[syslog-ng] Hostname instead of FQDN in logs
Delphine D
delphined_1300 at hotmail.com
Fri Sep 7 10:18:20 CEST 2007
Hello,
We've configured a centralized logs server (Solaris 10) in order to collect
and manage all log messages coming from +/- 100 servers (Solaris,
Linux,...).
For an unknown reason, the logs coming from one of our server (Debian) are
coming in the following format on the log server :
Sep 7 10:08:37 server1 PAM_unix[6142]: authentication failure; (uid=0) ->
delphine for ssh service
As you can see, we only receive the hostname (server1) but not the FQDN of
this server (server1.ourdomain.be).
For all the other servers, we have the FQDN in the logs.
Here is an example with server2.ourdomain.be (Debian) :
Sep 7 10:11:01 server2.ourdomain.be/server2.ourdomain.be PAM_unix[27542]:
authentication failure; (uid=0) -> delphine for ssh service
The only difference between server1 and the other ones is that it uses
syslog-ng instead of syslog in order to send its logs.
Here are the options used in the configuration files.
1° On the log server
options { create_dirs(yes);
dir_perm(0705);
dir_owner(root);
perm(0600);
owner(root);
sync(0);
check_hostname(no);
use_fqdn(yes);
use_dns(yes);
dns_cache(yes);
dns_cache_expire(604800);
dns_cache_size(400);
stats(60);
keep_hostname(yes);
chain_hostnames(yes);
};
2° On server1
options {
use_fqdn(yes);
use_dns(yes);
keep_hostname(yes);
chain_hostnames(no);
long_hostnames(no);
sync(0);
};
3° On server2 we are using syslog instead syslog-ng
Any idea ?
Thanks.
_________________________________________________________________
Grand passioné ? Rassemblez tout ce qui vous intéresse en un seul endroit
! http://get.live.com/live/features
More information about the syslog-ng
mailing list