Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
HOSTNAME property truncating strings with certain special characters('.')
rsyslog at lists
Nov 1, 2023, 12:37 PM
Post #1 of 3 (109 views)
Permalink
Hi All,

We are using the following template in our C-based Linux application logging.
The "HOSTNAME" property is updated in the message without any issues if the Linux hostname is purely Alphanumeric.
However, if the Linux hostname is updated to an IP address format or any string with '.' character, the message is only updated with the part of the string before the dot character.
As a try, I tried with a few other special characters in the hostname. I observed a mixed behavior - for example: '#' was accepted whereas '$' was not.

$template rfc3164_local,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

Could you please tell us if there is any extra expression required for the property to take the string as-is from Linux's hostname?
Any leads would be much appreciated.

Thanks in advance!


Best Regards
Siva Muthumurugan
Sr. Software Engineer
[cid:image001.png@01DA0CD9.4F19D320]
Tech Support: +1.844.475.8324 (844-iS5-TECH)
Website: www.is5com.com<http://www.is5com.com/>
E-mail: sivamuthumurugan@is5com.com<mailto:sivamuthumurugan@is5com.com>
Click on the links below "Like" & "Follow Us" on our Social Feeds for the latest News!!!

[cid:image002.png@01DA0CD9.4F19D320]<http://is5com.com/>[D2D4C898]<https://www.linkedin.com/in/natalie-zavaglia-1b135210b/> [Image result for facebook] <https://www.facebook.com/IS5-Communications-Inc-208709785967080/> [Image result for twitter] <https://twitter.com/is5com?lang=en> [cid:image006.png@01DA0CD9.4F19D320] <https://www.youtube.com/channel/UCgU3yoYhRHFUk3bqJNPvlIw>

Confidentiality Notice:
This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.

Attached Files:

Re: HOSTNAME property truncating strings with certain special characters('.') [ In reply to ]
rsyslog at lists
Nov 1, 2023, 11:48 PM
Post #2 of 3 (109 views)
Permalink
Regardless of whether it does get cut at dot or not, let me remind you
that RFC3164 says:

The HOSTNAME field will contain only the hostname, the IPv4 address,
or the IPv6 address of the originator of the message. The preferred
value is the hostname. If the hostname is used, the HOSTNAME field
MUST contain the hostname of the device as specified in STD 13 [4].
It should be noted that this MUST NOT contain any embedded spaces.
The Domain Name MUST NOT be included in the HOSTNAME field. If the
IPv4 address is used, it MUST be shown as the dotted decimal notation
as used in STD 13 [5]. If an IPv6 address is used, any valid
representation used inRFC 2373 <https://www.rfc-editor.org/rfc/rfc2373> [6] MAY be used. A single space
character MUST also follow the HOSTNAME field.

The hostname syntax is of course defined elsewhere and - as far as I remember - is limited to alphanumeric characters and dashes. So neither $ nor # are valid characters for HOSTNAME.

MK

On 1.11.2023 20:37, Siva Muthumurugan via rsyslog wrote:
> Hi All,
>
> We are using the following template in our C-based Linux application logging.
> The "HOSTNAME" property is updated in the message without any issues if the Linux hostname is purely Alphanumeric.
> However, if the Linux hostname is updated to an IP address format or any string with '.' character, the message is only updated with the part of the string before the dot character.
> As a try, I tried with a few other special characters in the hostname. I observed a mixed behavior - for example: '#' was accepted whereas '$' was not.
>
> $template rfc3164_local,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
>
> Could you please tell us if there is any extra expression required for the property to take the string as-is from Linux's hostname?
> Any leads would be much appreciated.
>
> Thanks in advance!
>
>
> Best Regards
> Siva Muthumurugan
> Sr. Software Engineer
> [cid:image001.png@01DA0CD9.4F19D320]
> Tech Support: +1.844.475.8324 (844-iS5-TECH)
> Website: www.is5com.com<http://www.is5com.com/>
> E-mail: sivamuthumurugan@is5com.com<mailto:sivamuthumurugan@is5com.com>
> Click on the links below "Like" & "Follow Us" on our Social Feeds for the latest News!!!
>
> [cid:image002.png@01DA0CD9.4F19D320]<http://is5com.com/>[D2D4C898]<https://www.linkedin.com/in/natalie-zavaglia-1b135210b/> [Image result for facebook] <https://www.facebook.com/IS5-Communications-Inc-208709785967080/> [Image result for twitter] <https://twitter.com/is5com?lang=en> [cid:image006.png@01DA0CD9.4F19D320] <https://www.youtube.com/channel/UCgU3yoYhRHFUk3bqJNPvlIw>
>
> Confidentiality Notice:
> This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.
>
>
>
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: HOSTNAME property truncating strings with certain special characters('.') [ In reply to ]
rsyslog at lists
Nov 2, 2023, 1:38 AM
Post #3 of 3 (109 views)
Permalink
There is an option to allow FQDNs in the hostname (it's a violation of the RFC,
but commonly needed)

see https://www.rsyslog.com/doc/master/rainerscript/global.html (the new way of
setting global parameters) or
https://www.rsyslog.com/doc/master/configuration/global/index.html (the old way,
still supported, but not as clear)

David Lang
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal