[syslog-ng] Hostname instead of FQDN in logs
Delphine D
delphined_1300 at hotmail.com
Fri Sep 7 10:53:54 CEST 2007
>You can tell syslog-ng to use the either the reverse domain name or the
>name included in the syslog record (check the docs for what the macros
>are). You almost certainly are using the name included in the syslog
>record.
Could you please explain a little bit what these macros are ?
Is it something I need to modify/configure in the syslog-ng.conf file on
server1 ?
>What does `hostname` return on the debian box? My guess is that the
>hostname is set to 'server1' without the ourdomain.be
Yes, indeed, hostname returns 'server1'.
>the others are all set to a fqdn
The others also return the hostname and not the FQDN (Ex : 'server2' and not
'server2.ourdomain.be') but they are using syslog instead of syslog-ng...
That's the only difference...
Thanks,
Delphine
>Delphine D wrote:
> > Hello,
> >
> > We've configured a centralized logs server (Solaris 10) in order to
>collect
> > and manage all log messages coming from +/- 100 servers (Solaris,
> > Linux,...).
> >
> > For an unknown reason, the logs coming from one of our server (Debian)
>are
> > coming in the following format on the log server :
> >
> > Sep 7 10:08:37 server1 PAM_unix[6142]: authentication failure; (uid=0)
>->
> > delphine for ssh service
> >
> > As you can see, we only receive the hostname (server1) but not the FQDN
>of
> > this server (server1.ourdomain.be).
> >
> > For all the other servers, we have the FQDN in the logs.
> > Here is an example with server2.ourdomain.be (Debian) :
> >
> > Sep 7 10:11:01 server2.ourdomain.be/server2.ourdomain.be
>PAM_unix[27542]:
> > authentication failure; (uid=0) -> delphine for ssh service
> >
> > The only difference between server1 and the other ones is that it uses
> > syslog-ng instead of syslog in order to send its logs.
> >
> > Here are the options used in the configuration files.
> >
> > 1° On the log server
> >
> > options { create_dirs(yes);
> > dir_perm(0705);
> > dir_owner(root);
> > perm(0600);
> > owner(root);
> > sync(0);
> > check_hostname(no);
> > use_fqdn(yes);
> > use_dns(yes);
> > dns_cache(yes);
> > dns_cache_expire(604800);
> > dns_cache_size(400);
> > stats(60);
> > keep_hostname(yes);
> > chain_hostnames(yes);
> > };
> >
> > 2° On server1
> >
> > options {
> > use_fqdn(yes);
> > use_dns(yes);
> > keep_hostname(yes);
> > chain_hostnames(no);
> > long_hostnames(no);
> > sync(0);
> > };
> >
> > 3° On server2 we are using syslog instead syslog-ng
> >
> > Any idea ?
> >
> > Thanks.
> >
> > _________________________________________________________________
> > Grand passioné ? Rassemblez tout ce qui vous intéresse en un seul
>endroit
> > ! http://get.live.com/live/features
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng at lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >
> >
>_______________________________________________
>syslog-ng maillist - syslog-ng at lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
_________________________________________________________________
Saviez-vous que Windows Live Messenger est disponible dès maintenant sur
votre GSM ? http://get.live.com/messenger/mobile
More information about the syslog-ng
mailing list