Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
FQDN with rsyslogd
patrick.shen at net-m
Nov 12, 2008, 2:06 AM
Post #1 of 6 (5246 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Rainer,

Have a look at online man doc, maybe it's outdated. I find one thing I
really care about.

######################################################################
If the remote host is located in the same domain as the host,
rsyslogd is running on, only the simple hostname will be logged instead
of the whole fqdn.
######################################################################

Currently we are using rsyslog as client to send logs to central
loghost, actually in the same domain. But I wanna need FQDN in logs, not
simple hostname.

How need I do?

Many thanks,

- --
Patrick Shen
Operations Engineer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJGqqLkHhYtFevC+MRAoMlAJ9M1CeXQf27KTz0/GznkreUFYcb7QCeKjl6
8R3DzRHtpDZU+a0/B1XQny4=
=RUGG
-----END PGP SIGNATURE-----
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: FQDN with rsyslogd [ In reply to ]
rgerhards at hq
Nov 12, 2008, 2:51 AM
Post #2 of 6 (5112 views)
Permalink
Hi Patrick,

this is part of the sysklogd legacy code. While there is no longer much
of sysklogd in rsyslog, this part actually is. I need to figure out if
you can turn it off, I remember to have added such an option.

Rainer

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
> Sent: Wednesday, November 12, 2008 11:06 AM
> To: rsyslog-users
> Subject: [rsyslog] FQDN with rsyslogd
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear Rainer,
>
> Have a look at online man doc, maybe it's outdated. I find one thing I
> really care about.
>
> ######################################################################
> If the remote host is located in the same domain as the host,
> rsyslogd is running on, only the simple hostname will be logged
> instead
> of the whole fqdn.
> ######################################################################
>
> Currently we are using rsyslog as client to send logs to central
> loghost, actually in the same domain. But I wanna need FQDN in logs,
> not
> simple hostname.
>
> How need I do?
>
> Many thanks,
>
> - --
> Patrick Shen
> Operations Engineer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJGqqLkHhYtFevC+MRAoMlAJ9M1CeXQf27KTz0/GznkreUFYcb7QCeKjl6
> 8R3DzRHtpDZU+a0/B1XQny4=
> =RUGG
> -----END PGP SIGNATURE-----
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: FQDN with rsyslogd [ In reply to ]
patrick.shen at net-m
Nov 12, 2008, 6:11 PM
Post #3 of 6 (5120 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rainer,

I will appreciate if you could show me the magic code.

Best regards,
Patrick

Rainer Gerhards wrote:
> Hi Patrick,
>
> this is part of the sysklogd legacy code. While there is no longer much
> of sysklogd in rsyslog, this part actually is. I need to figure out if
> you can turn it off, I remember to have added such an option.
>
> Rainer
>
>> -----Original Message-----
>> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
>> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
>> Sent: Wednesday, November 12, 2008 11:06 AM
>> To: rsyslog-users
>> Subject: [rsyslog] FQDN with rsyslogd
>>
> Dear Rainer,
>
> Have a look at online man doc, maybe it's outdated. I find one thing I
> really care about.
>
> ######################################################################
> If the remote host is located in the same domain as the host,
> rsyslogd is running on, only the simple hostname will be logged
> instead
> of the whole fqdn.
> ######################################################################
>
> Currently we are using rsyslog as client to send logs to central
> loghost, actually in the same domain. But I wanna need FQDN in logs,
> not
> simple hostname.
>
> How need I do?
>
> Many thanks,
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJG4zYkHhYtFevC+MRAhtxAKCFQABa96nbmKFTtrhNN1scqz769gCeLI+J
MHPb4zA20/cupkxuCL6uqQ4=
=TyV0
-----END PGP SIGNATURE-----
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: FQDN with rsyslogd [ In reply to ]
rgerhards at hq
Nov 13, 2008, 12:56 AM
Post #4 of 6 (5121 views)
Permalink
Hi Patrick,

the code in question is this:

http://git.adiscon.com/?p=rsyslog.git;a=blob;f=runtime/net.c;h=44c9008aac0efd70fdc385c0b1b5974d9913e573;hb=HEAD#l1171

doesn't look hard to add a global option to prevent it, I'll see when I
can do it. In the meantime, you can simply comment out the strip of the
local domain (line 1174 I guess, but you need to check if it works).

Rainer

On Thu, 2008-11-13 at 03:11 +0100, Patrick Shen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Rainer,
>
> I will appreciate if you could show me the magic code.
>
> Best regards,
> Patrick
>
> Rainer Gerhards wrote:
> > Hi Patrick,
> >
> > this is part of the sysklogd legacy code. While there is no longer much
> > of sysklogd in rsyslog, this part actually is. I need to figure out if
> > you can turn it off, I remember to have added such an option.
> >
> > Rainer
> >
> >> -----Original Message-----
> >> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> >> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
> >> Sent: Wednesday, November 12, 2008 11:06 AM
> >> To: rsyslog-users
> >> Subject: [rsyslog] FQDN with rsyslogd
> >>
> > Dear Rainer,
> >
> > Have a look at online man doc, maybe it's outdated. I find one thing I
> > really care about.
> >
> > ######################################################################
> > If the remote host is located in the same domain as the host,
> > rsyslogd is running on, only the simple hostname will be logged
> > instead
> > of the whole fqdn.
> > ######################################################################
> >
> > Currently we are using rsyslog as client to send logs to central
> > loghost, actually in the same domain. But I wanna need FQDN in logs,
> > not
> > simple hostname.
> >
> > How need I do?
> >
> > Many thanks,
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJG4zYkHhYtFevC+MRAhtxAKCFQABa96nbmKFTtrhNN1scqz769gCeLI+J
> MHPb4zA20/cupkxuCL6uqQ4=
> =TyV0
> -----END PGP SIGNATURE-----
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: FQDN with rsyslogd [ In reply to ]
patrick.shen at net-m
Nov 13, 2008, 6:48 PM
Post #5 of 6 (5115 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rainer,

It works. Thank you very much. But I also find an issue:

###################################################################
2008-11-14T03:32:47.137221+01:00 hydra-t kernel: imklog 3.18.4, log
source = /proc/kmsg started.
2008-11-14T03:32:47.137273+01:00 hydra-t rsyslogd: [origin
software="rsyslogd" swVersion="3.18.4" x-pid="651"
x-info="http://www.rsyslog.com"] restart
...
2008-11-14T03:34:51.680382+01:00 hydra-t.test.xxx.xxx MBG:
iris.tomcat20010 2008-11-14 03:34:51,679 [INFO] [main] [:] [] [] [] []
[] [] [] [] mbg.servlet.BillingGateway:
/opt/as/APP/mbg/WEB-INF/conf/MBGBillingProviderConfig.xml loaded
2008-11-14T03:34:51.785187+01:00 hydra-t.test.xxx.xxx MBG:
iris.tomcat20010 2008-11-14 03:34:51,784 [INFO] [main] [:] [] [] [] []
[] [] [] [] base.db.MBGCounterManager: Starting MBGCounterManager
[dataSourceName:jdbc/dataSource/factory]
2008-11-14T03:34:51.785724+01:00 hydra-t.test.xxx.xxx MBG:
iris.tomcat20010 2008-11-14 03:34:51,785 [INFO] [main] [:] [] [] [] []
[] [] [] [] mbg.servlet.BillingGateway: Initialization finish. Start
waiting for request ...
...
2008-11-14T03:37:15.555764+01:00 hydra-t snmpd[1699]: Connection from
UDP: [192.168.4.15]:34136
2008-11-14T03:37:15.555829+01:00 hydra-t snmpd[1699]: Received SNMP
packet(s) from UDP: [192.168.4.15]:34136
2008-11-14T03:37:16.357732+01:00 hydra-t snmpd[1699]: Connection from
UDP: [192.168.4.15]:34136
#####################################################################

We use "Log4j" to produce application(MBG) logs to hydra-t.test.xxx.xxx
(localhost) via TCP. Every line of them is tagged with
hydra-t.test.xxx.xxx. That's working after you show me the code.

But some other logs still use shortname of FQDN (hydra-t), like rsyslog
itself and snmpd.

Is it relative to $template in rsyslog config file? We use "$template
RSYSLOG_TraditionalForwardFormat" currently.

Many thanks,
Patrick


Rainer Gerhards wrote:
> Hi Patrick,
>
> the code in question is this:
>
> http://git.adiscon.com/?p=rsyslog.git;a=blob;f=runtime/net.c;h=44c9008aac0efd70fdc385c0b1b5974d9913e573;hb=HEAD#l1171
>
> doesn't look hard to add a global option to prevent it, I'll see when I
> can do it. In the meantime, you can simply comment out the strip of the
> local domain (line 1174 I guess, but you need to check if it works).
>
> Rainer
>
> On Thu, 2008-11-13 at 03:11 +0100, Patrick Shen wrote:
> Hi Rainer,
>
> I will appreciate if you could show me the magic code.
>
> Best regards,
> Patrick
>
> Rainer Gerhards wrote:
>>>> Hi Patrick,
>>>>
>>>> this is part of the sysklogd legacy code. While there is no longer much
>>>> of sysklogd in rsyslog, this part actually is. I need to figure out if
>>>> you can turn it off, I remember to have added such an option.
>>>>
>>>> Rainer
>>>>
>>>>> -----Original Message-----
>>>>> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
>>>>> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
>>>>> Sent: Wednesday, November 12, 2008 11:06 AM
>>>>> To: rsyslog-users
>>>>> Subject: [rsyslog] FQDN with rsyslogd
>>>>>
>>>> Dear Rainer,
>>>>
>>>> Have a look at online man doc, maybe it's outdated. I find one thing I
>>>> really care about.
>>>>
>>>> ######################################################################
>>>> If the remote host is located in the same domain as the host,
>>>> rsyslogd is running on, only the simple hostname will be logged
>>>> instead
>>>> of the whole fqdn.
>>>> ######################################################################
>>>>
>>>> Currently we are using rsyslog as client to send logs to central
>>>> loghost, actually in the same domain. But I wanna need FQDN in logs,
>>>> not
>>>> simple hostname.
>>>>
>>>> How need I do?
>>>>
>>>> Many thanks,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJHOcKkHhYtFevC+MRAjafAJ9aSXu91K9Hj6xj+tGs0SNWjk/vswCgiE9C
c6P4BTbHAnCa8+/hcw/MkGc=
=GeS4
-----END PGP SIGNATURE-----
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: FQDN with rsyslogd [ In reply to ]
rgerhards at hq
Nov 13, 2008, 11:24 PM
Post #6 of 6 (5118 views)
Permalink
Hi Patrick,

I think it would be good if you file a feature request in bugzilla. I
will try to have a look, but these messages (or more precisely
hostnames) stem back to some places where the hostname is generated. I
need to review the code more in-depth to see if there is one ultimate
place and, if not, if there is a reason for multiple places or if they
could be restructured to a single code module (very likely!).

There are many other things in the queue, but I'll check if that's
something easy to do to shuffle in between...

Rainer

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
> Sent: Friday, November 14, 2008 3:49 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] FQDN with rsyslogd
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Rainer,
>
> It works. Thank you very much. But I also find an issue:
>
> ###################################################################
> 2008-11-14T03:32:47.137221+01:00 hydra-t kernel: imklog 3.18.4, log
> source = /proc/kmsg started.
> 2008-11-14T03:32:47.137273+01:00 hydra-t rsyslogd: [origin
> software="rsyslogd" swVersion="3.18.4" x-pid="651"
> x-info="http://www.rsyslog.com"] restart
> ...
> 2008-11-14T03:34:51.680382+01:00 hydra-t.test.xxx.xxx MBG:
> iris.tomcat20010 2008-11-14 03:34:51,679 [INFO] [main] [:] [] [] [] []
> [] [] [] [] mbg.servlet.BillingGateway:
> /opt/as/APP/mbg/WEB-INF/conf/MBGBillingProviderConfig.xml loaded
> 2008-11-14T03:34:51.785187+01:00 hydra-t.test.xxx.xxx MBG:
> iris.tomcat20010 2008-11-14 03:34:51,784 [INFO] [main] [:] [] [] [] []
> [] [] [] [] base.db.MBGCounterManager: Starting MBGCounterManager
> [dataSourceName:jdbc/dataSource/factory]
> 2008-11-14T03:34:51.785724+01:00 hydra-t.test.xxx.xxx MBG:
> iris.tomcat20010 2008-11-14 03:34:51,785 [INFO] [main] [:] [] [] [] []
> [] [] [] [] mbg.servlet.BillingGateway: Initialization finish. Start
> waiting for request ...
> ...
> 2008-11-14T03:37:15.555764+01:00 hydra-t snmpd[1699]: Connection from
> UDP: [192.168.4.15]:34136
> 2008-11-14T03:37:15.555829+01:00 hydra-t snmpd[1699]: Received SNMP
> packet(s) from UDP: [192.168.4.15]:34136
> 2008-11-14T03:37:16.357732+01:00 hydra-t snmpd[1699]: Connection from
> UDP: [192.168.4.15]:34136
> #####################################################################
>
> We use "Log4j" to produce application(MBG) logs to
hydra-t.test.xxx.xxx
> (localhost) via TCP. Every line of them is tagged with
> hydra-t.test.xxx.xxx. That's working after you show me the code.
>
> But some other logs still use shortname of FQDN (hydra-t), like
rsyslog
> itself and snmpd.
>
> Is it relative to $template in rsyslog config file? We use "$template
> RSYSLOG_TraditionalForwardFormat" currently.
>
> Many thanks,
> Patrick
>
>
> Rainer Gerhards wrote:
> > Hi Patrick,
> >
> > the code in question is this:
> >
> >
>
http://git.adiscon.com/?p=rsyslog.git;a=blob;f=runtime/net.c;h=44c9008a
> ac0efd70fdc385c0b1b5974d9913e573;hb=HEAD#l1171
> >
> > doesn't look hard to add a global option to prevent it, I'll see
when
> I
> > can do it. In the meantime, you can simply comment out the strip of
> the
> > local domain (line 1174 I guess, but you need to check if it works).
> >
> > Rainer
> >
> > On Thu, 2008-11-13 at 03:11 +0100, Patrick Shen wrote:
> > Hi Rainer,
> >
> > I will appreciate if you could show me the magic code.
> >
> > Best regards,
> > Patrick
> >
> > Rainer Gerhards wrote:
> >>>> Hi Patrick,
> >>>>
> >>>> this is part of the sysklogd legacy code. While there is no
longer
> much
> >>>> of sysklogd in rsyslog, this part actually is. I need to figure
> out if
> >>>> you can turn it off, I remember to have added such an option.
> >>>>
> >>>> Rainer
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> >>>>> bounces@lists.adiscon.com] On Behalf Of Patrick Shen
> >>>>> Sent: Wednesday, November 12, 2008 11:06 AM
> >>>>> To: rsyslog-users
> >>>>> Subject: [rsyslog] FQDN with rsyslogd
> >>>>>
> >>>> Dear Rainer,
> >>>>
> >>>> Have a look at online man doc, maybe it's outdated. I find one
> thing I
> >>>> really care about.
> >>>>
> >>>>
> ######################################################################
> >>>> If the remote host is located in the same domain as the host,
> >>>> rsyslogd is running on, only the simple hostname will be logged
> >>>> instead
> >>>> of the whole fqdn.
> >>>>
> ######################################################################
> >>>>
> >>>> Currently we are using rsyslog as client to send logs to central
> >>>> loghost, actually in the same domain. But I wanna need FQDN in
> logs,
> >>>> not
> >>>> simple hostname.
> >>>>
> >>>> How need I do?
> >>>>
> >>>> Many thanks,
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJHOcKkHhYtFevC+MRAjafAJ9aSXu91K9Hj6xj+tGs0SNWjk/vswCgiE9C
> c6P4BTbHAnCa8+/hcw/MkGc=
> =GeS4
> -----END PGP SIGNATURE-----
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal