rsyslog sometimes logs fqdn, sometimes just host name
Hi all,
I have a syslog server that receives logs from several hosts using the standard 514/udp syslog protocol. Most of these systems are internal, so I have added an entry for each in the /etc/hosts file so the names get loged instead of IP addresses. I'm having a problem where one host logs the FQDN and another host only logs the hostname portion. /etc/hosts excerpt: Code:
192.168.1.230 voipfw01.mydom.net Code:
Jun 2 10:07:13 main-fw <message> I need the FQDN to be logged, please help. |
I'm guessing that local 4 is in my-dom.com domain, so it 'knows' main-fw.my-dom.com, whereas the other one is in a different TLD.
Alternately/as well, are you running a DNS server? |
We do run DNS, but they are public servers with hundreds of domains. We don't put non-routable addresses in them. I'm happy using the hosts file for this, it's one syslog server plus a hot standby so not a big issue.
I see what you're saying, and yes, the hosts logging only their simple name are in the same TLD as the syslog server. I changed the TLD on the syslog server and everything is once again logging with FQDN. My old syslog daemon didn't work this way... it just always used the FQDN. Thanks for the info. |
rsyslog inherited that behavior from sysklogd. Nobody ever questioned it. But it looks like it would be useful to be able to disable it. What do you think?
Rainer |
All times are GMT -5. The time now is 11:46 AM. |