[syslog-ng] 3.3.7 oddity with file source

Balazs Scheidler bazsi77 at gmail.com
Sun Feb 10 07:19:44 CET 2013


hi,

the default hostname if otherwise unspecified is using this format if chain_hostnames() is enabled. this mimics the behaviour of chain_hostnames() when receiving the message locally. (the part before the slash is the host as it claimed itself to be, the part after the slash as it was resolved)

I consider the chain_hostnames() functionality to be deprecated, it's not always logical how it behaves, but this is how it worked for the past decade.

----- Original message -----
> Normally when a syslog line is produced, the host has the format of
> 
> {source}@{hostname}
> 
> so when the log reaches my central server it looks like
> 
> 2013-02-08T11:15:01-08:00
> local at gpfs10.westgrid.uvic.ca/chrysaor.westgrid.ca cron.info
> CROND[20315]: ...
> 
> but on this same host, I have a file source (different source
> definition), its messages go to the same destination using a separate
> log statement, but when they reach the central syslog server it looks
> like
> 
> 2013-02-08T11:11:35-08:00
> gpfs10.westgrid.uvic.ca/gpfs10.westgrid.uvic.ca/chrysaor.westgrid.ca
> local2.info mmfs: ...
> 
> So it seems that the file source is populating the host with
> {hostname}/{hostname}
> 
> Was this intentional?
> 
> 
> source mmfs { file("/var/adm/ras/mmfs.log.latest" log_fetch_limit(100)
> program_override(mmfs) default-facility(local2) default-priority(info)
> flags(no-parse) ); };
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130210/40e7015c/attachment.htm 


More information about the syslog-ng mailing list