I just rebuilt the Arm platform with GLibc and.... syslog is working.
So I will go and blame uclibc for the bug.
Thank you for getting me to look more closely (and pointing out that the
issue is that rsyslogd was not getting a valid hostname).
Thanks all!
-derek
On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> Good morning,
>
> Thank you for your help so far.
>
> I just wanted to add one more piece of data, on my other host (compiled in
> the same way from the same source in the same BuildRoot manner, but on a
> different platform), I get what I would expect:
>
> Debug line with all properties:
> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: 46,
> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd',
> PROCID: '-', MSGID: '-',
> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> $!:
> $.:
> $/:
>
> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> question is, what APIs are rsyslogd using to try to obtain this
> information? I can certainly compile additional test code and run it if
> necessary. I just find it odd that the *host* knows its name but rsyslogd
> can't figure it out?
>
> Actually, looking a little closer, I noticed that I'm using uclibc on the
> arm platform (the broken one), but glibc on the nios2. I wonder if this
> is the issue?
>
> -derek
>
> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>> As I said in my OP:
>>
>> # hostname
>> arm-host
>>
>> and from this query:
>>
>> # cat /etc/hosts
>> 127.0.0.1 localhost
>> 127.0.1.1 arm-host
>>
>>
>> However, as I also stated in my OP, I another another machine on a nios2
>> with the exact same configuration and there the log messages say the
>> correct hostname.
>>
>> -derek
>>
>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>> what is in /etc/hosts and what do you get if you run the command
>>> hostname?
>>>
>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>
>>> the log message you received (as seen by the rawmsg: section) does not
>>> provide a
>>> hostname (which could have been the problem)
>>>
>>> so based on this, the problem is with name resolution, which should
>>> start
>>> with
>>> /etc/hosts and hostname
>>>
>>> David Lang
>>>
>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>
>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>> From: Derek Atkins <derek@ihtfp.com>
>>>> To: David Lang <david@lang.hm>
>>>> Cc: rsyslog@lists.adiscon.com
>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>> "127.0.0.1"?
>>>>
>>>> Hi,
>>>>
>>>> Thank you for the quick response.
>>>>
>>>> The logging here is all done locally, and the issue is in EVERY log
>>>> message. The source is local (a call to vsyslog() in an application),
>>>> or
>>>> even just a call to "logger". Here is the resulting log message from
>>>> rsyslogd starting up:
>>>>
>>>> Debug line with all properties:
>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>> PROCID:
>>>> '-', MSGID: '-',
>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> $!:
>>>> $.:
>>>> $/:
>>>>
>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but
>>>> my
>>>> guess that's the problem?
>>>>
>>>> I can run the same config on the nios2 if you want to see what it
>>>> says,
>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>> "nios2"
>>>> instead of "127".
>>>>
>>>> The contents of /etc/hosts is effectively the same on both machines
>>>> (the
>>>> one that works correctly and this one).
>>>>
>>>> Thanks,
>>>>
>>>> -derek
>>>>
>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>> exactly what
>>>>> rsyslog is being sent for a problem message.
>>>>>
>>>>> David Lang
>>>>>
>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>
>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>> To: rsyslog@lists.adiscon.com
>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>> "127.0.0.1"?
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on two
>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>> great.
>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>> hostname
>>>>>> is
>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>> contains:
>>>>>>
>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> Notice the "127" in there? That's where the "hostname" is supposed
>>>>>> to
>>>>>> be.
>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>> would
>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>
>>>>>> # hostname
>>>>>> arm-host
>>>>>>
>>>>>> Moreover, if I compile and run the code to execute a
>>>>>> "gethostbyname()"
>>>>>> it
>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>> idea
>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>
>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>
>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> I'll say this is the same version of rsyslog on both systems, built
>>>>>> with
>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>> definitely the same run-time configurations.
>>>>>>
>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm not
>>>>>> sure
>>>>>> where else to look.
>>>>>>
>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Derek Atkins 617-623-3745
>> derek@ihtfp.com www.ihtfp.com
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
> --
> Derek Atkins 617-623-3745
> derek@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
So I will go and blame uclibc for the bug.
Thank you for getting me to look more closely (and pointing out that the
issue is that rsyslogd was not getting a valid hostname).
Thanks all!
-derek
On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> Good morning,
>
> Thank you for your help so far.
>
> I just wanted to add one more piece of data, on my other host (compiled in
> the same way from the same source in the same BuildRoot manner, but on a
> different platform), I get what I would expect:
>
> Debug line with all properties:
> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: 46,
> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd',
> PROCID: '-', MSGID: '-',
> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> x-pid="1780" x-info="https://www.rsyslog.com"] start'
> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> x-info="https://www.rsyslog.com"] start'
> $!:
> $.:
> $/:
>
> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> question is, what APIs are rsyslogd using to try to obtain this
> information? I can certainly compile additional test code and run it if
> necessary. I just find it odd that the *host* knows its name but rsyslogd
> can't figure it out?
>
> Actually, looking a little closer, I noticed that I'm using uclibc on the
> arm platform (the broken one), but glibc on the nios2. I wonder if this
> is the issue?
>
> -derek
>
> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
>> As I said in my OP:
>>
>> # hostname
>> arm-host
>>
>> and from this query:
>>
>> # cat /etc/hosts
>> 127.0.0.1 localhost
>> 127.0.1.1 arm-host
>>
>>
>> However, as I also stated in my OP, I another another machine on a nios2
>> with the exact same configuration and there the log messages say the
>> correct hostname.
>>
>> -derek
>>
>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>>> what is in /etc/hosts and what do you get if you run the command
>>> hostname?
>>>
>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
>>>
>>> the log message you received (as seen by the rawmsg: section) does not
>>> provide a
>>> hostname (which could have been the problem)
>>>
>>> so based on this, the problem is with name resolution, which should
>>> start
>>> with
>>> /etc/hosts and hostname
>>>
>>> David Lang
>>>
>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>>>
>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>>>> From: Derek Atkins <derek@ihtfp.com>
>>>> To: David Lang <david@lang.hm>
>>>> Cc: rsyslog@lists.adiscon.com
>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
>>>> "127.0.0.1"?
>>>>
>>>> Hi,
>>>>
>>>> Thank you for the quick response.
>>>>
>>>> The logging here is all done locally, and the issue is in EVERY log
>>>> message. The source is local (a call to vsyslog() in an application),
>>>> or
>>>> even just a call to "logger". Here is the resulting log message from
>>>> rsyslogd starting up:
>>>>
>>>> Debug line with all properties:
>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46,
>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
>>>> PROCID:
>>>> '-', MSGID: '-',
>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>>>> x-pid="17368" x-info="https://www.rsyslog.com"] start'
>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>>>> x-info="https://www.rsyslog.com"] start'
>>>> $!:
>>>> $.:
>>>> $/:
>>>>
>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but
>>>> my
>>>> guess that's the problem?
>>>>
>>>> I can run the same config on the nios2 if you want to see what it
>>>> says,
>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
>>>> "nios2"
>>>> instead of "127".
>>>>
>>>> The contents of /etc/hosts is effectively the same on both machines
>>>> (the
>>>> one that works correctly and this one).
>>>>
>>>> Thanks,
>>>>
>>>> -derek
>>>>
>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>>>>> please log with the template RSYSLOG_DebugFormat so that we can see
>>>>> exactly what
>>>>> rsyslog is being sent for a problem message.
>>>>>
>>>>> David Lang
>>>>>
>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>>>>>
>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>>>>>> From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
>>>>>> To: rsyslog@lists.adiscon.com
>>>>>> Cc: Derek Atkins <derek@ihtfp.com>
>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>>>>>> "127.0.0.1"?
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on two
>>>>>> different platforms (nios2 and arm). The Nios2 platform works
>>>>>> great.
>>>>>> However, on the Arm platform, rsyslog seems to think the local
>>>>>> hostname
>>>>>> is
>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
>>>>>> contains:
>>>>>>
>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> Notice the "127" in there? That's where the "hostname" is supposed
>>>>>> to
>>>>>> be.
>>>>>> So if for some reason it thinks the FQDN is an IP address, that
>>>>>> would
>>>>>> explain why this is doing that. But that's weird, because:
>>>>>>
>>>>>> # hostname
>>>>>> arm-host
>>>>>>
>>>>>> Moreover, if I compile and run the code to execute a
>>>>>> "gethostbyname()"
>>>>>> it
>>>>>> also returns "arm-host". So I have no idea where it's getting the
>>>>>> idea
>>>>>> that the hostname/FQDN is an IP Address.
>>>>>>
>>>>>> I'll note that on the Nios2 this works as expected:
>>>>>>
>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com"]
>>>>>> start
>>>>>>
>>>>>> I'll say this is the same version of rsyslog on both systems, built
>>>>>> with
>>>>>> the same sources, and (ostensibly) with the same build-time, and
>>>>>> definitely the same run-time configurations.
>>>>>>
>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm not
>>>>>> sure
>>>>>> where else to look.
>>>>>>
>>>>>> So I'm hoping you experts might be able to help me?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> -derek
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Derek Atkins 617-623-3745
>> derek@ihtfp.com www.ihtfp.com
>> Computer and Internet Security Consultant
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
> --
> Derek Atkins 617-623-3745
> derek@ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.