[syslog-ng] Hostname instead of FQDN in logs
nate at campin.net
Fri Sep 7 16:24:03 CEST 2007
On Fri, Sep 07, 2007 at 10:53:54AM +0200, Delphine D wrote:
> The others also return the hostname and not the FQDN (Ex : 'server2' and not
> 'server2.ourdomain.be') but they are using syslog instead of syslog-ng...
> That's the only difference...
Then it's because this host sends the hostname in the syslog message
(syslog-ng always has a full and complete syslog message on the wire),
but the boxes using syslogd don't actually send a hostname.
A message on your central syslog-ng server from a Linux box running
syslogd will be written to disk something like:
Sep 7 07:16:20 hostname in.qpopper: connect from 184.108.40.206
...but on the wire it looks like this:
<13>in.qpopper: connect from 220.127.116.11
...and syslog-ng has to put in the rest of the info. This means that
syslog-ng on the central box is putting in the FQDN for you.
syslog-ng on the client is putting in a full message, including the
short hostname, and the central syslog-ng is keeping it.
See http://www.campin.net/syslog-ng/syslog.html#missing_parts for more
See http://www.campin.net/syslog-ng/faq.html#hostname to figure out the
hostname options you want on your central syslog-ng server. Probably
"keep_hostname(no)", plus "use_fqdn(yes);" to get the FQDN.
Like medieval peasants, computer manufacturers and millions of users
are locked in a seemingly eternal lease with their evil landlord, who
comes around every two years to collect billions of dollars of taxes
in return for mediocre services. --Mark Harris, Electronics Times
More information about the syslog-ng