Hi, I'm using rsyslog-5.4.0 and I having a issue that I cannot understand. I want to implement a central logging server using stunnel, and I need to use FQDN always, I don't want to have HOSTNAME trunked to the hostname so I enable $PreserveFQDN but only some of the messages seems to use the whole hostname. I've seen this issue in multiple versions of rsyslog, so I'm quite sure is not caused by rsyslog-5.4.0
I've tested on multiples versions of CentOS and currently I'm testing rsyslog-5.4.0 on a CentOS 5.4. To to the tests I'm logging all the messages in a local file, so the interesting part of my /etc/rsyslog.conf is like this: $ModLoad immark # provides --MARK-- message capability $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # kernel logging (formerly provided by rklogd) $PreserveFQDN on *.* /var/log/everything.log I start rsyslogd with the "-c 4" option, and if I enable $PreserveFQDN in the conf messages from kernel and rsyslogd are saved with the proper FQDN but the rest of the messages are stored as if they were originated from the hostname, without domain. # tail /var/log/everything.log 010-03-26T07:51:29.513679-04:00 syslog-test.scrambled.com kernel: imklog 5.4.0, log source = /proc/kmsg started. 2010-03-26T07:51:29.684129-04:00 syslog-test.scrambled.com rsyslogd: [origin software="rsyslogd" swVersion="5.4.0" x-pid="1977" x-info="http://www.rsyslog.com";] start 2010-03-26T07:51:29.707163-04:00 syslog-test stunnel: LOG5[1508:1099114816]: ssyslog connected from 127.0.0.1:35446 2010-03-26T07:51:30.610043-04:00 syslog-test.scrambled.com kernel: Kernel logging (proc) stopped. 2010-03-26T07:51:30.610519-04:00 syslog-test.scrambled.com rsyslogd: [origin software="rsyslogd" swVersion="5.4.0" x-pid="1977" x-info="http://www.rsyslog.com";] exiting on signal 2. In this case, the only one using "syslog-test" (without the ".scrambled.com" part is stunnel, but all the logs generated from sshd, pam, cron, etc are generated from "syslog-test" instead of "syslog-test.scrambled.com". I only have localhost in the hosts file and if I run hostname I get "syslog-test.scrambled.com". I even rebooted the server after changing $PreserveFQDN, just in case it was some weird thing of applications 'caching' the simple hostname (it doesn't make sense, I know). Is there anything that I'm doing wrong? Is it possible for rsyslog to use the FQDN for all the logs? I believe that I need that the FQDN is used locally for it to work with a remote server (so the HOSTNAME variabvle in the template has the FQDN) Many thanks in advance. -- Pablo Martinez Schroder _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
