> > I need to re-read this more careful, but for now let me say that > rsyslog does > > not touch /etc/hosts at all. It exlusively relies on what is returned > by the > > OS. But the "source" property is not locally generated, it contains > whatever > > the sender placed into the relevant field. > > Good info ... thanks. So my host is sending the miss-typed host name > to rsyslog by having it in the log line > DATE hostname => blah
I still intended to do a write-up in the cookbook, but more important things got into the way. So here quickly: You need to be careful when using hostname to build pathes. Bad guys may put malicous sequences into it. There are property replacer options to solve that, primarily removing slashes (something along the lines of "secpath" or so). If possible, it is better to use fromhost-ip or fromhost, but that is only the last sender, so not really useful in a relay chain. Rainer > > So I guess the question is how does my host derive the hostname it > sticks into log messages. > > So thanks... and I already know the localhost will scan the /etc/hosts > file when resolving the localhost name... so there is the culprit. > > Of course the culprit is really me, who miss-typed the host name. > > Thanks. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
