[syslog-ng] Hostname instead of FQDN in logs

Russell Fulton r.fulton at auckland.ac.nz
Fri Sep 7 10:43:36 CEST 2007 

You can tell syslog-ng to use the either the reverse domain name or the
name included in the syslog record (check the docs for what the macros
are).  You almost certainly are using the name included in the syslog
record.

What does `hostname` return on the debian box?  My guess is that the
hostname is set to 'server1' without the ourdomain.be the others are all
set to a fqdn

R


Delphine D wrote:
> Hello,
>
> We've configured a centralized logs server (Solaris 10) in order to collect 
> and manage all log messages coming from +/- 100 servers (Solaris, 
> Linux,...).
>
> For an unknown reason, the logs coming from one of our server (Debian) are 
> coming in the following format on the log server :
>
> Sep  7 10:08:37 server1 PAM_unix[6142]: authentication failure; (uid=0) -> 
> delphine for ssh service
>
> As you can see, we only receive the hostname (server1) but not the FQDN of 
> this server (server1.ourdomain.be).
>
> For all the other servers, we have the FQDN in the logs.
> Here is an example with server2.ourdomain.be (Debian) :
>
> Sep  7 10:11:01 server2.ourdomain.be/server2.ourdomain.be PAM_unix[27542]: 
> authentication failure; (uid=0) -> delphine for ssh service
>
> The only difference between server1 and the other ones is that it uses 
> syslog-ng instead of syslog in order to send its logs.
>
> Here are the options used in the configuration files.
>
> 1° On the log server
>
> options {       create_dirs(yes);
>                 dir_perm(0705);
>                 dir_owner(root);
>                 perm(0600);
>                 owner(root);
>                 sync(0);
>                 check_hostname(no);
>                 use_fqdn(yes);
>                 use_dns(yes);
>                 dns_cache(yes);
>                 dns_cache_expire(604800);
>                 dns_cache_size(400);
>                 stats(60);
>                 keep_hostname(yes);
>                 chain_hostnames(yes);
>         };
>
> 2° On server1
>
> options {
> use_fqdn(yes);
> use_dns(yes);
> keep_hostname(yes);
> chain_hostnames(no);
> long_hostnames(no);
> sync(0);
> };
>
> 3° On server2 we are using syslog instead syslog-ng
>
> Any idea ?
>
> Thanks.
>
> _________________________________________________________________
> Grand passioné ?  Rassemblez tout ce qui vous intéresse   en un seul endroit 
> ! http://get.live.com/live/features
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>

More information about the syslog-ng mailing list