Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 06-02-2008, 09:10 AM   #1
Registered: Jun 2003
Location: Cleveburg, OH
Distribution: mostly Fedora
Posts: 154

Rep: Reputation: 30
Unhappy rsyslog sometimes logs fqdn, sometimes just host name

Hi all,

I have a syslog server that receives logs from several hosts using the standard 514/udp syslog protocol. Most of these systems are internal, so I have added an entry for each in the /etc/hosts file so the names get loged instead of IP addresses.

I'm having a problem where one host logs the FQDN and another host only logs the hostname portion.

/etc/hosts excerpt:
Both hosts sent to local4, which I have excluded from all other logs and only writes to /var/log/firewall. In the log, I have:
Jun  2 10:07:13 main-fw <message>
Jun  2 10:07:14 <message>
Both FQDN are the same length, so I don't think it's a truncation problem. The only difference that is apparent to me is the hyphens in the second entry.

I need the FQDN to be logged, please help.
Old 06-02-2008, 09:07 PM   #2
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,735

Rep: Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523
I'm guessing that local 4 is in domain, so it 'knows', whereas the other one is in a different TLD.
Alternately/as well, are you running a DNS server?
Old 06-03-2008, 08:53 AM   #3
Registered: Jun 2003
Location: Cleveburg, OH
Distribution: mostly Fedora
Posts: 154

Original Poster
Rep: Reputation: 30
We do run DNS, but they are public servers with hundreds of domains. We don't put non-routable addresses in them. I'm happy using the hosts file for this, it's one syslog server plus a hot standby so not a big issue.

I see what you're saying, and yes, the hosts logging only their simple name are in the same TLD as the syslog server. I changed the TLD on the syslog server and everything is once again logging with FQDN.

My old syslog daemon didn't work this way... it just always used the FQDN.

Thanks for the info.
Old 06-03-2008, 10:31 AM   #4
Registered: Sep 2003
Distribution: Fedora/Debian
Posts: 50

Rep: Reputation: 15
rsyslog inherited that behavior from sysklogd. Nobody ever questioned it. But it looks like it would be useful to be able to disable it. What do you think?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
can't ping any host with .local at the end of FQDN shaab Linux - Networking 7 11-29-2007 10:03 AM
error unknown host given when trying to ping FQDN cnts-student Linux - Newbie 2 03-18-2007 01:17 PM
IP logs show host pinging outside network sleepykit Linux - Networking 3 12-11-2006 02:17 AM
Samba + CUPS: missing host info in logs jido Linux - Software 0 03-22-2005 07:47 AM
Resolving Local Non-FQDN Host Names fortezza Linux - Networking 2 02-14-2004 04:17 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration