As I said in my OP: # hostname arm-host
and from this query: # cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 arm-host However, as I also stated in my OP, I another another machine on a nios2 with the exact same configuration and there the log messages say the correct hostname. -derek On Tue, October 5, 2021 8:52 pm, David Lang wrote: > what is in /etc/hosts and what do you get if you run the command hostname? > > rsyslog gets fromhost by doing a name lookup of the fromhost-ip > > the log message you received (as seen by the rawmsg: section) does not > provide a > hostname (which could have been the problem) > > so based on this, the problem is with name resolution, which should start > with > /etc/hosts and hostname > > David Lang > > On Tue, 5 Oct 2021, Derek Atkins wrote: > >> Date: Tue, 5 Oct 2021 20:28:34 -0400 >> From: Derek Atkins <[email protected]> >> To: David Lang <[email protected]> >> Cc: [email protected] >> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is >> "127.0.0.1"? >> >> Hi, >> >> Thank you for the quick response. >> >> The logging here is all done locally, and the issue is in EVERY log >> message. The source is local (a call to vsyslog() in an application), >> or >> even just a call to "logger". Here is the resulting log message from >> rsyslogd starting up: >> >> Debug line with all properties: >> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46, >> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', PROCID: >> '-', MSGID: '-', >> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', >> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >> x-info="https://www.rsyslog.com";] start' >> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >> x-pid="17368" x-info="https://www.rsyslog.com";] start' >> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin >> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >> x-info="https://www.rsyslog.com";] start' >> $!: >> $.: >> $/: >> >> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but >> my >> guess that's the problem? >> >> I can run the same config on the nios2 if you want to see what it says, >> but my guess is that FROMHOST and HOSTNAME are going to both be "nios2" >> instead of "127". >> >> The contents of /etc/hosts is effectively the same on both machines (the >> one that works correctly and this one). >> >> Thanks, >> >> -derek >> >> On Tue, October 5, 2021 6:16 pm, David Lang wrote: >>> please log with the template RSYSLOG_DebugFormat so that we can see >>> exactly what >>> rsyslog is being sent for a problem message. >>> >>> David Lang >>> >>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: >>> >>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 >>>> From: Derek Atkins via rsyslog <[email protected]> >>>> To: [email protected] >>>> Cc: Derek Atkins <[email protected]> >>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is >>>> "127.0.0.1"? >>>> >>>> Hi, >>>> >>>> I'm using rsyslog in a BuildRoot environment. I've built it on two >>>> different platforms (nios2 and arm). The Nios2 platform works great. >>>> However, on the Arm platform, rsyslog seems to think the local >>>> hostname >>>> is >>>> "127.0.0.1". Why do I think that? Well, /var/log/messages contains: >>>> >>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" >>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com";] >>>> start >>>> >>>> Notice the "127" in there? That's where the "hostname" is supposed to >>>> be. >>>> So if for some reason it thinks the FQDN is an IP address, that would >>>> explain why this is doing that. But that's weird, because: >>>> >>>> # hostname >>>> arm-host >>>> >>>> Moreover, if I compile and run the code to execute a "gethostbyname()" >>>> it >>>> also returns "arm-host". So I have no idea where it's getting the >>>> idea >>>> that the hostname/FQDN is an IP Address. >>>> >>>> I'll note that on the Nios2 this works as expected: >>>> >>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" >>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com";] >>>> start >>>> >>>> I'll say this is the same version of rsyslog on both systems, built >>>> with >>>> the same sources, and (ostensibly) with the same build-time, and >>>> definitely the same run-time configurations. >>>> >>>> I'm just at a loss for why rsyslog might be doing this, and I'm not >>>> sure >>>> where else to look. >>>> >>>> So I'm hoping you experts might be able to help me? >>>> >>>> Thanks! >>>> >>>> -derek >>>> >>>> >>> >> >> >> > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
