Mailing List Archive

[SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"?
I just rebuilt the Arm platform with GLibc and.... syslog is working.
So I will go and blame uclibc for the bug.

Thank you for getting me to look more closely (and pointing out that the
issue is that rsyslogd was not getting a valid hostname).

Thanks all!

-derek

On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> Good morning,
>
> Thank you for your help so far.
>
> I just wanted to add one more piece of data, on my other host (compiled in
> the same way from the same source in the same BuildRoot manner, but on a
> different platform), I get what I would expect:
>
> Debug line with all properties:
> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: 46,
> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd',
> PROCID: '-', MSGID: '-',
> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> $!:
> $.:
> $/:
>
> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> question is, what APIs are rsyslogd using to try to obtain this
> information? I can certainly compile additional test code and run it if
> necessary. I just find it odd that the *host* knows its name but rsyslogd
> can't figure it out?
>
> Actually, looking a little closer, I noticed that I'm using uclibc on the
> arm platform (the broken one), but glibc on the nios2. I wonder if this
> is the issue?
>
> -derek
>
> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>> As I said in my OP:
>>
>> # hostname
>> arm-host
>>
>> and from this query:
>>
>> # cat /etc/hosts
>> 127.0.0.1 localhost
>> 127.0.1.1 arm-host
>>
>>
>> However, as I also stated in my OP, I another another machine on a nios2
>> with the exact same configuration and there the log messages say the
>> correct hostname.
>>
>> -derek
>>
>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>> what is in /etc/hosts and what do you get if you run the command
>>> hostname?
>>>
>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>
>>> the log message you received (as seen by the rawmsg: section) does not
>>> provide a
>>> hostname (which could have been the problem)
>>>
>>> so based on this, the problem is with name resolution, which should
>>> start
>>> with
>>> /etc/hosts and hostname
>>>
>>> David Lang
>>>
>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>
>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>> From: Derek Atkins <derek@ihtfp.com>
>>>> To: David Lang <david@lang.hm>
>>>> Cc: rsyslog@lists.adiscon.com
>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>> "127.0.0.1"?
>>>>
>>>> Hi,
>>>>
>>>> Thank you for the quick response.
>>>>
>>>> The logging here is all done locally, and the issue is in EVERY log
>>>> message. The source is local (a call to vsyslog() in an application),
>>>> or
>>>> even just a call to "logger". Here is the resulting log message from
>>>> rsyslogd starting up:
>>>>
>>>> Debug line with all properties:
>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>> PROCID:
>>>> '-', MSGID: '-',
>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> $!:
>>>> $.:
>>>> $/:
>>>>
>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but
>>>> my
>>>> guess that's the problem?
>>>>
>>>> I can run the same config on the nios2 if you want to see what it
>>>> says,
>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>> "nios2"
>>>> instead of "127".
>>>>
>>>> The contents of /etc/hosts is effectively the same on both machines
>>>> (the
>>>> one that works correctly and this one).
>>>>
>>>> Thanks,
>>>>
>>>> -derek
>>>>
>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>> exactly what
>>>>> rsyslog is being sent for a problem message.
>>>>>
>>>>> David Lang
>>>>>
>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>
>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>> To: rsyslog@lists.adiscon.com
>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>> "127.0.0.1"?
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on two
>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>> great.
>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>> hostname
>>>>>> is
>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>> contains:
>>>>>>
>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> Notice the "127" in there? That's where the "hostname" is supposed
>>>>>> to
>>>>>> be.
>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>> would
>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>
>>>>>> # hostname
>>>>>> arm-host
>>>>>>
>>>>>> Moreover, if I compile and run the code to execute a
>>>>>> "gethostbyname()"
>>>>>> it
>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>> idea
>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>
>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>
>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> I'll say this is the same version of rsyslog on both systems, built
>>>>>> with
>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>> definitely the same run-time configurations.
>>>>>>
>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm not
>>>>>> sure
>>>>>> where else to look.
>>>>>>
>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Derek Atkins 617-623-3745
>> derek@ihtfp.com www.ihtfp.com
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
> --
> Derek Atkins 617-623-3745
> derek@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
I believe that rsyslog uses the gethostbyname() call to convert the IP to name

it would also be interesting to create a custom templete with %$myhostname% in
it and see what that returns.

I'm not sure if in this case, rsyslog is seeing that there is no hostname in the
message and using $myhostname (and that is wrong) or if it's trying to resolve
127.0.0.1 and that's failing (I suspect that it's the $myhostname that's wrong)

If we can identify what's happening, we can then try to create a fix. It would
be nice to support non-glibc builds

David Lang


On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:

> I just rebuilt the Arm platform with GLibc and.... syslog is working.
> So I will go and blame uclibc for the bug.
>
> Thank you for getting me to look more closely (and pointing out that the
> issue is that rsyslogd was not getting a valid hostname).
>
> Thanks all!
>
> -derek
>
> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>> Good morning,
>>
>> Thank you for your help so far.
>>
>> I just wanted to add one more piece of data, on my other host (compiled in
>> the same way from the same source in the same BuildRoot manner, but on a
>> different platform), I get what I would expect:
>>
>> Debug line with all properties:
>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: 46,
>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd',
>> PROCID: '-', MSGID: '-',
>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>> x-info="https://www.rsyslog.com"] start'
>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>> x-info="https://www.rsyslog.com"] start'
>> $!:
>> $.:
>> $/:
>>
>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>> question is, what APIs are rsyslogd using to try to obtain this
>> information? I can certainly compile additional test code and run it if
>> necessary. I just find it odd that the *host* knows its name but rsyslogd
>> can't figure it out?
>>
>> Actually, looking a little closer, I noticed that I'm using uclibc on the
>> arm platform (the broken one), but glibc on the nios2. I wonder if this
>> is the issue?
>>
>> -derek
>>
>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>> As I said in my OP:
>>>
>>> # hostname
>>> arm-host
>>>
>>> and from this query:
>>>
>>> # cat /etc/hosts
>>> 127.0.0.1 localhost
>>> 127.0.1.1 arm-host
>>>
>>>
>>> However, as I also stated in my OP, I another another machine on a nios2
>>> with the exact same configuration and there the log messages say the
>>> correct hostname.
>>>
>>> -derek
>>>
>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>> what is in /etc/hosts and what do you get if you run the command
>>>> hostname?
>>>>
>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>
>>>> the log message you received (as seen by the rawmsg: section) does not
>>>> provide a
>>>> hostname (which could have been the problem)
>>>>
>>>> so based on this, the problem is with name resolution, which should
>>>> start
>>>> with
>>>> /etc/hosts and hostname
>>>>
>>>> David Lang
>>>>
>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>
>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>> To: David Lang <david@lang.hm>
>>>>> Cc: rsyslog@lists.adiscon.com
>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>> "127.0.0.1"?
>>>>>
>>>>> Hi,
>>>>>
>>>>> Thank you for the quick response.
>>>>>
>>>>> The logging here is all done locally, and the issue is in EVERY log
>>>>> message. The source is local (a call to vsyslog() in an application),
>>>>> or
>>>>> even just a call to "logger". Here is the resulting log message from
>>>>> rsyslogd starting up:
>>>>>
>>>>> Debug line with all properties:
>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>> PROCID:
>>>>> '-', MSGID: '-',
>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>> x-info="https://www.rsyslog.com"] start'
>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>> x-info="https://www.rsyslog.com"] start'
>>>>> $!:
>>>>> $.:
>>>>> $/:
>>>>>
>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but
>>>>> my
>>>>> guess that's the problem?
>>>>>
>>>>> I can run the same config on the nios2 if you want to see what it
>>>>> says,
>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>> "nios2"
>>>>> instead of "127".
>>>>>
>>>>> The contents of /etc/hosts is effectively the same on both machines
>>>>> (the
>>>>> one that works correctly and this one).
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -derek
>>>>>
>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>>> exactly what
>>>>>> rsyslog is being sent for a problem message.
>>>>>>
>>>>>> David Lang
>>>>>>
>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>
>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>> "127.0.0.1"?
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on two
>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>> great.
>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>> hostname
>>>>>>> is
>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>> contains:
>>>>>>>
>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com"]
>>>>>>> start
>>>>>>>
>>>>>>> Notice the "127" in there? That's where the "hostname" is supposed
>>>>>>> to
>>>>>>> be.
>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>> would
>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>
>>>>>>> # hostname
>>>>>>> arm-host
>>>>>>>
>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>> "gethostbyname()"
>>>>>>> it
>>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>>> idea
>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>
>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>
>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>>> start
>>>>>>>
>>>>>>> I'll say this is the same version of rsyslog on both systems, built
>>>>>>> with
>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>> definitely the same run-time configurations.
>>>>>>>
>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm not
>>>>>>> sure
>>>>>>> where else to look.
>>>>>>>
>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> -derek
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Derek Atkins 617-623-3745
>>> derek@ihtfp.com www.ihtfp.com
>>> Computer and Internet Security Consultant
>>>
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>>
>>
>> --
>> Derek Atkins 617-623-3745
>> derek@ihtfp.com www.ihtfp.com
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
David,

I am happy to revert back to the uclibc installation and feed you data, if
you can give me what to copy-and-paste into my rsyslogd.conf file?

-derek

On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> I believe that rsyslog uses the gethostbyname() call to convert the IP to
> name
>
> it would also be interesting to create a custom templete with
> %$myhostname% in
> it and see what that returns.
>
> I'm not sure if in this case, rsyslog is seeing that there is no hostname
> in the
> message and using $myhostname (and that is wrong) or if it's trying to
> resolve
> 127.0.0.1 and that's failing (I suspect that it's the $myhostname that's
> wrong)
>
> If we can identify what's happening, we can then try to create a fix. It
> would
> be nice to support non-glibc builds
>
> David Lang
>
>
> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>
>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
>> So I will go and blame uclibc for the bug.
>>
>> Thank you for getting me to look more closely (and pointing out that the
>> issue is that rsyslogd was not getting a valid hostname).
>>
>> Thanks all!
>>
>> -derek
>>
>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>> Good morning,
>>>
>>> Thank you for your help so far.
>>>
>>> I just wanted to add one more piece of data, on my other host (compiled
>>> in
>>> the same way from the same source in the same BuildRoot manner, but on
>>> a
>>> different platform), I get what I would expect:
>>>
>>> Debug line with all properties:
>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
>>> 46,
>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>> 'rsyslogd',
>>> PROCID: '-', MSGID: '-',
>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>> x-info="https://www.rsyslog.com"] start'
>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>> x-info="https://www.rsyslog.com"] start'
>>> $!:
>>> $.:
>>> $/:
>>>
>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>>> question is, what APIs are rsyslogd using to try to obtain this
>>> information? I can certainly compile additional test code and run it
>>> if
>>> necessary. I just find it odd that the *host* knows its name but
>>> rsyslogd
>>> can't figure it out?
>>>
>>> Actually, looking a little closer, I noticed that I'm using uclibc on
>>> the
>>> arm platform (the broken one), but glibc on the nios2. I wonder if
>>> this
>>> is the issue?
>>>
>>> -derek
>>>
>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>> As I said in my OP:
>>>>
>>>> # hostname
>>>> arm-host
>>>>
>>>> and from this query:
>>>>
>>>> # cat /etc/hosts
>>>> 127.0.0.1 localhost
>>>> 127.0.1.1 arm-host
>>>>
>>>>
>>>> However, as I also stated in my OP, I another another machine on a
>>>> nios2
>>>> with the exact same configuration and there the log messages say the
>>>> correct hostname.
>>>>
>>>> -derek
>>>>
>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>> hostname?
>>>>>
>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>
>>>>> the log message you received (as seen by the rawmsg: section) does
>>>>> not
>>>>> provide a
>>>>> hostname (which could have been the problem)
>>>>>
>>>>> so based on this, the problem is with name resolution, which should
>>>>> start
>>>>> with
>>>>> /etc/hosts and hostname
>>>>>
>>>>> David Lang
>>>>>
>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>
>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>> To: David Lang <david@lang.hm>
>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>> "127.0.0.1"?
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Thank you for the quick response.
>>>>>>
>>>>>> The logging here is all done locally, and the issue is in EVERY log
>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>> application),
>>>>>> or
>>>>>> even just a call to "logger". Here is the resulting log message
>>>>>> from
>>>>>> rsyslogd starting up:
>>>>>>
>>>>>> Debug line with all properties:
>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>> PROCID:
>>>>>> '-', MSGID: '-',
>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>> x-pid="17368"
>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>> $!:
>>>>>> $.:
>>>>>> $/:
>>>>>>
>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
>>>>>> but
>>>>>> my
>>>>>> guess that's the problem?
>>>>>>
>>>>>> I can run the same config on the nios2 if you want to see what it
>>>>>> says,
>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>> "nios2"
>>>>>> instead of "127".
>>>>>>
>>>>>> The contents of /etc/hosts is effectively the same on both machines
>>>>>> (the
>>>>>> one that works correctly and this one).
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>>>> exactly what
>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>
>>>>>>> David Lang
>>>>>>>
>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>
>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>> "127.0.0.1"?
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
>>>>>>>> two
>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>>> great.
>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>>> hostname
>>>>>>>> is
>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>> contains:
>>>>>>>>
>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>> start
>>>>>>>>
>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>> supposed
>>>>>>>> to
>>>>>>>> be.
>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>>> would
>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>
>>>>>>>> # hostname
>>>>>>>> arm-host
>>>>>>>>
>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>> "gethostbyname()"
>>>>>>>> it
>>>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>>>> idea
>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>
>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>
>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>>>> start
>>>>>>>>
>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>> built
>>>>>>>> with
>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>>> definitely the same run-time configurations.
>>>>>>>>
>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
>>>>>>>> not
>>>>>>>> sure
>>>>>>>> where else to look.
>>>>>>>>
>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> -derek
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Derek Atkins 617-623-3745
>>>> derek@ihtfp.com www.ihtfp.com
>>>> Computer and Internet Security Consultant
>>>>
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>> myriad
>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>> DON'T LIKE THAT.
>>>>
>>>
>>>
>>> --
>>> Derek Atkins 617-623-3745
>>> derek@ihtfp.com www.ihtfp.com
>>> Computer and Internet Security Consultant
>>>
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>> myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>>
>>
>>
>


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
$template foo,"%$myhostname%/n"
/var/log/myhostname;foo

run this for a very short time as it will write a line to this file for every
log message that arrives :-)

David Lang

On Wed, 6 Oct 2021, Derek Atkins wrote:

> Date: Wed, 6 Oct 2021 13:45:56 -0400
> From: Derek Atkins <derek@ihtfp.com>
> To: David Lang <david@lang.hm>
> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> "127.0.0.1"?
>
> David,
>
> I am happy to revert back to the uclibc installation and feed you data, if
> you can give me what to copy-and-paste into my rsyslogd.conf file?
>
> -derek
>
> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>> I believe that rsyslog uses the gethostbyname() call to convert the IP to
>> name
>>
>> it would also be interesting to create a custom templete with
>> %$myhostname% in
>> it and see what that returns.
>>
>> I'm not sure if in this case, rsyslog is seeing that there is no hostname
>> in the
>> message and using $myhostname (and that is wrong) or if it's trying to
>> resolve
>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname that's
>> wrong)
>>
>> If we can identify what's happening, we can then try to create a fix. It
>> would
>> be nice to support non-glibc builds
>>
>> David Lang
>>
>>
>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>>
>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
>>> So I will go and blame uclibc for the bug.
>>>
>>> Thank you for getting me to look more closely (and pointing out that the
>>> issue is that rsyslogd was not getting a valid hostname).
>>>
>>> Thanks all!
>>>
>>> -derek
>>>
>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>>> Good morning,
>>>>
>>>> Thank you for your help so far.
>>>>
>>>> I just wanted to add one more piece of data, on my other host (compiled
>>>> in
>>>> the same way from the same source in the same BuildRoot manner, but on
>>>> a
>>>> different platform), I get what I would expect:
>>>>
>>>> Debug line with all properties:
>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
>>>> 46,
>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>>> 'rsyslogd',
>>>> PROCID: '-', MSGID: '-',
>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> $!:
>>>> $.:
>>>> $/:
>>>>
>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>>>> question is, what APIs are rsyslogd using to try to obtain this
>>>> information? I can certainly compile additional test code and run it
>>>> if
>>>> necessary. I just find it odd that the *host* knows its name but
>>>> rsyslogd
>>>> can't figure it out?
>>>>
>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
>>>> the
>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
>>>> this
>>>> is the issue?
>>>>
>>>> -derek
>>>>
>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>>> As I said in my OP:
>>>>>
>>>>> # hostname
>>>>> arm-host
>>>>>
>>>>> and from this query:
>>>>>
>>>>> # cat /etc/hosts
>>>>> 127.0.0.1 localhost
>>>>> 127.0.1.1 arm-host
>>>>>
>>>>>
>>>>> However, as I also stated in my OP, I another another machine on a
>>>>> nios2
>>>>> with the exact same configuration and there the log messages say the
>>>>> correct hostname.
>>>>>
>>>>> -derek
>>>>>
>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>>> hostname?
>>>>>>
>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>>
>>>>>> the log message you received (as seen by the rawmsg: section) does
>>>>>> not
>>>>>> provide a
>>>>>> hostname (which could have been the problem)
>>>>>>
>>>>>> so based on this, the problem is with name resolution, which should
>>>>>> start
>>>>>> with
>>>>>> /etc/hosts and hostname
>>>>>>
>>>>>> David Lang
>>>>>>
>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>>
>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>>> To: David Lang <david@lang.hm>
>>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>> "127.0.0.1"?
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Thank you for the quick response.
>>>>>>>
>>>>>>> The logging here is all done locally, and the issue is in EVERY log
>>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>>> application),
>>>>>>> or
>>>>>>> even just a call to "logger". Here is the resulting log message
>>>>>>> from
>>>>>>> rsyslogd starting up:
>>>>>>>
>>>>>>> Debug line with all properties:
>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>>> PROCID:
>>>>>>> '-', MSGID: '-',
>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>> x-pid="17368"
>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>> $!:
>>>>>>> $.:
>>>>>>> $/:
>>>>>>>
>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
>>>>>>> but
>>>>>>> my
>>>>>>> guess that's the problem?
>>>>>>>
>>>>>>> I can run the same config on the nios2 if you want to see what it
>>>>>>> says,
>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>>> "nios2"
>>>>>>> instead of "127".
>>>>>>>
>>>>>>> The contents of /etc/hosts is effectively the same on both machines
>>>>>>> (the
>>>>>>> one that works correctly and this one).
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> -derek
>>>>>>>
>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>>>>> exactly what
>>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>>
>>>>>>>> David Lang
>>>>>>>>
>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>>
>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>> "127.0.0.1"?
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
>>>>>>>>> two
>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>>>> great.
>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>>>> hostname
>>>>>>>>> is
>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>>> contains:
>>>>>>>>>
>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>> start
>>>>>>>>>
>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>>> supposed
>>>>>>>>> to
>>>>>>>>> be.
>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>>>> would
>>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>>
>>>>>>>>> # hostname
>>>>>>>>> arm-host
>>>>>>>>>
>>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>>> "gethostbyname()"
>>>>>>>>> it
>>>>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>>>>> idea
>>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>>
>>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>>
>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>>>>> start
>>>>>>>>>
>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>>> built
>>>>>>>>> with
>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>>>> definitely the same run-time configurations.
>>>>>>>>>
>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
>>>>>>>>> not
>>>>>>>>> sure
>>>>>>>>> where else to look.
>>>>>>>>>
>>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>>
>>>>>>>>> -derek
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Derek Atkins 617-623-3745
>>>>> derek@ihtfp.com www.ihtfp.com
>>>>> Computer and Internet Security Consultant
>>>>>
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>> myriad
>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>>> DON'T LIKE THAT.
>>>>>
>>>>
>>>>
>>>> --
>>>> Derek Atkins 617-623-3745
>>>> derek@ihtfp.com www.ihtfp.com
>>>> Computer and Internet Security Consultant
>>>>
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>> myriad
>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>> DON'T LIKE THAT.
>>>>
>>>
>>>
>>>
>>
>
>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
David,

# cat >> /etc/rsyslog.conf
$template foo,"%$myhostname%/n"
/var/log/myhostname;foo
# /etc/init.d/S01rsyslogd restart
Stopping rsyslogd: OK
Starting rsyslogd: OK
# tail /var/log/myhostname
127/n#

-derek

On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> $template foo,"%$myhostname%/n"
> /var/log/myhostname;foo
>
> run this for a very short time as it will write a line to this file for
> every
> log message that arrives :-)
>
> David Lang
>
> On Wed, 6 Oct 2021, Derek Atkins wrote:
>
>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>> From: Derek Atkins <derek@ihtfp.com>
>> To: David Lang <david@lang.hm>
>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
>> is
>> "127.0.0.1"?
>>
>> David,
>>
>> I am happy to revert back to the uclibc installation and feed you data,
>> if
>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>>
>> -derek
>>
>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
>>> to
>>> name
>>>
>>> it would also be interesting to create a custom templete with
>>> %$myhostname% in
>>> it and see what that returns.
>>>
>>> I'm not sure if in this case, rsyslog is seeing that there is no
>>> hostname
>>> in the
>>> message and using $myhostname (and that is wrong) or if it's trying to
>>> resolve
>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>>> that's
>>> wrong)
>>>
>>> If we can identify what's happening, we can then try to create a fix.
>>> It
>>> would
>>> be nice to support non-glibc builds
>>>
>>> David Lang
>>>
>>>
>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>>>
>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
>>>> So I will go and blame uclibc for the bug.
>>>>
>>>> Thank you for getting me to look more closely (and pointing out that
>>>> the
>>>> issue is that rsyslogd was not getting a valid hostname).
>>>>
>>>> Thanks all!
>>>>
>>>> -derek
>>>>
>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>>>> Good morning,
>>>>>
>>>>> Thank you for your help so far.
>>>>>
>>>>> I just wanted to add one more piece of data, on my other host
>>>>> (compiled
>>>>> in
>>>>> the same way from the same source in the same BuildRoot manner, but
>>>>> on
>>>>> a
>>>>> different platform), I get what I would expect:
>>>>>
>>>>> Debug line with all properties:
>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
>>>>> 46,
>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>>>> 'rsyslogd',
>>>>> PROCID: '-', MSGID: '-',
>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>> x-info="https://www.rsyslog.com"] start'
>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>> x-info="https://www.rsyslog.com"] start'
>>>>> $!:
>>>>> $.:
>>>>> $/:
>>>>>
>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>>>>> question is, what APIs are rsyslogd using to try to obtain this
>>>>> information? I can certainly compile additional test code and run it
>>>>> if
>>>>> necessary. I just find it odd that the *host* knows its name but
>>>>> rsyslogd
>>>>> can't figure it out?
>>>>>
>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
>>>>> the
>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
>>>>> this
>>>>> is the issue?
>>>>>
>>>>> -derek
>>>>>
>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>>>> As I said in my OP:
>>>>>>
>>>>>> # hostname
>>>>>> arm-host
>>>>>>
>>>>>> and from this query:
>>>>>>
>>>>>> # cat /etc/hosts
>>>>>> 127.0.0.1 localhost
>>>>>> 127.0.1.1 arm-host
>>>>>>
>>>>>>
>>>>>> However, as I also stated in my OP, I another another machine on a
>>>>>> nios2
>>>>>> with the exact same configuration and there the log messages say the
>>>>>> correct hostname.
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>>>> hostname?
>>>>>>>
>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>>>
>>>>>>> the log message you received (as seen by the rawmsg: section) does
>>>>>>> not
>>>>>>> provide a
>>>>>>> hostname (which could have been the problem)
>>>>>>>
>>>>>>> so based on this, the problem is with name resolution, which should
>>>>>>> start
>>>>>>> with
>>>>>>> /etc/hosts and hostname
>>>>>>>
>>>>>>> David Lang
>>>>>>>
>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>>>
>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>>>> To: David Lang <david@lang.hm>
>>>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>> "127.0.0.1"?
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Thank you for the quick response.
>>>>>>>>
>>>>>>>> The logging here is all done locally, and the issue is in EVERY
>>>>>>>> log
>>>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>>>> application),
>>>>>>>> or
>>>>>>>> even just a call to "logger". Here is the resulting log message
>>>>>>>> from
>>>>>>>> rsyslogd starting up:
>>>>>>>>
>>>>>>>> Debug line with all properties:
>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
>>>>>>>> 46,
>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>>>> PROCID:
>>>>>>>> '-', MSGID: '-',
>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>> x-pid="17368"
>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>> $!:
>>>>>>>> $.:
>>>>>>>> $/:
>>>>>>>>
>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
>>>>>>>> but
>>>>>>>> my
>>>>>>>> guess that's the problem?
>>>>>>>>
>>>>>>>> I can run the same config on the nios2 if you want to see what it
>>>>>>>> says,
>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>>>> "nios2"
>>>>>>>> instead of "127".
>>>>>>>>
>>>>>>>> The contents of /etc/hosts is effectively the same on both
>>>>>>>> machines
>>>>>>>> (the
>>>>>>>> one that works correctly and this one).
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> -derek
>>>>>>>>
>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
>>>>>>>>> see
>>>>>>>>> exactly what
>>>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>>>
>>>>>>>>> David Lang
>>>>>>>>>
>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>>>
>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
>>>>>>>>>> two
>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>>>>> great.
>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>>>>> hostname
>>>>>>>>>> is
>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>>>> contains:
>>>>>>>>>>
>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>> start
>>>>>>>>>>
>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>>>> supposed
>>>>>>>>>> to
>>>>>>>>>> be.
>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>>>>> would
>>>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>>>
>>>>>>>>>> # hostname
>>>>>>>>>> arm-host
>>>>>>>>>>
>>>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>>>> "gethostbyname()"
>>>>>>>>>> it
>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
>>>>>>>>>> the
>>>>>>>>>> idea
>>>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>>>
>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>>>
>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>> start
>>>>>>>>>>
>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>>>> built
>>>>>>>>>> with
>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>>>>> definitely the same run-time configurations.
>>>>>>>>>>
>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
>>>>>>>>>> not
>>>>>>>>>> sure
>>>>>>>>>> where else to look.
>>>>>>>>>>
>>>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> -derek
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Derek Atkins 617-623-3745
>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>> Computer and Internet Security Consultant
>>>>>>
>>>>>> _______________________________________________
>>>>>> rsyslog mailing list
>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>> http://www.rsyslog.com/professional-services/
>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>> myriad
>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>> you
>>>>>> DON'T LIKE THAT.
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Derek Atkins 617-623-3745
>>>>> derek@ihtfp.com www.ihtfp.com
>>>>> Computer and Internet Security Consultant
>>>>>
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>> myriad
>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>> you
>>>>> DON'T LIKE THAT.
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
ok, that confirms that the syscall to get the hostname isn't working

Rainer, what call do we make?

David Lang

On Wed, 6 Oct 2021, Derek Atkins wrote:

> Date: Wed, 6 Oct 2021 16:20:46 -0400
> From: Derek Atkins <derek@ihtfp.com>
> To: David Lang <david@lang.hm>
> Cc: rsyslog@lists.adiscon.com
> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> "127.0.0.1"?
>
> David,
>
> # cat >> /etc/rsyslog.conf
> $template foo,"%$myhostname%/n"
> /var/log/myhostname;foo
> # /etc/init.d/S01rsyslogd restart
> Stopping rsyslogd: OK
> Starting rsyslogd: OK
> # tail /var/log/myhostname
> 127/n#
>
> -derek
>
> On Wed, October 6, 2021 2:35 pm, David Lang wrote:
>> $template foo,"%$myhostname%/n"
>> /var/log/myhostname;foo
>>
>> run this for a very short time as it will write a line to this file for
>> every
>> log message that arrives :-)
>>
>> David Lang
>>
>> On Wed, 6 Oct 2021, Derek Atkins wrote:
>>
>>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>>> From: Derek Atkins <derek@ihtfp.com>
>>> To: David Lang <david@lang.hm>
>>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
>>> is
>>> "127.0.0.1"?
>>>
>>> David,
>>>
>>> I am happy to revert back to the uclibc installation and feed you data,
>>> if
>>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>>>
>>> -derek
>>>
>>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
>>>> to
>>>> name
>>>>
>>>> it would also be interesting to create a custom templete with
>>>> %$myhostname% in
>>>> it and see what that returns.
>>>>
>>>> I'm not sure if in this case, rsyslog is seeing that there is no
>>>> hostname
>>>> in the
>>>> message and using $myhostname (and that is wrong) or if it's trying to
>>>> resolve
>>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>>>> that's
>>>> wrong)
>>>>
>>>> If we can identify what's happening, we can then try to create a fix.
>>>> It
>>>> would
>>>> be nice to support non-glibc builds
>>>>
>>>> David Lang
>>>>
>>>>
>>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>
>>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
>>>>> So I will go and blame uclibc for the bug.
>>>>>
>>>>> Thank you for getting me to look more closely (and pointing out that
>>>>> the
>>>>> issue is that rsyslogd was not getting a valid hostname).
>>>>>
>>>>> Thanks all!
>>>>>
>>>>> -derek
>>>>>
>>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>>>>> Good morning,
>>>>>>
>>>>>> Thank you for your help so far.
>>>>>>
>>>>>> I just wanted to add one more piece of data, on my other host
>>>>>> (compiled
>>>>>> in
>>>>>> the same way from the same source in the same BuildRoot manner, but
>>>>>> on
>>>>>> a
>>>>>> different platform), I get what I would expect:
>>>>>>
>>>>>> Debug line with all properties:
>>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
>>>>>> 46,
>>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>>>>> 'rsyslogd',
>>>>>> PROCID: '-', MSGID: '-',
>>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>> $!:
>>>>>> $.:
>>>>>> $/:
>>>>>>
>>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>>>>>> question is, what APIs are rsyslogd using to try to obtain this
>>>>>> information? I can certainly compile additional test code and run it
>>>>>> if
>>>>>> necessary. I just find it odd that the *host* knows its name but
>>>>>> rsyslogd
>>>>>> can't figure it out?
>>>>>>
>>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
>>>>>> the
>>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
>>>>>> this
>>>>>> is the issue?
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>>>>> As I said in my OP:
>>>>>>>
>>>>>>> # hostname
>>>>>>> arm-host
>>>>>>>
>>>>>>> and from this query:
>>>>>>>
>>>>>>> # cat /etc/hosts
>>>>>>> 127.0.0.1 localhost
>>>>>>> 127.0.1.1 arm-host
>>>>>>>
>>>>>>>
>>>>>>> However, as I also stated in my OP, I another another machine on a
>>>>>>> nios2
>>>>>>> with the exact same configuration and there the log messages say the
>>>>>>> correct hostname.
>>>>>>>
>>>>>>> -derek
>>>>>>>
>>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>>>>> hostname?
>>>>>>>>
>>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>>>>
>>>>>>>> the log message you received (as seen by the rawmsg: section) does
>>>>>>>> not
>>>>>>>> provide a
>>>>>>>> hostname (which could have been the problem)
>>>>>>>>
>>>>>>>> so based on this, the problem is with name resolution, which should
>>>>>>>> start
>>>>>>>> with
>>>>>>>> /etc/hosts and hostname
>>>>>>>>
>>>>>>>> David Lang
>>>>>>>>
>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>>>>
>>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>>>>> To: David Lang <david@lang.hm>
>>>>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>> "127.0.0.1"?
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Thank you for the quick response.
>>>>>>>>>
>>>>>>>>> The logging here is all done locally, and the issue is in EVERY
>>>>>>>>> log
>>>>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>>>>> application),
>>>>>>>>> or
>>>>>>>>> even just a call to "logger". Here is the resulting log message
>>>>>>>>> from
>>>>>>>>> rsyslogd starting up:
>>>>>>>>>
>>>>>>>>> Debug line with all properties:
>>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
>>>>>>>>> 46,
>>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>>>>> PROCID:
>>>>>>>>> '-', MSGID: '-',
>>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>> x-pid="17368"
>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>> $!:
>>>>>>>>> $.:
>>>>>>>>> $/:
>>>>>>>>>
>>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
>>>>>>>>> but
>>>>>>>>> my
>>>>>>>>> guess that's the problem?
>>>>>>>>>
>>>>>>>>> I can run the same config on the nios2 if you want to see what it
>>>>>>>>> says,
>>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>>>>> "nios2"
>>>>>>>>> instead of "127".
>>>>>>>>>
>>>>>>>>> The contents of /etc/hosts is effectively the same on both
>>>>>>>>> machines
>>>>>>>>> (the
>>>>>>>>> one that works correctly and this one).
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> -derek
>>>>>>>>>
>>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
>>>>>>>>>> see
>>>>>>>>>> exactly what
>>>>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>>>>
>>>>>>>>>> David Lang
>>>>>>>>>>
>>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>>>>
>>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
>>>>>>>>>>> two
>>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>>>>>> great.
>>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>>>>>> hostname
>>>>>>>>>>> is
>>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>>>>> contains:
>>>>>>>>>>>
>>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>> start
>>>>>>>>>>>
>>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>>>>> supposed
>>>>>>>>>>> to
>>>>>>>>>>> be.
>>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>>>>>> would
>>>>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>>>>
>>>>>>>>>>> # hostname
>>>>>>>>>>> arm-host
>>>>>>>>>>>
>>>>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>>>>> "gethostbyname()"
>>>>>>>>>>> it
>>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
>>>>>>>>>>> the
>>>>>>>>>>> idea
>>>>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>>>>
>>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>>>>
>>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>> start
>>>>>>>>>>>
>>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>>>>> built
>>>>>>>>>>> with
>>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>>>>>> definitely the same run-time configurations.
>>>>>>>>>>>
>>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
>>>>>>>>>>> not
>>>>>>>>>>> sure
>>>>>>>>>>> where else to look.
>>>>>>>>>>>
>>>>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>>
>>>>>>>>>>> -derek
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Derek Atkins 617-623-3745
>>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>>> Computer and Internet Security Consultant
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> rsyslog mailing list
>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>>> http://www.rsyslog.com/professional-services/
>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>>> myriad
>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>>> you
>>>>>>> DON'T LIKE THAT.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Derek Atkins 617-623-3745
>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>> Computer and Internet Security Consultant
>>>>>>
>>>>>> _______________________________________________
>>>>>> rsyslog mailing list
>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>> http://www.rsyslog.com/professional-services/
>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>> myriad
>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>> you
>>>>>> DON'T LIKE THAT.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
try

hostname -f

that give the fully qualified hostname, it if returns 127.0.0.1 then somehow
that is getting set as the hostname and gethostname() is removing all after the
first '.', resulting in 127 that you are seeing

try setting the hostname

hostname name-you-want

then restart rsyslog and see if it finds the correct name (if so, this is a
problem in setting the name, not in rsyslog fetching the name)

David Lang


On Wed, 6 Oct 2021, David Lang
wrote:

> Date: Wed, 6 Oct 2021 15:06:04 -0700 (PDT)
> From: David Lang <david@lang.hm>
> To: Derek Atkins <derek@ihtfp.com>
> Cc: David Lang <david@lang.hm>, rsyslog@lists.adiscon.com
> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> "127.0.0.1"?
>
> ok, that confirms that the syscall to get the hostname isn't working
>
> Rainer, what call do we make?
>
> David Lang
>
> On Wed, 6 Oct 2021, Derek Atkins wrote:
>
>> Date: Wed, 6 Oct 2021 16:20:46 -0400
>> From: Derek Atkins <derek@ihtfp.com>
>> To: David Lang <david@lang.hm>
>> Cc: rsyslog@lists.adiscon.com
>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
>> "127.0.0.1"?
>>
>> David,
>>
>> # cat >> /etc/rsyslog.conf
>> $template foo,"%$myhostname%/n"
>> /var/log/myhostname;foo
>> # /etc/init.d/S01rsyslogd restart
>> Stopping rsyslogd: OK
>> Starting rsyslogd: OK
>> # tail /var/log/myhostname
>> 127/n#
>>
>> -derek
>>
>> On Wed, October 6, 2021 2:35 pm, David Lang wrote:
>>> $template foo,"%$myhostname%/n"
>>> /var/log/myhostname;foo
>>>
>>> run this for a very short time as it will write a line to this file for
>>> every
>>> log message that arrives :-)
>>>
>>> David Lang
>>>
>>> On Wed, 6 Oct 2021, Derek Atkins wrote:
>>>
>>>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>>>> From: Derek Atkins <derek@ihtfp.com>
>>>> To: David Lang <david@lang.hm>
>>>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
>>>> is
>>>> "127.0.0.1"?
>>>>
>>>> David,
>>>>
>>>> I am happy to revert back to the uclibc installation and feed you data,
>>>> if
>>>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>>>>
>>>> -derek
>>>>
>>>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>>>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
>>>>> to
>>>>> name
>>>>>
>>>>> it would also be interesting to create a custom templete with
>>>>> %$myhostname% in
>>>>> it and see what that returns.
>>>>>
>>>>> I'm not sure if in this case, rsyslog is seeing that there is no
>>>>> hostname
>>>>> in the
>>>>> message and using $myhostname (and that is wrong) or if it's trying to
>>>>> resolve
>>>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>>>>> that's
>>>>> wrong)
>>>>>
>>>>> If we can identify what's happening, we can then try to create a fix.
>>>>> It
>>>>> would
>>>>> be nice to support non-glibc builds
>>>>>
>>>>> David Lang
>>>>>
>>>>>
>>>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>
>>>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
>>>>>> So I will go and blame uclibc for the bug.
>>>>>>
>>>>>> Thank you for getting me to look more closely (and pointing out that
>>>>>> the
>>>>>> issue is that rsyslogd was not getting a valid hostname).
>>>>>>
>>>>>> Thanks all!
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>>>>>> Good morning,
>>>>>>>
>>>>>>> Thank you for your help so far.
>>>>>>>
>>>>>>> I just wanted to add one more piece of data, on my other host
>>>>>>> (compiled
>>>>>>> in
>>>>>>> the same way from the same source in the same BuildRoot manner, but
>>>>>>> on
>>>>>>> a
>>>>>>> different platform), I get what I would expect:
>>>>>>>
>>>>>>> Debug line with all properties:
>>>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
>>>>>>> 46,
>>>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>>>>>> 'rsyslogd',
>>>>>>> PROCID: '-', MSGID: '-',
>>>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>> $!:
>>>>>>> $.:
>>>>>>> $/:
>>>>>>>
>>>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
>>>>>>> question is, what APIs are rsyslogd using to try to obtain this
>>>>>>> information? I can certainly compile additional test code and run it
>>>>>>> if
>>>>>>> necessary. I just find it odd that the *host* knows its name but
>>>>>>> rsyslogd
>>>>>>> can't figure it out?
>>>>>>>
>>>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
>>>>>>> the
>>>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
>>>>>>> this
>>>>>>> is the issue?
>>>>>>>
>>>>>>> -derek
>>>>>>>
>>>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>>>>>> As I said in my OP:
>>>>>>>>
>>>>>>>> # hostname
>>>>>>>> arm-host
>>>>>>>>
>>>>>>>> and from this query:
>>>>>>>>
>>>>>>>> # cat /etc/hosts
>>>>>>>> 127.0.0.1 localhost
>>>>>>>> 127.0.1.1 arm-host
>>>>>>>>
>>>>>>>>
>>>>>>>> However, as I also stated in my OP, I another another machine on a
>>>>>>>> nios2
>>>>>>>> with the exact same configuration and there the log messages say the
>>>>>>>> correct hostname.
>>>>>>>>
>>>>>>>> -derek
>>>>>>>>
>>>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>>>>>> hostname?
>>>>>>>>>
>>>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>>>>>
>>>>>>>>> the log message you received (as seen by the rawmsg: section) does
>>>>>>>>> not
>>>>>>>>> provide a
>>>>>>>>> hostname (which could have been the problem)
>>>>>>>>>
>>>>>>>>> so based on this, the problem is with name resolution, which should
>>>>>>>>> start
>>>>>>>>> with
>>>>>>>>> /etc/hosts and hostname
>>>>>>>>>
>>>>>>>>> David Lang
>>>>>>>>>
>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>>>>>
>>>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>> To: David Lang <david@lang.hm>
>>>>>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Thank you for the quick response.
>>>>>>>>>>
>>>>>>>>>> The logging here is all done locally, and the issue is in EVERY
>>>>>>>>>> log
>>>>>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>>>>>> application),
>>>>>>>>>> or
>>>>>>>>>> even just a call to "logger". Here is the resulting log message
>>>>>>>>>> from
>>>>>>>>>> rsyslogd starting up:
>>>>>>>>>>
>>>>>>>>>> Debug line with all properties:
>>>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
>>>>>>>>>> 46,
>>>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>>>>>> PROCID:
>>>>>>>>>> '-', MSGID: '-',
>>>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>>> x-pid="17368"
>>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>>> $!:
>>>>>>>>>> $.:
>>>>>>>>>> $/:
>>>>>>>>>>
>>>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
>>>>>>>>>> but
>>>>>>>>>> my
>>>>>>>>>> guess that's the problem?
>>>>>>>>>>
>>>>>>>>>> I can run the same config on the nios2 if you want to see what it
>>>>>>>>>> says,
>>>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>>>>>> "nios2"
>>>>>>>>>> instead of "127".
>>>>>>>>>>
>>>>>>>>>> The contents of /etc/hosts is effectively the same on both
>>>>>>>>>> machines
>>>>>>>>>> (the
>>>>>>>>>> one that works correctly and this one).
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>>
>>>>>>>>>> -derek
>>>>>>>>>>
>>>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
>>>>>>>>>>> see
>>>>>>>>>>> exactly what
>>>>>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>>>>>
>>>>>>>>>>> David Lang
>>>>>>>>>>>
>>>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
>>>>>>>>>>>> two
>>>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>>>>>>>> great.
>>>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>>>>>>>> hostname
>>>>>>>>>>>> is
>>>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>>>>>> contains:
>>>>>>>>>>>>
>>>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>>> start
>>>>>>>>>>>>
>>>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>>>>>> supposed
>>>>>>>>>>>> to
>>>>>>>>>>>> be.
>>>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>>>>>>>> would
>>>>>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>>>>>
>>>>>>>>>>>> # hostname
>>>>>>>>>>>> arm-host
>>>>>>>>>>>>
>>>>>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>>>>>> "gethostbyname()"
>>>>>>>>>>>> it
>>>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
>>>>>>>>>>>> the
>>>>>>>>>>>> idea
>>>>>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>>>>>
>>>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>>>>>
>>>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>>> start
>>>>>>>>>>>>
>>>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>>>>>> built
>>>>>>>>>>>> with
>>>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>>>>>>>> definitely the same run-time configurations.
>>>>>>>>>>>>
>>>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
>>>>>>>>>>>> not
>>>>>>>>>>>> sure
>>>>>>>>>>>> where else to look.
>>>>>>>>>>>>
>>>>>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>
>>>>>>>>>>>> -derek
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Derek Atkins 617-623-3745
>>>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>>>> Computer and Internet Security Consultant
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> rsyslog mailing list
>>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>>>> http://www.rsyslog.com/professional-services/
>>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>>>> myriad
>>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>>>> you
>>>>>>>> DON'T LIKE THAT.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Derek Atkins 617-623-3745
>>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>>> Computer and Internet Security Consultant
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> rsyslog mailing list
>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>>> http://www.rsyslog.com/professional-services/
>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>>> myriad
>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>>> you
>>>>>>> DON'T LIKE THAT.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
David,

# hostname -f
arm-host
# hostname arm-host
# /etc/init.d/S01rsyslogd restart
Stopping rsyslogd: OK
Starting rsyslogd: OK
# tail /var/log/myhostname
127/n127/n#

So nope, didn't change anything.

-derek


On Wed, October 6, 2021 6:10 pm, David Lang wrote:
> try
>
> hostname -f
>
> that give the fully qualified hostname, it if returns 127.0.0.1 then
> somehow
> that is getting set as the hostname and gethostname() is removing all
> after the
> first '.', resulting in 127 that you are seeing
>
> try setting the hostname
>
> hostname name-you-want
>
> then restart rsyslog and see if it finds the correct name (if so, this is
> a
> problem in setting the name, not in rsyslog fetching the name)
>
> David Lang
>
>
> On Wed, 6 Oct 2021, David Lang
> wrote:
>
>> Date: Wed, 6 Oct 2021 15:06:04 -0700 (PDT)
>> From: David Lang <david@lang.hm>
>> To: Derek Atkins <derek@ihtfp.com>
>> Cc: David Lang <david@lang.hm>, rsyslog@lists.adiscon.com
>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
>> is
>> "127.0.0.1"?
>>
>> ok, that confirms that the syscall to get the hostname isn't working
>>
>> Rainer, what call do we make?
>>
>> David Lang
>>
>> On Wed, 6 Oct 2021, Derek Atkins wrote:
>>
>>> Date: Wed, 6 Oct 2021 16:20:46 -0400
>>> From: Derek Atkins <derek@ihtfp.com>
>>> To: David Lang <david@lang.hm>
>>> Cc: rsyslog@lists.adiscon.com
>>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>>> hostname is
>>> "127.0.0.1"?
>>>
>>> David,
>>>
>>> # cat >> /etc/rsyslog.conf
>>> $template foo,"%$myhostname%/n"
>>> /var/log/myhostname;foo
>>> # /etc/init.d/S01rsyslogd restart
>>> Stopping rsyslogd: OK
>>> Starting rsyslogd: OK
>>> # tail /var/log/myhostname
>>> 127/n#
>>>
>>> -derek
>>>
>>> On Wed, October 6, 2021 2:35 pm, David Lang wrote:
>>>> $template foo,"%$myhostname%/n"
>>>> /var/log/myhostname;foo
>>>>
>>>> run this for a very short time as it will write a line to this file
>>>> for
>>>> every
>>>> log message that arrives :-)
>>>>
>>>> David Lang
>>>>
>>>> On Wed, 6 Oct 2021, Derek Atkins wrote:
>>>>
>>>>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>> To: David Lang <david@lang.hm>
>>>>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>>>>> hostname
>>>>> is
>>>>> "127.0.0.1"?
>>>>>
>>>>> David,
>>>>>
>>>>> I am happy to revert back to the uclibc installation and feed you
>>>>> data,
>>>>> if
>>>>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>>>>>
>>>>> -derek
>>>>>
>>>>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>>>>>> I believe that rsyslog uses the gethostbyname() call to convert the
>>>>>> IP
>>>>>> to
>>>>>> name
>>>>>>
>>>>>> it would also be interesting to create a custom templete with
>>>>>> %$myhostname% in
>>>>>> it and see what that returns.
>>>>>>
>>>>>> I'm not sure if in this case, rsyslog is seeing that there is no
>>>>>> hostname
>>>>>> in the
>>>>>> message and using $myhostname (and that is wrong) or if it's trying
>>>>>> to
>>>>>> resolve
>>>>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>>>>>> that's
>>>>>> wrong)
>>>>>>
>>>>>> If we can identify what's happening, we can then try to create a
>>>>>> fix.
>>>>>> It
>>>>>> would
>>>>>> be nice to support non-glibc builds
>>>>>>
>>>>>> David Lang
>>>>>>
>>>>>>
>>>>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>
>>>>>>> I just rebuilt the Arm platform with GLibc and.... syslog is
>>>>>>> working.
>>>>>>> So I will go and blame uclibc for the bug.
>>>>>>>
>>>>>>> Thank you for getting me to look more closely (and pointing out
>>>>>>> that
>>>>>>> the
>>>>>>> issue is that rsyslogd was not getting a valid hostname).
>>>>>>>
>>>>>>> Thanks all!
>>>>>>>
>>>>>>> -derek
>>>>>>>
>>>>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>>>>>>>> Good morning,
>>>>>>>>
>>>>>>>> Thank you for your help so far.
>>>>>>>>
>>>>>>>> I just wanted to add one more piece of data, on my other host
>>>>>>>> (compiled
>>>>>>>> in
>>>>>>>> the same way from the same source in the same BuildRoot manner,
>>>>>>>> but
>>>>>>>> on
>>>>>>>> a
>>>>>>>> different platform), I get what I would expect:
>>>>>>>>
>>>>>>>> Debug line with all properties:
>>>>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2',
>>>>>>>> PRI:
>>>>>>>> 46,
>>>>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>>>>>>>> 'rsyslogd',
>>>>>>>> PROCID: '-', MSGID: '-',
>>>>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>> x-pid="1780"
>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>> $!:
>>>>>>>> $.:
>>>>>>>> $/:
>>>>>>>>
>>>>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess
>>>>>>>> my
>>>>>>>> question is, what APIs are rsyslogd using to try to obtain this
>>>>>>>> information? I can certainly compile additional test code and run
>>>>>>>> it
>>>>>>>> if
>>>>>>>> necessary. I just find it odd that the *host* knows its name but
>>>>>>>> rsyslogd
>>>>>>>> can't figure it out?
>>>>>>>>
>>>>>>>> Actually, looking a little closer, I noticed that I'm using uclibc
>>>>>>>> on
>>>>>>>> the
>>>>>>>> arm platform (the broken one), but glibc on the nios2. I wonder
>>>>>>>> if
>>>>>>>> this
>>>>>>>> is the issue?
>>>>>>>>
>>>>>>>> -derek
>>>>>>>>
>>>>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>>>>>>>>> As I said in my OP:
>>>>>>>>>
>>>>>>>>> # hostname
>>>>>>>>> arm-host
>>>>>>>>>
>>>>>>>>> and from this query:
>>>>>>>>>
>>>>>>>>> # cat /etc/hosts
>>>>>>>>> 127.0.0.1 localhost
>>>>>>>>> 127.0.1.1 arm-host
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> However, as I also stated in my OP, I another another machine on
>>>>>>>>> a
>>>>>>>>> nios2
>>>>>>>>> with the exact same configuration and there the log messages say
>>>>>>>>> the
>>>>>>>>> correct hostname.
>>>>>>>>>
>>>>>>>>> -derek
>>>>>>>>>
>>>>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>>>>>>>>> what is in /etc/hosts and what do you get if you run the command
>>>>>>>>>> hostname?
>>>>>>>>>>
>>>>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>>>>>>>>
>>>>>>>>>> the log message you received (as seen by the rawmsg: section)
>>>>>>>>>> does
>>>>>>>>>> not
>>>>>>>>>> provide a
>>>>>>>>>> hostname (which could have been the problem)
>>>>>>>>>>
>>>>>>>>>> so based on this, the problem is with name resolution, which
>>>>>>>>>> should
>>>>>>>>>> start
>>>>>>>>>> with
>>>>>>>>>> /etc/hosts and hostname
>>>>>>>>>>
>>>>>>>>>> David Lang
>>>>>>>>>>
>>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>>>>>>>>
>>>>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>>> To: David Lang <david@lang.hm>
>>>>>>>>>>> Cc: rsyslog@lists.adiscon.com
>>>>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> Thank you for the quick response.
>>>>>>>>>>>
>>>>>>>>>>> The logging here is all done locally, and the issue is in EVERY
>>>>>>>>>>> log
>>>>>>>>>>> message. The source is local (a call to vsyslog() in an
>>>>>>>>>>> application),
>>>>>>>>>>> or
>>>>>>>>>>> even just a call to "logger". Here is the resulting log
>>>>>>>>>>> message
>>>>>>>>>>> from
>>>>>>>>>>> rsyslogd starting up:
>>>>>>>>>>>
>>>>>>>>>>> Debug line with all properties:
>>>>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127',
>>>>>>>>>>> PRI:
>>>>>>>>>>> 46,
>>>>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>>>>>>>>> PROCID:
>>>>>>>>>>> '-', MSGID: '-',
>>>>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>>>> x-pid="17368"
>>>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog:
>>>>>>>>>>> [origin
>>>>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>>>>>>>>> x-info="https://www.rsyslog.com"] start'
>>>>>>>>>>> $!:
>>>>>>>>>>> $.:
>>>>>>>>>>> $/:
>>>>>>>>>>>
>>>>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from
>>>>>>>>>>> here,
>>>>>>>>>>> but
>>>>>>>>>>> my
>>>>>>>>>>> guess that's the problem?
>>>>>>>>>>>
>>>>>>>>>>> I can run the same config on the nios2 if you want to see what
>>>>>>>>>>> it
>>>>>>>>>>> says,
>>>>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>>>>>>>>> "nios2"
>>>>>>>>>>> instead of "127".
>>>>>>>>>>>
>>>>>>>>>>> The contents of /etc/hosts is effectively the same on both
>>>>>>>>>>> machines
>>>>>>>>>>> (the
>>>>>>>>>>> one that works correctly and this one).
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>>
>>>>>>>>>>> -derek
>>>>>>>>>>>
>>>>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we
>>>>>>>>>>>> can
>>>>>>>>>>>> see
>>>>>>>>>>>> exactly what
>>>>>>>>>>>> rsyslog is being sent for a problem message.
>>>>>>>>>>>>
>>>>>>>>>>>> David Lang
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>>>>>>>>> To: rsyslog@lists.adiscon.com
>>>>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>>>>>>>>> "127.0.0.1"?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it
>>>>>>>>>>>>> on
>>>>>>>>>>>>> two
>>>>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform
>>>>>>>>>>>>> works
>>>>>>>>>>>>> great.
>>>>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the
>>>>>>>>>>>>> local
>>>>>>>>>>>>> hostname
>>>>>>>>>>>>> is
>>>>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>>>>>>>>> contains:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>>>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>>>> start
>>>>>>>>>>>>>
>>>>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>>>>>>>>>>>>> supposed
>>>>>>>>>>>>> to
>>>>>>>>>>>>> be.
>>>>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address,
>>>>>>>>>>>>> that
>>>>>>>>>>>>> would
>>>>>>>>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>>>>>>>>
>>>>>>>>>>>>> # hostname
>>>>>>>>>>>>> arm-host
>>>>>>>>>>>>>
>>>>>>>>>>>>> Moreover, if I compile and run the code to execute a
>>>>>>>>>>>>> "gethostbyname()"
>>>>>>>>>>>>> it
>>>>>>>>>>>>> also returns "arm-host". So I have no idea where it's
>>>>>>>>>>>>> getting
>>>>>>>>>>>>> the
>>>>>>>>>>>>> idea
>>>>>>>>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>>>>>>>>>>>>> x-info="https://www.rsyslog.com"]
>>>>>>>>>>>>> start
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
>>>>>>>>>>>>> built
>>>>>>>>>>>>> with
>>>>>>>>>>>>> the same sources, and (ostensibly) with the same build-time,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> definitely the same run-time configurations.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and
>>>>>>>>>>>>> I'm
>>>>>>>>>>>>> not
>>>>>>>>>>>>> sure
>>>>>>>>>>>>> where else to look.
>>>>>>>>>>>>>
>>>>>>>>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>
>>>>>>>>>>>>> -derek
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Derek Atkins 617-623-3745
>>>>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>>>>> Computer and Internet Security Consultant
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> rsyslog mailing list
>>>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>>>>> http://www.rsyslog.com/professional-services/
>>>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>>>>> myriad
>>>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>>>>>>>>> if
>>>>>>>>> you
>>>>>>>>> DON'T LIKE THAT.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Derek Atkins 617-623-3745
>>>>>>>> derek@ihtfp.com www.ihtfp.com
>>>>>>>> Computer and Internet Security Consultant
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> rsyslog mailing list
>>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>>>>> http://www.rsyslog.com/professional-services/
>>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>>>>> myriad
>>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>>>>>>>> you
>>>>>>>> DON'T LIKE THAT.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
It is gethostname(). But depending on circumstances DNS is also
involved. In the sample here, "127.0.0.1" being returned, this should
not be the case.

The prime function used to get the local host name is:
https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166

HTH
Rainer

El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> ok, that confirms that the syscall to get the hostname isn't working
>
> Rainer, what call do we make?
>
> David Lang
>
> On Wed, 6 Oct 2021, Derek Atkins wrote:
>
> > Date: Wed, 6 Oct 2021 16:20:46 -0400
> > From: Derek Atkins <derek@ihtfp.com>
> > To: David Lang <david@lang.hm>
> > Cc: rsyslog@lists.adiscon.com
> > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> > "127.0.0.1"?
> >
> > David,
> >
> > # cat >> /etc/rsyslog.conf
> > $template foo,"%$myhostname%/n"
> > /var/log/myhostname;foo
> > # /etc/init.d/S01rsyslogd restart
> > Stopping rsyslogd: OK
> > Starting rsyslogd: OK
> > # tail /var/log/myhostname
> > 127/n#
> >
> > -derek
> >
> > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> >> $template foo,"%$myhostname%/n"
> >> /var/log/myhostname;foo
> >>
> >> run this for a very short time as it will write a line to this file for
> >> every
> >> log message that arrives :-)
> >>
> >> David Lang
> >>
> >> On Wed, 6 Oct 2021, Derek Atkins wrote:
> >>
> >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
> >>> From: Derek Atkins <derek@ihtfp.com>
> >>> To: David Lang <david@lang.hm>
> >>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
> >>> is
> >>> "127.0.0.1"?
> >>>
> >>> David,
> >>>
> >>> I am happy to revert back to the uclibc installation and feed you data,
> >>> if
> >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
> >>>
> >>> -derek
> >>>
> >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> >>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
> >>>> to
> >>>> name
> >>>>
> >>>> it would also be interesting to create a custom templete with
> >>>> %$myhostname% in
> >>>> it and see what that returns.
> >>>>
> >>>> I'm not sure if in this case, rsyslog is seeing that there is no
> >>>> hostname
> >>>> in the
> >>>> message and using $myhostname (and that is wrong) or if it's trying to
> >>>> resolve
> >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
> >>>> that's
> >>>> wrong)
> >>>>
> >>>> If we can identify what's happening, we can then try to create a fix.
> >>>> It
> >>>> would
> >>>> be nice to support non-glibc builds
> >>>>
> >>>> David Lang
> >>>>
> >>>>
> >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
> >>>>
> >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
> >>>>> So I will go and blame uclibc for the bug.
> >>>>>
> >>>>> Thank you for getting me to look more closely (and pointing out that
> >>>>> the
> >>>>> issue is that rsyslogd was not getting a valid hostname).
> >>>>>
> >>>>> Thanks all!
> >>>>>
> >>>>> -derek
> >>>>>
> >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> >>>>>> Good morning,
> >>>>>>
> >>>>>> Thank you for your help so far.
> >>>>>>
> >>>>>> I just wanted to add one more piece of data, on my other host
> >>>>>> (compiled
> >>>>>> in
> >>>>>> the same way from the same source in the same BuildRoot manner, but
> >>>>>> on
> >>>>>> a
> >>>>>> different platform), I get what I would expect:
> >>>>>>
> >>>>>> Debug line with all properties:
> >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
> >>>>>> 46,
> >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
> >>>>>> 'rsyslogd',
> >>>>>> PROCID: '-', MSGID: '-',
> >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> >>>>>> x-info="https://www.rsyslog.com"] start'
> >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> >>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
> >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> >>>>>> x-info="https://www.rsyslog.com"] start'
> >>>>>> $!:
> >>>>>> $.:
> >>>>>> $/:
> >>>>>>
> >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> >>>>>> question is, what APIs are rsyslogd using to try to obtain this
> >>>>>> information? I can certainly compile additional test code and run it
> >>>>>> if
> >>>>>> necessary. I just find it odd that the *host* knows its name but
> >>>>>> rsyslogd
> >>>>>> can't figure it out?
> >>>>>>
> >>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
> >>>>>> the
> >>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
> >>>>>> this
> >>>>>> is the issue?
> >>>>>>
> >>>>>> -derek
> >>>>>>
> >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
> >>>>>>> As I said in my OP:
> >>>>>>>
> >>>>>>> # hostname
> >>>>>>> arm-host
> >>>>>>>
> >>>>>>> and from this query:
> >>>>>>>
> >>>>>>> # cat /etc/hosts
> >>>>>>> 127.0.0.1 localhost
> >>>>>>> 127.0.1.1 arm-host
> >>>>>>>
> >>>>>>>
> >>>>>>> However, as I also stated in my OP, I another another machine on a
> >>>>>>> nios2
> >>>>>>> with the exact same configuration and there the log messages say the
> >>>>>>> correct hostname.
> >>>>>>>
> >>>>>>> -derek
> >>>>>>>
> >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
> >>>>>>>> what is in /etc/hosts and what do you get if you run the command
> >>>>>>>> hostname?
> >>>>>>>>
> >>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
> >>>>>>>>
> >>>>>>>> the log message you received (as seen by the rawmsg: section) does
> >>>>>>>> not
> >>>>>>>> provide a
> >>>>>>>> hostname (which could have been the problem)
> >>>>>>>>
> >>>>>>>> so based on this, the problem is with name resolution, which should
> >>>>>>>> start
> >>>>>>>> with
> >>>>>>>> /etc/hosts and hostname
> >>>>>>>>
> >>>>>>>> David Lang
> >>>>>>>>
> >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
> >>>>>>>>
> >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
> >>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
> >>>>>>>>> To: David Lang <david@lang.hm>
> >>>>>>>>> Cc: rsyslog@lists.adiscon.com
> >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
> >>>>>>>>> "127.0.0.1"?
> >>>>>>>>>
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>> Thank you for the quick response.
> >>>>>>>>>
> >>>>>>>>> The logging here is all done locally, and the issue is in EVERY
> >>>>>>>>> log
> >>>>>>>>> message. The source is local (a call to vsyslog() in an
> >>>>>>>>> application),
> >>>>>>>>> or
> >>>>>>>>> even just a call to "logger". Here is the resulting log message
> >>>>>>>>> from
> >>>>>>>>> rsyslogd starting up:
> >>>>>>>>>
> >>>>>>>>> Debug line with all properties:
> >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
> >>>>>>>>> 46,
> >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
> >>>>>>>>> PROCID:
> >>>>>>>>> '-', MSGID: '-',
> >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
> >>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> >>>>>>>>> x-pid="17368"
> >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> >>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
> >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
> >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
> >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> >>>>>>>>> $!:
> >>>>>>>>> $.:
> >>>>>>>>> $/:
> >>>>>>>>>
> >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
> >>>>>>>>> but
> >>>>>>>>> my
> >>>>>>>>> guess that's the problem?
> >>>>>>>>>
> >>>>>>>>> I can run the same config on the nios2 if you want to see what it
> >>>>>>>>> says,
> >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
> >>>>>>>>> "nios2"
> >>>>>>>>> instead of "127".
> >>>>>>>>>
> >>>>>>>>> The contents of /etc/hosts is effectively the same on both
> >>>>>>>>> machines
> >>>>>>>>> (the
> >>>>>>>>> one that works correctly and this one).
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>>
> >>>>>>>>> -derek
> >>>>>>>>>
> >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
> >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
> >>>>>>>>>> see
> >>>>>>>>>> exactly what
> >>>>>>>>>> rsyslog is being sent for a problem message.
> >>>>>>>>>>
> >>>>>>>>>> David Lang
> >>>>>>>>>>
> >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
> >>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> >>>>>>>>>>> To: rsyslog@lists.adiscon.com
> >>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
> >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
> >>>>>>>>>>> "127.0.0.1"?
> >>>>>>>>>>>
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
> >>>>>>>>>>> two
> >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
> >>>>>>>>>>> great.
> >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
> >>>>>>>>>>> hostname
> >>>>>>>>>>> is
> >>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
> >>>>>>>>>>> contains:
> >>>>>>>>>>>
> >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
> >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
> >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> >>>>>>>>>>> start
> >>>>>>>>>>>
> >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
> >>>>>>>>>>> supposed
> >>>>>>>>>>> to
> >>>>>>>>>>> be.
> >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
> >>>>>>>>>>> would
> >>>>>>>>>>> explain why this is doing that. But that's weird, because:
> >>>>>>>>>>>
> >>>>>>>>>>> # hostname
> >>>>>>>>>>> arm-host
> >>>>>>>>>>>
> >>>>>>>>>>> Moreover, if I compile and run the code to execute a
> >>>>>>>>>>> "gethostbyname()"
> >>>>>>>>>>> it
> >>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
> >>>>>>>>>>> the
> >>>>>>>>>>> idea
> >>>>>>>>>>> that the hostname/FQDN is an IP Address.
> >>>>>>>>>>>
> >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
> >>>>>>>>>>>
> >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
> >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
> >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> >>>>>>>>>>> start
> >>>>>>>>>>>
> >>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
> >>>>>>>>>>> built
> >>>>>>>>>>> with
> >>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
> >>>>>>>>>>> definitely the same run-time configurations.
> >>>>>>>>>>>
> >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
> >>>>>>>>>>> not
> >>>>>>>>>>> sure
> >>>>>>>>>>> where else to look.
> >>>>>>>>>>>
> >>>>>>>>>>> So I'm hoping you experts might be able to help me?
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks!
> >>>>>>>>>>>
> >>>>>>>>>>> -derek
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Derek Atkins 617-623-3745
> >>>>>>> derek@ihtfp.com www.ihtfp.com
> >>>>>>> Computer and Internet Security Consultant
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> rsyslog mailing list
> >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>>>>> http://www.rsyslog.com/professional-services/
> >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >>>>>>> myriad
> >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> >>>>>>> you
> >>>>>>> DON'T LIKE THAT.
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Derek Atkins 617-623-3745
> >>>>>> derek@ihtfp.com www.ihtfp.com
> >>>>>> Computer and Internet Security Consultant
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> rsyslog mailing list
> >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>>>> http://www.rsyslog.com/professional-services/
> >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >>>>>> myriad
> >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> >>>>>> you
> >>>>>> DON'T LIKE THAT.
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
ah, nah.. This could happen:

gethostname() returns "arm-host".

We see a non-FQDN, so it is not a "real" name and name resolution is
enabled. Then we call getaddrinfo("arm-host", ...), which seems to
return "127.0.0.1". This means the host "arm-host" is not properly
resolved. To prove this is the point, set hostname to
"arm-host.localhost" - due to the dot it now is a FQDN and so the name
resolution should not be done.

Rainer

El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
(<rgerhards@hq.adiscon.com>) escribió:
>
> It is gethostname(). But depending on circumstances DNS is also
> involved. In the sample here, "127.0.0.1" being returned, this should
> not be the case.
>
> The prime function used to get the local host name is:
> https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
>
> HTH
> Rainer
>
> El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
> (<rsyslog@lists.adiscon.com>) escribió:
> >
> > ok, that confirms that the syscall to get the hostname isn't working
> >
> > Rainer, what call do we make?
> >
> > David Lang
> >
> > On Wed, 6 Oct 2021, Derek Atkins wrote:
> >
> > > Date: Wed, 6 Oct 2021 16:20:46 -0400
> > > From: Derek Atkins <derek@ihtfp.com>
> > > To: David Lang <david@lang.hm>
> > > Cc: rsyslog@lists.adiscon.com
> > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> > > "127.0.0.1"?
> > >
> > > David,
> > >
> > > # cat >> /etc/rsyslog.conf
> > > $template foo,"%$myhostname%/n"
> > > /var/log/myhostname;foo
> > > # /etc/init.d/S01rsyslogd restart
> > > Stopping rsyslogd: OK
> > > Starting rsyslogd: OK
> > > # tail /var/log/myhostname
> > > 127/n#
> > >
> > > -derek
> > >
> > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> > >> $template foo,"%$myhostname%/n"
> > >> /var/log/myhostname;foo
> > >>
> > >> run this for a very short time as it will write a line to this file for
> > >> every
> > >> log message that arrives :-)
> > >>
> > >> David Lang
> > >>
> > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
> > >>
> > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
> > >>> From: Derek Atkins <derek@ihtfp.com>
> > >>> To: David Lang <david@lang.hm>
> > >>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
> > >>> is
> > >>> "127.0.0.1"?
> > >>>
> > >>> David,
> > >>>
> > >>> I am happy to revert back to the uclibc installation and feed you data,
> > >>> if
> > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
> > >>>
> > >>> -derek
> > >>>
> > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> > >>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
> > >>>> to
> > >>>> name
> > >>>>
> > >>>> it would also be interesting to create a custom templete with
> > >>>> %$myhostname% in
> > >>>> it and see what that returns.
> > >>>>
> > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
> > >>>> hostname
> > >>>> in the
> > >>>> message and using $myhostname (and that is wrong) or if it's trying to
> > >>>> resolve
> > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
> > >>>> that's
> > >>>> wrong)
> > >>>>
> > >>>> If we can identify what's happening, we can then try to create a fix.
> > >>>> It
> > >>>> would
> > >>>> be nice to support non-glibc builds
> > >>>>
> > >>>> David Lang
> > >>>>
> > >>>>
> > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
> > >>>>
> > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
> > >>>>> So I will go and blame uclibc for the bug.
> > >>>>>
> > >>>>> Thank you for getting me to look more closely (and pointing out that
> > >>>>> the
> > >>>>> issue is that rsyslogd was not getting a valid hostname).
> > >>>>>
> > >>>>> Thanks all!
> > >>>>>
> > >>>>> -derek
> > >>>>>
> > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> > >>>>>> Good morning,
> > >>>>>>
> > >>>>>> Thank you for your help so far.
> > >>>>>>
> > >>>>>> I just wanted to add one more piece of data, on my other host
> > >>>>>> (compiled
> > >>>>>> in
> > >>>>>> the same way from the same source in the same BuildRoot manner, but
> > >>>>>> on
> > >>>>>> a
> > >>>>>> different platform), I get what I would expect:
> > >>>>>>
> > >>>>>> Debug line with all properties:
> > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
> > >>>>>> 46,
> > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
> > >>>>>> 'rsyslogd',
> > >>>>>> PROCID: '-', MSGID: '-',
> > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > >>>>>> x-info="https://www.rsyslog.com"] start'
> > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [.origin
> > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > >>>>>> x-info="https://www.rsyslog.com"] start'
> > >>>>>> $!:
> > >>>>>> $.:
> > >>>>>> $/:
> > >>>>>>
> > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
> > >>>>>> information? I can certainly compile additional test code and run it
> > >>>>>> if
> > >>>>>> necessary. I just find it odd that the *host* knows its name but
> > >>>>>> rsyslogd
> > >>>>>> can't figure it out?
> > >>>>>>
> > >>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
> > >>>>>> the
> > >>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
> > >>>>>> this
> > >>>>>> is the issue?
> > >>>>>>
> > >>>>>> -derek
> > >>>>>>
> > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
> > >>>>>>> As I said in my OP:
> > >>>>>>>
> > >>>>>>> # hostname
> > >>>>>>> arm-host
> > >>>>>>>
> > >>>>>>> and from this query:
> > >>>>>>>
> > >>>>>>> # cat /etc/hosts
> > >>>>>>> 127.0.0.1 localhost
> > >>>>>>> 127.0.1.1 arm-host
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> However, as I also stated in my OP, I another another machine on a
> > >>>>>>> nios2
> > >>>>>>> with the exact same configuration and there the log messages say the
> > >>>>>>> correct hostname.
> > >>>>>>>
> > >>>>>>> -derek
> > >>>>>>>
> > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
> > >>>>>>>> what is in /etc/hosts and what do you get if you run the command
> > >>>>>>>> hostname?
> > >>>>>>>>
> > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
> > >>>>>>>>
> > >>>>>>>> the log message you received (as seen by the rawmsg: section) does
> > >>>>>>>> not
> > >>>>>>>> provide a
> > >>>>>>>> hostname (which could have been the problem)
> > >>>>>>>>
> > >>>>>>>> so based on this, the problem is with name resolution, which should
> > >>>>>>>> start
> > >>>>>>>> with
> > >>>>>>>> /etc/hosts and hostname
> > >>>>>>>>
> > >>>>>>>> David Lang
> > >>>>>>>>
> > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
> > >>>>>>>>
> > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
> > >>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
> > >>>>>>>>> To: David Lang <david@lang.hm>
> > >>>>>>>>> Cc: rsyslog@lists.adiscon.com
> > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
> > >>>>>>>>> "127.0.0.1"?
> > >>>>>>>>>
> > >>>>>>>>> Hi,
> > >>>>>>>>>
> > >>>>>>>>> Thank you for the quick response.
> > >>>>>>>>>
> > >>>>>>>>> The logging here is all done locally, and the issue is in EVERY
> > >>>>>>>>> log
> > >>>>>>>>> message. The source is local (a call to vsyslog() in an
> > >>>>>>>>> application),
> > >>>>>>>>> or
> > >>>>>>>>> even just a call to "logger". Here is the resulting log message
> > >>>>>>>>> from
> > >>>>>>>>> rsyslogd starting up:
> > >>>>>>>>>
> > >>>>>>>>> Debug line with all properties:
> > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
> > >>>>>>>>> 46,
> > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
> > >>>>>>>>> PROCID:
> > >>>>>>>>> '-', MSGID: '-',
> > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
> > >>>>>>>>> msg: ' [.origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>>>>> x-pid="17368"
> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> > >>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
> > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [.origin
> > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> > >>>>>>>>> $!:
> > >>>>>>>>> $.:
> > >>>>>>>>> $/:
> > >>>>>>>>>
> > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
> > >>>>>>>>> but
> > >>>>>>>>> my
> > >>>>>>>>> guess that's the problem?
> > >>>>>>>>>
> > >>>>>>>>> I can run the same config on the nios2 if you want to see what it
> > >>>>>>>>> says,
> > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
> > >>>>>>>>> "nios2"
> > >>>>>>>>> instead of "127".
> > >>>>>>>>>
> > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
> > >>>>>>>>> machines
> > >>>>>>>>> (the
> > >>>>>>>>> one that works correctly and this one).
> > >>>>>>>>>
> > >>>>>>>>> Thanks,
> > >>>>>>>>>
> > >>>>>>>>> -derek
> > >>>>>>>>>
> > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
> > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
> > >>>>>>>>>> see
> > >>>>>>>>>> exactly what
> > >>>>>>>>>> rsyslog is being sent for a problem message.
> > >>>>>>>>>>
> > >>>>>>>>>> David Lang
> > >>>>>>>>>>
> > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
> > >>>>>>>>>>
> > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
> > >>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> > >>>>>>>>>>> To: rsyslog@lists.adiscon.com
> > >>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
> > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
> > >>>>>>>>>>> "127.0.0.1"?
> > >>>>>>>>>>>
> > >>>>>>>>>>> Hi,
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
> > >>>>>>>>>>> two
> > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
> > >>>>>>>>>>> great.
> > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
> > >>>>>>>>>>> hostname
> > >>>>>>>>>>> is
> > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
> > >>>>>>>>>>> contains:
> > >>>>>>>>>>>
> > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [.origin software="rsyslogd"
> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> > >>>>>>>>>>> start
> > >>>>>>>>>>>
> > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
> > >>>>>>>>>>> supposed
> > >>>>>>>>>>> to
> > >>>>>>>>>>> be.
> > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
> > >>>>>>>>>>> would
> > >>>>>>>>>>> explain why this is doing that. But that's weird, because:
> > >>>>>>>>>>>
> > >>>>>>>>>>> # hostname
> > >>>>>>>>>>> arm-host
> > >>>>>>>>>>>
> > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
> > >>>>>>>>>>> "gethostbyname()"
> > >>>>>>>>>>> it
> > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
> > >>>>>>>>>>> the
> > >>>>>>>>>>> idea
> > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
> > >>>>>>>>>>>
> > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [.origin software="rsyslogd"
> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> > >>>>>>>>>>> start
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
> > >>>>>>>>>>> built
> > >>>>>>>>>>> with
> > >>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
> > >>>>>>>>>>> definitely the same run-time configurations.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
> > >>>>>>>>>>> not
> > >>>>>>>>>>> sure
> > >>>>>>>>>>> where else to look.
> > >>>>>>>>>>>
> > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
> > >>>>>>>>>>>
> > >>>>>>>>>>> Thanks!
> > >>>>>>>>>>>
> > >>>>>>>>>>> -derek
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> Derek Atkins 617-623-3745
> > >>>>>>> derek@ihtfp.com www.ihtfp.com
> > >>>>>>> Computer and Internet Security Consultant
> > >>>>>>>
> > >>>>>>> _______________________________________________
> > >>>>>>> rsyslog mailing list
> > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>>>> http://www.rsyslog.com/professional-services/
> > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > >>>>>>> myriad
> > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > >>>>>>> you
> > >>>>>>> DON'T LIKE THAT.
> > >>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>> Derek Atkins 617-623-3745
> > >>>>>> derek@ihtfp.com www.ihtfp.com
> > >>>>>> Computer and Internet Security Consultant
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> rsyslog mailing list
> > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>>> http://www.rsyslog.com/professional-services/
> > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > >>>>>> myriad
> > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > >>>>>> you
> > >>>>>> DON'T LIKE THAT.
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>
> > >
> > >
> > >
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
and another one: why do we do this? Far too many systems are called
"localhost" or some similar nonsense. So if we find indication this
system is not properly identifying itself, we ask the resolver for its
real name. Remember that a remote peer must be able to identify the
host based on the hostname field, and putting nonsense into it isn't
really helpful.

Rainer

El jue, 7 oct 2021 a las 14:22, Rainer Gerhards
(<rgerhards@hq.adiscon.com>) escribió:
>
> ah, nah.. This could happen:
>
> gethostname() returns "arm-host".
>
> We see a non-FQDN, so it is not a "real" name and name resolution is
> enabled. Then we call getaddrinfo("arm-host", ...), which seems to
> return "127.0.0.1". This means the host "arm-host" is not properly
> resolved. To prove this is the point, set hostname to
> "arm-host.localhost" - due to the dot it now is a FQDN and so the name
> resolution should not be done.
>
> Rainer
>
> El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
> (<rgerhards@hq.adiscon.com>) escribió:
> >
> > It is gethostname(). But depending on circumstances DNS is also
> > involved. In the sample here, "127.0.0.1" being returned, this should
> > not be the case.
> >
> > The prime function used to get the local host name is:
> > https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
> >
> > HTH
> > Rainer
> >
> > El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
> > (<rsyslog@lists.adiscon.com>) escribió:
> > >
> > > ok, that confirms that the syscall to get the hostname isn't working
> > >
> > > Rainer, what call do we make?
> > >
> > > David Lang
> > >
> > > On Wed, 6 Oct 2021, Derek Atkins wrote:
> > >
> > > > Date: Wed, 6 Oct 2021 16:20:46 -0400
> > > > From: Derek Atkins <derek@ihtfp.com>
> > > > To: David Lang <david@lang.hm>
> > > > Cc: rsyslog@lists.adiscon.com
> > > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname is
> > > > "127.0.0.1"?
> > > >
> > > > David,
> > > >
> > > > # cat >> /etc/rsyslog.conf
> > > > $template foo,"%$myhostname%/n"
> > > > /var/log/myhostname;foo
> > > > # /etc/init.d/S01rsyslogd restart
> > > > Stopping rsyslogd: OK
> > > > Starting rsyslogd: OK
> > > > # tail /var/log/myhostname
> > > > 127/n#
> > > >
> > > > -derek
> > > >
> > > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> > > >> $template foo,"%$myhostname%/n"
> > > >> /var/log/myhostname;foo
> > > >>
> > > >> run this for a very short time as it will write a line to this file for
> > > >> every
> > > >> log message that arrives :-)
> > > >>
> > > >> David Lang
> > > >>
> > > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
> > > >>
> > > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
> > > >>> From: Derek Atkins <derek@ihtfp.com>
> > > >>> To: David Lang <david@lang.hm>
> > > >>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> > > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
> > > >>> is
> > > >>> "127.0.0.1"?
> > > >>>
> > > >>> David,
> > > >>>
> > > >>> I am happy to revert back to the uclibc installation and feed you data,
> > > >>> if
> > > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
> > > >>>
> > > >>> -derek
> > > >>>
> > > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> > > >>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
> > > >>>> to
> > > >>>> name
> > > >>>>
> > > >>>> it would also be interesting to create a custom templete with
> > > >>>> %$myhostname% in
> > > >>>> it and see what that returns.
> > > >>>>
> > > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
> > > >>>> hostname
> > > >>>> in the
> > > >>>> message and using $myhostname (and that is wrong) or if it's trying to
> > > >>>> resolve
> > > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
> > > >>>> that's
> > > >>>> wrong)
> > > >>>>
> > > >>>> If we can identify what's happening, we can then try to create a fix.
> > > >>>> It
> > > >>>> would
> > > >>>> be nice to support non-glibc builds
> > > >>>>
> > > >>>> David Lang
> > > >>>>
> > > >>>>
> > > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
> > > >>>>
> > > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
> > > >>>>> So I will go and blame uclibc for the bug.
> > > >>>>>
> > > >>>>> Thank you for getting me to look more closely (and pointing out that
> > > >>>>> the
> > > >>>>> issue is that rsyslogd was not getting a valid hostname).
> > > >>>>>
> > > >>>>> Thanks all!
> > > >>>>>
> > > >>>>> -derek
> > > >>>>>
> > > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> > > >>>>>> Good morning,
> > > >>>>>>
> > > >>>>>> Thank you for your help so far.
> > > >>>>>>
> > > >>>>>> I just wanted to add one more piece of data, on my other host
> > > >>>>>> (compiled
> > > >>>>>> in
> > > >>>>>> the same way from the same source in the same BuildRoot manner, but
> > > >>>>>> on
> > > >>>>>> a
> > > >>>>>> different platform), I get what I would expect:
> > > >>>>>>
> > > >>>>>> Debug line with all properties:
> > > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
> > > >>>>>> 46,
> > > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
> > > >>>>>> 'rsyslogd',
> > > >>>>>> PROCID: '-', MSGID: '-',
> > > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> > > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > > >>>>>> x-info="https://www.rsyslog.com"] start'
> > > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> > > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [.origin
> > > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > > >>>>>> x-info="https://www.rsyslog.com"] start'
> > > >>>>>> $!:
> > > >>>>>> $.:
> > > >>>>>> $/:
> > > >>>>>>
> > > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> > > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
> > > >>>>>> information? I can certainly compile additional test code and run it
> > > >>>>>> if
> > > >>>>>> necessary. I just find it odd that the *host* knows its name but
> > > >>>>>> rsyslogd
> > > >>>>>> can't figure it out?
> > > >>>>>>
> > > >>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
> > > >>>>>> the
> > > >>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
> > > >>>>>> this
> > > >>>>>> is the issue?
> > > >>>>>>
> > > >>>>>> -derek
> > > >>>>>>
> > > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
> > > >>>>>>> As I said in my OP:
> > > >>>>>>>
> > > >>>>>>> # hostname
> > > >>>>>>> arm-host
> > > >>>>>>>
> > > >>>>>>> and from this query:
> > > >>>>>>>
> > > >>>>>>> # cat /etc/hosts
> > > >>>>>>> 127.0.0.1 localhost
> > > >>>>>>> 127.0.1.1 arm-host
> > > >>>>>>>
> > > >>>>>>>
> > > >>>>>>> However, as I also stated in my OP, I another another machine on a
> > > >>>>>>> nios2
> > > >>>>>>> with the exact same configuration and there the log messages say the
> > > >>>>>>> correct hostname.
> > > >>>>>>>
> > > >>>>>>> -derek
> > > >>>>>>>
> > > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
> > > >>>>>>>> what is in /etc/hosts and what do you get if you run the command
> > > >>>>>>>> hostname?
> > > >>>>>>>>
> > > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
> > > >>>>>>>>
> > > >>>>>>>> the log message you received (as seen by the rawmsg: section) does
> > > >>>>>>>> not
> > > >>>>>>>> provide a
> > > >>>>>>>> hostname (which could have been the problem)
> > > >>>>>>>>
> > > >>>>>>>> so based on this, the problem is with name resolution, which should
> > > >>>>>>>> start
> > > >>>>>>>> with
> > > >>>>>>>> /etc/hosts and hostname
> > > >>>>>>>>
> > > >>>>>>>> David Lang
> > > >>>>>>>>
> > > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
> > > >>>>>>>>
> > > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
> > > >>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
> > > >>>>>>>>> To: David Lang <david@lang.hm>
> > > >>>>>>>>> Cc: rsyslog@lists.adiscon.com
> > > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
> > > >>>>>>>>> "127.0.0.1"?
> > > >>>>>>>>>
> > > >>>>>>>>> Hi,
> > > >>>>>>>>>
> > > >>>>>>>>> Thank you for the quick response.
> > > >>>>>>>>>
> > > >>>>>>>>> The logging here is all done locally, and the issue is in EVERY
> > > >>>>>>>>> log
> > > >>>>>>>>> message. The source is local (a call to vsyslog() in an
> > > >>>>>>>>> application),
> > > >>>>>>>>> or
> > > >>>>>>>>> even just a call to "logger". Here is the resulting log message
> > > >>>>>>>>> from
> > > >>>>>>>>> rsyslogd starting up:
> > > >>>>>>>>>
> > > >>>>>>>>> Debug line with all properties:
> > > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
> > > >>>>>>>>> 46,
> > > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
> > > >>>>>>>>> PROCID:
> > > >>>>>>>>> '-', MSGID: '-',
> > > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
> > > >>>>>>>>> msg: ' [.origin software="rsyslogd" swVersion="8.2010.0"
> > > >>>>>>>>> x-pid="17368"
> > > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> > > >>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
> > > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [.origin
> > > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
> > > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> > > >>>>>>>>> $!:
> > > >>>>>>>>> $.:
> > > >>>>>>>>> $/:
> > > >>>>>>>>>
> > > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
> > > >>>>>>>>> but
> > > >>>>>>>>> my
> > > >>>>>>>>> guess that's the problem?
> > > >>>>>>>>>
> > > >>>>>>>>> I can run the same config on the nios2 if you want to see what it
> > > >>>>>>>>> says,
> > > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
> > > >>>>>>>>> "nios2"
> > > >>>>>>>>> instead of "127".
> > > >>>>>>>>>
> > > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
> > > >>>>>>>>> machines
> > > >>>>>>>>> (the
> > > >>>>>>>>> one that works correctly and this one).
> > > >>>>>>>>>
> > > >>>>>>>>> Thanks,
> > > >>>>>>>>>
> > > >>>>>>>>> -derek
> > > >>>>>>>>>
> > > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
> > > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
> > > >>>>>>>>>> see
> > > >>>>>>>>>> exactly what
> > > >>>>>>>>>> rsyslog is being sent for a problem message.
> > > >>>>>>>>>>
> > > >>>>>>>>>> David Lang
> > > >>>>>>>>>>
> > > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
> > > >>>>>>>>>>
> > > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
> > > >>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> > > >>>>>>>>>>> To: rsyslog@lists.adiscon.com
> > > >>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
> > > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
> > > >>>>>>>>>>> "127.0.0.1"?
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Hi,
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
> > > >>>>>>>>>>> two
> > > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
> > > >>>>>>>>>>> great.
> > > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
> > > >>>>>>>>>>> hostname
> > > >>>>>>>>>>> is
> > > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
> > > >>>>>>>>>>> contains:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [.origin software="rsyslogd"
> > > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
> > > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> > > >>>>>>>>>>> start
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
> > > >>>>>>>>>>> supposed
> > > >>>>>>>>>>> to
> > > >>>>>>>>>>> be.
> > > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
> > > >>>>>>>>>>> would
> > > >>>>>>>>>>> explain why this is doing that. But that's weird, because:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> # hostname
> > > >>>>>>>>>>> arm-host
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
> > > >>>>>>>>>>> "gethostbyname()"
> > > >>>>>>>>>>> it
> > > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
> > > >>>>>>>>>>> the
> > > >>>>>>>>>>> idea
> > > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [.origin software="rsyslogd"
> > > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
> > > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> > > >>>>>>>>>>> start
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
> > > >>>>>>>>>>> built
> > > >>>>>>>>>>> with
> > > >>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
> > > >>>>>>>>>>> definitely the same run-time configurations.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
> > > >>>>>>>>>>> not
> > > >>>>>>>>>>> sure
> > > >>>>>>>>>>> where else to look.
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Thanks!
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> -derek
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>
> > > >>>>>>>
> > > >>>>>>> --
> > > >>>>>>> Derek Atkins 617-623-3745
> > > >>>>>>> derek@ihtfp.com www.ihtfp.com
> > > >>>>>>> Computer and Internet Security Consultant
> > > >>>>>>>
> > > >>>>>>> _______________________________________________
> > > >>>>>>> rsyslog mailing list
> > > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > >>>>>>> http://www.rsyslog.com/professional-services/
> > > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > >>>>>>> myriad
> > > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > > >>>>>>> you
> > > >>>>>>> DON'T LIKE THAT.
> > > >>>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>> --
> > > >>>>>> Derek Atkins 617-623-3745
> > > >>>>>> derek@ihtfp.com www.ihtfp.com
> > > >>>>>> Computer and Internet Security Consultant
> > > >>>>>>
> > > >>>>>> _______________________________________________
> > > >>>>>> rsyslog mailing list
> > > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > >>>>>> http://www.rsyslog.com/professional-services/
> > > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > >>>>>> myriad
> > > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > > >>>>>> you
> > > >>>>>> DON'T LIKE THAT.
> > > >>>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>
> > > >>>
> > > >>>
> > > >>
> > > >
> > > >
> > > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
Good morning,

Indeed, this is what appears to be the case.

# hostname arm-host.local
# /etc/init.d/S01rsyslogd restart
Stopping rsyslogd: OK
Starting rsyslogd: OK
# tail /var/log/myhostname
127/n127/arm-host/n#

So now the question is why getddrinfo() is returning the wrong info?

-derek

On Thu, October 7, 2021 8:22 am, Rainer Gerhards wrote:
> ah, nah.. This could happen:
>
> gethostname() returns "arm-host".
>
> We see a non-FQDN, so it is not a "real" name and name resolution is
> enabled. Then we call getaddrinfo("arm-host", ...), which seems to
> return "127.0.0.1". This means the host "arm-host" is not properly
> resolved. To prove this is the point, set hostname to
> "arm-host.localhost" - due to the dot it now is a FQDN and so the name
> resolution should not be done.
>
> Rainer
>
> El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
> (<rgerhards@hq.adiscon.com>) escribió:
>>
>> It is gethostname(). But depending on circumstances DNS is also
>> involved. In the sample here, "127.0.0.1" being returned, this should
>> not be the case.
>>
>> The prime function used to get the local host name is:
>> https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
>>
>> HTH
>> Rainer
>>
>> El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
>> (<rsyslog@lists.adiscon.com>) escribió:
>> >
>> > ok, that confirms that the syscall to get the hostname isn't working
>> >
>> > Rainer, what call do we make?
>> >
>> > David Lang
>> >
>> > On Wed, 6 Oct 2021, Derek Atkins wrote:
>> >
>> > > Date: Wed, 6 Oct 2021 16:20:46 -0400
>> > > From: Derek Atkins <derek@ihtfp.com>
>> > > To: David Lang <david@lang.hm>
>> > > Cc: rsyslog@lists.adiscon.com
>> > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>> hostname is
>> > > "127.0.0.1"?
>> > >
>> > > David,
>> > >
>> > > # cat >> /etc/rsyslog.conf
>> > > $template foo,"%$myhostname%/n"
>> > > /var/log/myhostname;foo
>> > > # /etc/init.d/S01rsyslogd restart
>> > > Stopping rsyslogd: OK
>> > > Starting rsyslogd: OK
>> > > # tail /var/log/myhostname
>> > > 127/n#
>> > >
>> > > -derek
>> > >
>> > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
>> > >> $template foo,"%$myhostname%/n"
>> > >> /var/log/myhostname;foo
>> > >>
>> > >> run this for a very short time as it will write a line to this file
>> for
>> > >> every
>> > >> log message that arrives :-)
>> > >>
>> > >> David Lang
>> > >>
>> > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
>> > >>
>> > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>> > >>> From: Derek Atkins <derek@ihtfp.com>
>> > >>> To: David Lang <david@lang.hm>
>> > >>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>> > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>> hostname
>> > >>> is
>> > >>> "127.0.0.1"?
>> > >>>
>> > >>> David,
>> > >>>
>> > >>> I am happy to revert back to the uclibc installation and feed you
>> data,
>> > >>> if
>> > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>> > >>>
>> > >>> -derek
>> > >>>
>> > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>> > >>>> I believe that rsyslog uses the gethostbyname() call to convert
>> the IP
>> > >>>> to
>> > >>>> name
>> > >>>>
>> > >>>> it would also be interesting to create a custom templete with
>> > >>>> %$myhostname% in
>> > >>>> it and see what that returns.
>> > >>>>
>> > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
>> > >>>> hostname
>> > >>>> in the
>> > >>>> message and using $myhostname (and that is wrong) or if it's
>> trying to
>> > >>>> resolve
>> > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>> > >>>> that's
>> > >>>> wrong)
>> > >>>>
>> > >>>> If we can identify what's happening, we can then try to create a
>> fix.
>> > >>>> It
>> > >>>> would
>> > >>>> be nice to support non-glibc builds
>> > >>>>
>> > >>>> David Lang
>> > >>>>
>> > >>>>
>> > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>> > >>>>
>> > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is
>> working.
>> > >>>>> So I will go and blame uclibc for the bug.
>> > >>>>>
>> > >>>>> Thank you for getting me to look more closely (and pointing out
>> that
>> > >>>>> the
>> > >>>>> issue is that rsyslogd was not getting a valid hostname).
>> > >>>>>
>> > >>>>> Thanks all!
>> > >>>>>
>> > >>>>> -derek
>> > >>>>>
>> > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>> > >>>>>> Good morning,
>> > >>>>>>
>> > >>>>>> Thank you for your help so far.
>> > >>>>>>
>> > >>>>>> I just wanted to add one more piece of data, on my other host
>> > >>>>>> (compiled
>> > >>>>>> in
>> > >>>>>> the same way from the same source in the same BuildRoot manner,
>> but
>> > >>>>>> on
>> > >>>>>> a
>> > >>>>>> different platform), I get what I would expect:
>> > >>>>>>
>> > >>>>>> Debug line with all properties:
>> > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2',
>> PRI:
>> > >>>>>> 46,
>> > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>> > >>>>>> 'rsyslogd',
>> > >>>>>> PROCID: '-', MSGID: '-',
>> > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>> > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> x-pid="1780"
>> > >>>>>> x-info="https://www.rsyslog.com"] start'
>> > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
>> > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd:
>> [origin
>> > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>> > >>>>>> x-info="https://www.rsyslog.com"] start'
>> > >>>>>> $!:
>> > >>>>>> $.:
>> > >>>>>> $/:
>> > >>>>>>
>> > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I
>> guess my
>> > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
>> > >>>>>> information? I can certainly compile additional test code and
>> run it
>> > >>>>>> if
>> > >>>>>> necessary. I just find it odd that the *host* knows its name
>> but
>> > >>>>>> rsyslogd
>> > >>>>>> can't figure it out?
>> > >>>>>>
>> > >>>>>> Actually, looking a little closer, I noticed that I'm using
>> uclibc on
>> > >>>>>> the
>> > >>>>>> arm platform (the broken one), but glibc on the nios2. I
>> wonder if
>> > >>>>>> this
>> > >>>>>> is the issue?
>> > >>>>>>
>> > >>>>>> -derek
>> > >>>>>>
>> > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog
>> wrote:
>> > >>>>>>> As I said in my OP:
>> > >>>>>>>
>> > >>>>>>> # hostname
>> > >>>>>>> arm-host
>> > >>>>>>>
>> > >>>>>>> and from this query:
>> > >>>>>>>
>> > >>>>>>> # cat /etc/hosts
>> > >>>>>>> 127.0.0.1 localhost
>> > >>>>>>> 127.0.1.1 arm-host
>> > >>>>>>>
>> > >>>>>>>
>> > >>>>>>> However, as I also stated in my OP, I another another machine
>> on a
>> > >>>>>>> nios2
>> > >>>>>>> with the exact same configuration and there the log messages
>> say the
>> > >>>>>>> correct hostname.
>> > >>>>>>>
>> > >>>>>>> -derek
>> > >>>>>>>
>> > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>> > >>>>>>>> what is in /etc/hosts and what do you get if you run the
>> command
>> > >>>>>>>> hostname?
>> > >>>>>>>>
>> > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the
>> fromhost-ip
>> > >>>>>>>>
>> > >>>>>>>> the log message you received (as seen by the rawmsg: section)
>> does
>> > >>>>>>>> not
>> > >>>>>>>> provide a
>> > >>>>>>>> hostname (which could have been the problem)
>> > >>>>>>>>
>> > >>>>>>>> so based on this, the problem is with name resolution, which
>> should
>> > >>>>>>>> start
>> > >>>>>>>> with
>> > >>>>>>>> /etc/hosts and hostname
>> > >>>>>>>>
>> > >>>>>>>> David Lang
>> > >>>>>>>>
>> > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>> > >>>>>>>>
>> > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>> > >>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
>> > >>>>>>>>> To: David Lang <david@lang.hm>
>> > >>>>>>>>> Cc: rsyslog@lists.adiscon.com
>> > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname
>> is
>> > >>>>>>>>> "127.0.0.1"?
>> > >>>>>>>>>
>> > >>>>>>>>> Hi,
>> > >>>>>>>>>
>> > >>>>>>>>> Thank you for the quick response.
>> > >>>>>>>>>
>> > >>>>>>>>> The logging here is all done locally, and the issue is in
>> EVERY
>> > >>>>>>>>> log
>> > >>>>>>>>> message. The source is local (a call to vsyslog() in an
>> > >>>>>>>>> application),
>> > >>>>>>>>> or
>> > >>>>>>>>> even just a call to "logger". Here is the resulting log
>> message
>> > >>>>>>>>> from
>> > >>>>>>>>> rsyslogd starting up:
>> > >>>>>>>>>
>> > >>>>>>>>> Debug line with all properties:
>> > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127',
>> PRI:
>> > >>>>>>>>> 46,
>> > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME:
>> 'syslog',
>> > >>>>>>>>> PROCID:
>> > >>>>>>>>> '-', MSGID: '-',
>> > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>> > >>>>>>>>> msg: ' [.origin software="rsyslogd" swVersion="8.2010.0"
>> > >>>>>>>>> x-pid="17368"
>> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
>> > >>>>>>>>> escaped msg: ' [origin software="rsyslogd"
>> swVersion="8.2010.0"
>> > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>> > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog:
>> [origin
>> > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
>> > >>>>>>>>> $!:
>> > >>>>>>>>> $.:
>> > >>>>>>>>> $/:
>> > >>>>>>>>>
>> > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from
>> here,
>> > >>>>>>>>> but
>> > >>>>>>>>> my
>> > >>>>>>>>> guess that's the problem?
>> > >>>>>>>>>
>> > >>>>>>>>> I can run the same config on the nios2 if you want to see
>> what it
>> > >>>>>>>>> says,
>> > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both
>> be
>> > >>>>>>>>> "nios2"
>> > >>>>>>>>> instead of "127".
>> > >>>>>>>>>
>> > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
>> > >>>>>>>>> machines
>> > >>>>>>>>> (the
>> > >>>>>>>>> one that works correctly and this one).
>> > >>>>>>>>>
>> > >>>>>>>>> Thanks,
>> > >>>>>>>>>
>> > >>>>>>>>> -derek
>> > >>>>>>>>>
>> > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>> > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we
>> can
>> > >>>>>>>>>> see
>> > >>>>>>>>>> exactly what
>> > >>>>>>>>>> rsyslog is being sent for a problem message.
>> > >>>>>>>>>>
>> > >>>>>>>>>> David Lang
>> > >>>>>>>>>>
>> > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>> > >>>>>>>>>>
>> > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>> > >>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>> > >>>>>>>>>>> To: rsyslog@lists.adiscon.com
>> > >>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>> > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>> > >>>>>>>>>>> "127.0.0.1"?
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Hi,
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built
>> it on
>> > >>>>>>>>>>> two
>> > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform
>> works
>> > >>>>>>>>>>> great.
>> > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the
>> local
>> > >>>>>>>>>>> hostname
>> > >>>>>>>>>>> is
>> > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well,
>> /var/log/messages
>> > >>>>>>>>>>> contains:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [.origin software="rsyslogd"
>> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
>> > >>>>>>>>>>> start
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>> > >>>>>>>>>>> supposed
>> > >>>>>>>>>>> to
>> > >>>>>>>>>>> be.
>> > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address,
>> that
>> > >>>>>>>>>>> would
>> > >>>>>>>>>>> explain why this is doing that. But that's weird,
>> because:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> # hostname
>> > >>>>>>>>>>> arm-host
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
>> > >>>>>>>>>>> "gethostbyname()"
>> > >>>>>>>>>>> it
>> > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's
>> getting
>> > >>>>>>>>>>> the
>> > >>>>>>>>>>> idea
>> > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin
>> software="rsyslogd"
>> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
>> > >>>>>>>>>>> start
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'll say this is the same version of rsyslog on both
>> systems,
>> > >>>>>>>>>>> built
>> > >>>>>>>>>>> with
>> > >>>>>>>>>>> the same sources, and (ostensibly) with the same
>> build-time, and
>> > >>>>>>>>>>> definitely the same run-time configurations.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this,
>> and I'm
>> > >>>>>>>>>>> not
>> > >>>>>>>>>>> sure
>> > >>>>>>>>>>> where else to look.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Thanks!
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> -derek
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>>
>> > >>>>>>>
>> > >>>>>>> --
>> > >>>>>>> Derek Atkins 617-623-3745
>> > >>>>>>> derek@ihtfp.com www.ihtfp.com
>> > >>>>>>> Computer and Internet Security Consultant
>> > >>>>>>>
>> > >>>>>>> _______________________________________________
>> > >>>>>>> rsyslog mailing list
>> > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > >>>>>>> http://www.rsyslog.com/professional-services/
>> > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
>> by a
>> > >>>>>>> myriad
>> > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>> POST if
>> > >>>>>>> you
>> > >>>>>>> DON'T LIKE THAT.
>> > >>>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> --
>> > >>>>>> Derek Atkins 617-623-3745
>> > >>>>>> derek@ihtfp.com www.ihtfp.com
>> > >>>>>> Computer and Internet Security Consultant
>> > >>>>>>
>> > >>>>>> _______________________________________________
>> > >>>>>> rsyslog mailing list
>> > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > >>>>>> http://www.rsyslog.com/professional-services/
>> > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
>> a
>> > >>>>>> myriad
>> > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if
>> > >>>>>> you
>> > >>>>>> DON'T LIKE THAT.
>> > >>>>>>
>> > >>>>>
>> > >>>>>
>> > >>>>>
>> > >>>>
>> > >>>
>> > >>>
>> > >>>
>> > >>
>> > >
>> > >
>> > >
>> > _______________________________________________
>> > rsyslog mailing list
>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if you DON'T LIKE THAT.
>


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
El jue, 7 oct 2021 a las 14:27, Derek Atkins (<derek@ihtfp.com>) escribió:
>
> Good morning,
>
> Indeed, this is what appears to be the case.
>
> # hostname arm-host.local
> # /etc/init.d/S01rsyslogd restart
> Stopping rsyslogd: OK
> Starting rsyslogd: OK
> # tail /var/log/myhostname
> 127/n127/arm-host/n#
>
> So now the question is why getddrinfo() is returning the wrong info?

I would strongly tend to say that's a question for the ulibc team.

Rainer

>
> -derek
>
> On Thu, October 7, 2021 8:22 am, Rainer Gerhards wrote:
> > ah, nah.. This could happen:
> >
> > gethostname() returns "arm-host".
> >
> > We see a non-FQDN, so it is not a "real" name and name resolution is
> > enabled. Then we call getaddrinfo("arm-host", ...), which seems to
> > return "127.0.0.1". This means the host "arm-host" is not properly
> > resolved. To prove this is the point, set hostname to
> > "arm-host.localhost" - due to the dot it now is a FQDN and so the name
> > resolution should not be done.
> >
> > Rainer
> >
> > El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
> > (<rgerhards@hq.adiscon.com>) escribió:
> >>
> >> It is gethostname(). But depending on circumstances DNS is also
> >> involved. In the sample here, "127.0.0.1" being returned, this should
> >> not be the case.
> >>
> >> The prime function used to get the local host name is:
> >> https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
> >>
> >> HTH
> >> Rainer
> >>
> >> El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
> >> (<rsyslog@lists.adiscon.com>) escribió:
> >> >
> >> > ok, that confirms that the syscall to get the hostname isn't working
> >> >
> >> > Rainer, what call do we make?
> >> >
> >> > David Lang
> >> >
> >> > On Wed, 6 Oct 2021, Derek Atkins wrote:
> >> >
> >> > > Date: Wed, 6 Oct 2021 16:20:46 -0400
> >> > > From: Derek Atkins <derek@ihtfp.com>
> >> > > To: David Lang <david@lang.hm>
> >> > > Cc: rsyslog@lists.adiscon.com
> >> > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
> >> hostname is
> >> > > "127.0.0.1"?
> >> > >
> >> > > David,
> >> > >
> >> > > # cat >> /etc/rsyslog.conf
> >> > > $template foo,"%$myhostname%/n"
> >> > > /var/log/myhostname;foo
> >> > > # /etc/init.d/S01rsyslogd restart
> >> > > Stopping rsyslogd: OK
> >> > > Starting rsyslogd: OK
> >> > > # tail /var/log/myhostname
> >> > > 127/n#
> >> > >
> >> > > -derek
> >> > >
> >> > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> >> > >> $template foo,"%$myhostname%/n"
> >> > >> /var/log/myhostname;foo
> >> > >>
> >> > >> run this for a very short time as it will write a line to this file
> >> for
> >> > >> every
> >> > >> log message that arrives :-)
> >> > >>
> >> > >> David Lang
> >> > >>
> >> > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
> >> > >>
> >> > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
> >> > >>> From: Derek Atkins <derek@ihtfp.com>
> >> > >>> To: David Lang <david@lang.hm>
> >> > >>> Cc: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> >> > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
> >> hostname
> >> > >>> is
> >> > >>> "127.0.0.1"?
> >> > >>>
> >> > >>> David,
> >> > >>>
> >> > >>> I am happy to revert back to the uclibc installation and feed you
> >> data,
> >> > >>> if
> >> > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
> >> > >>>
> >> > >>> -derek
> >> > >>>
> >> > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> >> > >>>> I believe that rsyslog uses the gethostbyname() call to convert
> >> the IP
> >> > >>>> to
> >> > >>>> name
> >> > >>>>
> >> > >>>> it would also be interesting to create a custom templete with
> >> > >>>> %$myhostname% in
> >> > >>>> it and see what that returns.
> >> > >>>>
> >> > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
> >> > >>>> hostname
> >> > >>>> in the
> >> > >>>> message and using $myhostname (and that is wrong) or if it's
> >> trying to
> >> > >>>> resolve
> >> > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
> >> > >>>> that's
> >> > >>>> wrong)
> >> > >>>>
> >> > >>>> If we can identify what's happening, we can then try to create a
> >> fix.
> >> > >>>> It
> >> > >>>> would
> >> > >>>> be nice to support non-glibc builds
> >> > >>>>
> >> > >>>> David Lang
> >> > >>>>
> >> > >>>>
> >> > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
> >> > >>>>
> >> > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is
> >> working.
> >> > >>>>> So I will go and blame uclibc for the bug.
> >> > >>>>>
> >> > >>>>> Thank you for getting me to look more closely (and pointing out
> >> that
> >> > >>>>> the
> >> > >>>>> issue is that rsyslogd was not getting a valid hostname).
> >> > >>>>>
> >> > >>>>> Thanks all!
> >> > >>>>>
> >> > >>>>> -derek
> >> > >>>>>
> >> > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> >> > >>>>>> Good morning,
> >> > >>>>>>
> >> > >>>>>> Thank you for your help so far.
> >> > >>>>>>
> >> > >>>>>> I just wanted to add one more piece of data, on my other host
> >> > >>>>>> (compiled
> >> > >>>>>> in
> >> > >>>>>> the same way from the same source in the same BuildRoot manner,
> >> but
> >> > >>>>>> on
> >> > >>>>>> a
> >> > >>>>>> different platform), I get what I would expect:
> >> > >>>>>>
> >> > >>>>>> Debug line with all properties:
> >> > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2',
> >> PRI:
> >> > >>>>>> 46,
> >> > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
> >> > >>>>>> 'rsyslogd',
> >> > >>>>>> PROCID: '-', MSGID: '-',
> >> > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> >> > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> >> x-pid="1780"
> >> > >>>>>> x-info="https://www.rsyslog.com"] start'
> >> > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> >> > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> >> > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd:
> >> [origin
> >> > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> >> > >>>>>> x-info="https://www.rsyslog.com"] start'
> >> > >>>>>> $!:
> >> > >>>>>> $.:
> >> > >>>>>> $/:
> >> > >>>>>>
> >> > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I
> >> guess my
> >> > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
> >> > >>>>>> information? I can certainly compile additional test code and
> >> run it
> >> > >>>>>> if
> >> > >>>>>> necessary. I just find it odd that the *host* knows its name
> >> but
> >> > >>>>>> rsyslogd
> >> > >>>>>> can't figure it out?
> >> > >>>>>>
> >> > >>>>>> Actually, looking a little closer, I noticed that I'm using
> >> uclibc on
> >> > >>>>>> the
> >> > >>>>>> arm platform (the broken one), but glibc on the nios2. I
> >> wonder if
> >> > >>>>>> this
> >> > >>>>>> is the issue?
> >> > >>>>>>
> >> > >>>>>> -derek
> >> > >>>>>>
> >> > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog
> >> wrote:
> >> > >>>>>>> As I said in my OP:
> >> > >>>>>>>
> >> > >>>>>>> # hostname
> >> > >>>>>>> arm-host
> >> > >>>>>>>
> >> > >>>>>>> and from this query:
> >> > >>>>>>>
> >> > >>>>>>> # cat /etc/hosts
> >> > >>>>>>> 127.0.0.1 localhost
> >> > >>>>>>> 127.0.1.1 arm-host
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>> However, as I also stated in my OP, I another another machine
> >> on a
> >> > >>>>>>> nios2
> >> > >>>>>>> with the exact same configuration and there the log messages
> >> say the
> >> > >>>>>>> correct hostname.
> >> > >>>>>>>
> >> > >>>>>>> -derek
> >> > >>>>>>>
> >> > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
> >> > >>>>>>>> what is in /etc/hosts and what do you get if you run the
> >> command
> >> > >>>>>>>> hostname?
> >> > >>>>>>>>
> >> > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the
> >> fromhost-ip
> >> > >>>>>>>>
> >> > >>>>>>>> the log message you received (as seen by the rawmsg: section)
> >> does
> >> > >>>>>>>> not
> >> > >>>>>>>> provide a
> >> > >>>>>>>> hostname (which could have been the problem)
> >> > >>>>>>>>
> >> > >>>>>>>> so based on this, the problem is with name resolution, which
> >> should
> >> > >>>>>>>> start
> >> > >>>>>>>> with
> >> > >>>>>>>> /etc/hosts and hostname
> >> > >>>>>>>>
> >> > >>>>>>>> David Lang
> >> > >>>>>>>>
> >> > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
> >> > >>>>>>>>
> >> > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
> >> > >>>>>>>>> From: Derek Atkins <derek@ihtfp.com>
> >> > >>>>>>>>> To: David Lang <david@lang.hm>
> >> > >>>>>>>>> Cc: rsyslog@lists.adiscon.com
> >> > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname
> >> is
> >> > >>>>>>>>> "127.0.0.1"?
> >> > >>>>>>>>>
> >> > >>>>>>>>> Hi,
> >> > >>>>>>>>>
> >> > >>>>>>>>> Thank you for the quick response.
> >> > >>>>>>>>>
> >> > >>>>>>>>> The logging here is all done locally, and the issue is in
> >> EVERY
> >> > >>>>>>>>> log
> >> > >>>>>>>>> message. The source is local (a call to vsyslog() in an
> >> > >>>>>>>>> application),
> >> > >>>>>>>>> or
> >> > >>>>>>>>> even just a call to "logger". Here is the resulting log
> >> message
> >> > >>>>>>>>> from
> >> > >>>>>>>>> rsyslogd starting up:
> >> > >>>>>>>>>
> >> > >>>>>>>>> Debug line with all properties:
> >> > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127',
> >> PRI:
> >> > >>>>>>>>> 46,
> >> > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME:
> >> 'syslog',
> >> > >>>>>>>>> PROCID:
> >> > >>>>>>>>> '-', MSGID: '-',
> >> > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
> >> > >>>>>>>>> msg: ' [.origin software="rsyslogd" swVersion="8.2010.0"
> >> > >>>>>>>>> x-pid="17368"
> >> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> >> > >>>>>>>>> escaped msg: ' [origin software="rsyslogd"
> >> swVersion="8.2010.0"
> >> > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
> >> > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog:
> >> [origin
> >> > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
> >> > >>>>>>>>> x-info="https://www.rsyslog.com"] start'
> >> > >>>>>>>>> $!:
> >> > >>>>>>>>> $.:
> >> > >>>>>>>>> $/:
> >> > >>>>>>>>>
> >> > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from
> >> here,
> >> > >>>>>>>>> but
> >> > >>>>>>>>> my
> >> > >>>>>>>>> guess that's the problem?
> >> > >>>>>>>>>
> >> > >>>>>>>>> I can run the same config on the nios2 if you want to see
> >> what it
> >> > >>>>>>>>> says,
> >> > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both
> >> be
> >> > >>>>>>>>> "nios2"
> >> > >>>>>>>>> instead of "127".
> >> > >>>>>>>>>
> >> > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
> >> > >>>>>>>>> machines
> >> > >>>>>>>>> (the
> >> > >>>>>>>>> one that works correctly and this one).
> >> > >>>>>>>>>
> >> > >>>>>>>>> Thanks,
> >> > >>>>>>>>>
> >> > >>>>>>>>> -derek
> >> > >>>>>>>>>
> >> > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
> >> > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we
> >> can
> >> > >>>>>>>>>> see
> >> > >>>>>>>>>> exactly what
> >> > >>>>>>>>>> rsyslog is being sent for a problem message.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> David Lang
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
> >> > >>>>>>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
> >> > >>>>>>>>>>> To: rsyslog@lists.adiscon.com
> >> > >>>>>>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
> >> > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
> >> > >>>>>>>>>>> "127.0.0.1"?
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Hi,
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built
> >> it on
> >> > >>>>>>>>>>> two
> >> > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform
> >> works
> >> > >>>>>>>>>>> great.
> >> > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the
> >> local
> >> > >>>>>>>>>>> hostname
> >> > >>>>>>>>>>> is
> >> > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well,
> >> /var/log/messages
> >> > >>>>>>>>>>> contains:
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [.origin software="rsyslogd"
> >> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
> >> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> >> > >>>>>>>>>>> start
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
> >> > >>>>>>>>>>> supposed
> >> > >>>>>>>>>>> to
> >> > >>>>>>>>>>> be.
> >> > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address,
> >> that
> >> > >>>>>>>>>>> would
> >> > >>>>>>>>>>> explain why this is doing that. But that's weird,
> >> because:
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> # hostname
> >> > >>>>>>>>>>> arm-host
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
> >> > >>>>>>>>>>> "gethostbyname()"
> >> > >>>>>>>>>>> it
> >> > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's
> >> getting
> >> > >>>>>>>>>>> the
> >> > >>>>>>>>>>> idea
> >> > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin
> >> software="rsyslogd"
> >> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
> >> > >>>>>>>>>>> x-info="https://www.rsyslog.com"]
> >> > >>>>>>>>>>> start
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> I'll say this is the same version of rsyslog on both
> >> systems,
> >> > >>>>>>>>>>> built
> >> > >>>>>>>>>>> with
> >> > >>>>>>>>>>> the same sources, and (ostensibly) with the same
> >> build-time, and
> >> > >>>>>>>>>>> definitely the same run-time configurations.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this,
> >> and I'm
> >> > >>>>>>>>>>> not
> >> > >>>>>>>>>>> sure
> >> > >>>>>>>>>>> where else to look.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Thanks!
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> -derek
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>> --
> >> > >>>>>>> Derek Atkins 617-623-3745
> >> > >>>>>>> derek@ihtfp.com www.ihtfp.com
> >> > >>>>>>> Computer and Internet Security Consultant
> >> > >>>>>>>
> >> > >>>>>>> _______________________________________________
> >> > >>>>>>> rsyslog mailing list
> >> > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > >>>>>>> http://www.rsyslog.com/professional-services/
> >> > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
> >> by a
> >> > >>>>>>> myriad
> >> > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> >> POST if
> >> > >>>>>>> you
> >> > >>>>>>> DON'T LIKE THAT.
> >> > >>>>>>>
> >> > >>>>>>
> >> > >>>>>>
> >> > >>>>>> --
> >> > >>>>>> Derek Atkins 617-623-3745
> >> > >>>>>> derek@ihtfp.com www.ihtfp.com
> >> > >>>>>> Computer and Internet Security Consultant
> >> > >>>>>>
> >> > >>>>>> _______________________________________________
> >> > >>>>>> rsyslog mailing list
> >> > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > >>>>>> http://www.rsyslog.com/professional-services/
> >> > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> >> a
> >> > >>>>>> myriad
> >> > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> >> if
> >> > >>>>>> you
> >> > >>>>>> DON'T LIKE THAT.
> >> > >>>>>>
> >> > >>>>>
> >> > >>>>>
> >> > >>>>>
> >> > >>>>
> >> > >>>
> >> > >>>
> >> > >>>
> >> > >>
> >> > >
> >> > >
> >> > >
> >> > _______________________________________________
> >> > rsyslog mailing list
> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > http://www.rsyslog.com/professional-services/
> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> >> if you DON'T LIKE THAT.
> >
>
>
> --
> Derek Atkins 617-623-3745
> derek@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
While that makes perfect sense, in this particular case there is no remote
logging; it's all local, so using the local name should suffice. But the
fact that glibc returns "arm-host" but uclibc gives "127.x.y.z" -- seems
to be strange to me. There is no DNS (no network), and /etc/hosts
contains 'arm-host' in there, so that *should* work. Could it be a uclibc
bug?

(NB: at this point I've swapped my systems over to glibc, but I'm happy to
help you debug on uclibc as long as you need).

-derek

On Thu, October 7, 2021 8:24 am, Rainer Gerhards wrote:
> and another one: why do we do this? Far too many systems are called
> "localhost" or some similar nonsense. So if we find indication this
> system is not properly identifying itself, we ask the resolver for its
> real name. Remember that a remote peer must be able to identify the
> host based on the hostname field, and putting nonsense into it isn't
> really helpful.
>
> Rainer


--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
On Thu, October 7, 2021 8:29 am, Rainer Gerhards wrote:
> El jue, 7 oct 2021 a las 14:27, Derek Atkins (<derek@ihtfp.com>) escribió:
>>
>> Good morning,
>>
>> Indeed, this is what appears to be the case.
>>
>> # hostname arm-host.local
>> # /etc/init.d/S01rsyslogd restart
>> Stopping rsyslogd: OK
>> Starting rsyslogd: OK
>> # tail /var/log/myhostname
>> 127/n127/arm-host/n#
>>
>> So now the question is why getddrinfo() is returning the wrong info?
>
> I would strongly tend to say that's a question for the ulibc team.
>
> Rainer

I am fine with that answer from you! :)
I am happy to consider this issue "closed" if you deem it so.
I really do appreciate all your help over the last couple days.

On a side note, I noticed that this mailing list stopped storing archives
in 2018. Was that done on purpose? Did they move? Is that a bug?

-derek

--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [SOLVED] Re: RSyslog thinks my machine's hostname is "127.0.0.1"? [ In reply to ]
> On Thu, October 7, 2021 8:29 am, Rainer Gerhards wrote:
> > El jue, 7 oct 2021 a las 14:27, Derek Atkins (<derek@ihtfp.com>) escribió:
> >>
> >> Good morning,
> >>
> >> Indeed, this is what appears to be the case.
> >>
> >> # hostname arm-host.local
> >> # /etc/init.d/S01rsyslogd restart
> >> Stopping rsyslogd: OK
> >> Starting rsyslogd: OK
> >> # tail /var/log/myhostname
> >> 127/n127/arm-host/n#
> >>
> >> So now the question is why getddrinfo() is returning the wrong info?
> >
> > I would strongly tend to say that's a question for the ulibc team.
> >
> > Rainer
>
> I am fine with that answer from you! :)
> I am happy to consider this issue "closed" if you deem it so.
> I really do appreciate all your help over the last couple days.
>
> On a side note, I noticed that this mailing list stopped storing archives
> in 2018. Was that done on purpose? Did they move? Is that a bug?

GDPR is the magic word ;-) It was far too much hassle/risk to keep it
active. There are still many sites on the web which keep an archive.

Rainer

>
> -derek
>
> --
> Derek Atkins 617-623-3745
> derek@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.