[syslog-ng] Hostname instead of FQDN in logs
Nate Campi
nate at campin.net
Fri Sep 7 16:24:03 CEST 2007
On Fri, Sep 07, 2007 at 10:53:54AM +0200, Delphine D wrote:
>
> The others also return the hostname and not the FQDN (Ex : 'server2' and not
> 'server2.ourdomain.be') but they are using syslog instead of syslog-ng...
> That's the only difference...
Then it's because this host sends the hostname in the syslog message
(syslog-ng always has a full and complete syslog message on the wire),
but the boxes using syslogd don't actually send a hostname.
A message on your central syslog-ng server from a Linux box running
syslogd will be written to disk something like:
Sep 7 07:16:20 hostname in.qpopper[7736]: connect from 12.12.12.12
...but on the wire it looks like this:
<13>in.qpopper[7736]: connect from 12.12.12.12
...and syslog-ng has to put in the rest of the info. This means that
syslog-ng on the central box is putting in the FQDN for you.
syslog-ng on the client is putting in a full message, including the
short hostname, and the central syslog-ng is keeping it.
See http://www.campin.net/syslog-ng/syslog.html#missing_parts for more
on this.
See http://www.campin.net/syslog-ng/faq.html#hostname to figure out the
hostname options you want on your central syslog-ng server. Probably
"keep_hostname(no)", plus "use_fqdn(yes);" to get the FQDN.
HTH,
--
Nate
Like medieval peasants, computer manufacturers and millions of users
are locked in a seemingly eternal lease with their evil landlord, who
comes around every two years to collect billions of dollars of taxes
in return for mediocre services. --Mark Harris, Electronics Times
More information about the syslog-ng
mailing list