_hostnames(yes);
keep_hostname(no);
use_dns(yes);
use_fqdn(yes);
No address or hostname/fqdn is served by a real DNS server,
everything is contained in /etc/hosts.
Case #1
=======
syslog-ng 2.0 log server
------------------------
/etc/syslog-ng/syslog-ng.conf:
chain_hostnames(yes);
messages received from sysklogd log clients
-------------------------------------------
${HOST} resolves to host1.sysklogd.local
${FULLHOST} resolves to host1.sysklogd.local/host1.sysklogd.local
messages received from syslog-ng 1.6 log clients
------------------------------------------------
${HOST} resolves to host1
${FULLHOST} resolves to host1/host1.syslog-ng.local
Case #2
=======
syslog-ng 2.0 log server
------------------------
/etc/syslog-ng/syslog-ng.conf:
chain_hostnames(no);
messages received from sysklogd log clients
-------------------------------------------
${HOST} resolves to host1.sysklogd.local
messages received from syslog-ng 1.6 log clients
------------------------------------------------
${HOST} resolves to host1.syslog-ng.local
Where does that difference come from?!
Shouldn't syslog-ng on the log server just not
care about whatever hostname the log client sent
due to keep_hostname(no) and use the data from
/etc/hosts?
How come that messages directly being sent
to the syslog-ng log server are affected by
chain_hostnames() *at all*?!
Puzzled,
Wolfram :)
More information about the syslog-ng
mailing list