List, I am trying to standardize the hostnames that we see in our logs. It seems that the services (haproxy, etc) that log directly to the rsyslog server do this differently. Here's an example:
./ec2-<snip>.us-west-1.compute.amazonaws.com/haproxy ./domu-<snip>/haproxy ./domu-<snip>/haproxy ./domu-<snip>/haproxy ./ip-<snip>.ec2.internal/haproxy All the standard logs (user.log, syslog, messages, etc) all use a standard format like: ./domu-<snip>/syslog ./ip-<snip>/syslog As you see like in the case of ip-<snip>, ".ec2.internal" gets appended on with haproxy. In the case of ec2-<snip>.us-west-1.compute.amazonaws.com is actually coming from a host with a hostname like ip-<snip>. Hopefully this makes sense. Across the board I am using %hostname:::lowercase% to create the directories. As a test to see what the application sees vs rsyslog we added code to log the hostname in one of our applications: ec2-<snip>.us-west-1.compute.amazonaws.com/ellison:Nov 16 20:34:22 ec2-<snip>.us-west-1.compute.amazonaws.com local3: 2010-11-16 20:34:22,123 INFO [main] ejje.Ejje - Address ip-<snip> As you can see rsyslog is logging this with the "ec2-" style hostname but what the application is seeing for the hostname is the "ip-" style. Interestingly the hostname style that rsyslog sees seems to depend on what EC2 availability zone the node is in. "ec2-" hostnames are only in the us-west-1 and ap-southeast-1 zones, "ip-*.ec2.internal" and "domu-*" hostnames in us-east-1. So I think this would suggest something with DNS configurations in different zones. Additionally the "ec2-" style hostnames are actually public hostnames that aren't assigned to the machines but to a MIP or VIP, which again suggests some sort of DNS lookup. I have tried using %fromhost% with the same results. Any thoughts on what might be going on and how to fix it? Thanks. -Joe Name: Joseph A. Williams Email: [email protected] Blog: http://www.joeandmotorboat.com/ Twitter: http://twitter.com/williamsjoe _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
