[syslog-ng] 3.3.7 oddity with file source

Evan Rempel erempel at uvic.ca
Sun Feb 10 20:58:33 CET 2013 

Just so I understand, you are saying that file sources are treated as if they were another syslog instance on the same host, sending data to the running instance.
Correct?

If you consider chain_hostnames() deprecated, what do you recommend now?

If it isn't logical how it behaves, perhaps it should be fixed so that it is logical. :-)

Evan.
________________________________________
From: Balazs Scheidler [bazsi77 at gmail.com]
Sent: Saturday, February 09, 2013 10:19 PM
To: Syslog-ng users' and developers' mailing list; Evan Rempel
Subject: Re: [syslog-ng] 3.3.7 oddity with file source

hi,

the default hostname if otherwise unspecified is using this format if chain_hostnames() is enabled. this mimics the behaviour of chain_hostnames() when receiving the message locally. (the part before the slash is the host as it claimed itself to be, the part after the slash as it was resolved)

I consider the chain_hostnames() functionality to be deprecated, it's not always logical how it behaves, but this is how it worked for the past decade.

----- Original message -----
> Normally when a syslog line is produced, the host has the format of
>
> {source}@{hostname}
>
> so when the log reaches my central server it looks like
>
> 2013-02-08T11:15:01-08:00
> local at gpfs10.westgrid.uvic.ca<mailto:local at gpfs10.westgrid.uvic.ca>/chrysaor.westgrid.ca cron.info
> CROND[20315]: ...
>
> but on this same host, I have a file source (different source
> definition), its messages go to the same destination using a separate
> log statement, but when they reach the central syslog server it looks
> like
>
> 2013-02-08T11:11:35-08:00
> gpfs10.westgrid.uvic.ca/gpfs10.westgrid.uvic.ca/chrysaor.westgrid.ca
> local2.info mmfs: ...
>
> So it seems that the file source is populating the host with
> {hostname}/{hostname}
>
> Was this intentional?
>
>
> source mmfs { file("/var/adm/ras/mmfs.log.latest" log_fetch_limit(100)
> program_override(mmfs) default-facility(local2) default-priority(info)
> flags(no-parse) ); };
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list