I just rebuilt the Arm platform with GLibc and.... syslog is working. So I will go and blame uclibc for the bug.
Thank you for getting me to look more closely (and pointing out that the issue is that rsyslogd was not getting a valid hostname). Thanks all! -derek On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote: > Good morning, > > Thank you for your help so far. > > I just wanted to add one more piece of data, on my other host (compiled in > the same way from the same source in the same BuildRoot manner, but on a > different platform), I get what I would expect: > > Debug line with all properties: > FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: 46, > syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: 'rsyslogd', > PROCID: '-', MSGID: '-', > TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-', > msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780" > x-info="https://www.rsyslog.com";] start' > escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" > x-pid="1780" x-info="https://www.rsyslog.com";] start' > inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin > software="rsyslogd" swVersion="8.2010.0" x-pid="1780" > x-info="https://www.rsyslog.com";] start' > $!: > $.: > $/: > > So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my > question is, what APIs are rsyslogd using to try to obtain this > information? I can certainly compile additional test code and run it if > necessary. I just find it odd that the *host* knows its name but rsyslogd > can't figure it out? > > Actually, looking a little closer, I noticed that I'm using uclibc on the > arm platform (the broken one), but glibc on the nios2. I wonder if this > is the issue? > > -derek > > On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote: >> As I said in my OP: >> >> # hostname >> arm-host >> >> and from this query: >> >> # cat /etc/hosts >> 127.0.0.1 localhost >> 127.0.1.1 arm-host >> >> >> However, as I also stated in my OP, I another another machine on a nios2 >> with the exact same configuration and there the log messages say the >> correct hostname. >> >> -derek >> >> On Tue, October 5, 2021 8:52 pm, David Lang wrote: >>> what is in /etc/hosts and what do you get if you run the command >>> hostname? >>> >>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip >>> >>> the log message you received (as seen by the rawmsg: section) does not >>> provide a >>> hostname (which could have been the problem) >>> >>> so based on this, the problem is with name resolution, which should >>> start >>> with >>> /etc/hosts and hostname >>> >>> David Lang >>> >>> On Tue, 5 Oct 2021, Derek Atkins wrote: >>> >>>> Date: Tue, 5 Oct 2021 20:28:34 -0400 >>>> From: Derek Atkins <[email protected]> >>>> To: David Lang <[email protected]> >>>> Cc: [email protected] >>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is >>>> "127.0.0.1"? >>>> >>>> Hi, >>>> >>>> Thank you for the quick response. >>>> >>>> The logging here is all done locally, and the issue is in EVERY log >>>> message. The source is local (a call to vsyslog() in an application), >>>> or >>>> even just a call to "logger". Here is the resulting log message from >>>> rsyslogd starting up: >>>> >>>> Debug line with all properties: >>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46, >>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', >>>> PROCID: >>>> '-', MSGID: '-', >>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', >>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >>>> x-info="https://www.rsyslog.com";] start' >>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>> x-pid="17368" x-info="https://www.rsyslog.com";] start' >>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin >>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >>>> x-info="https://www.rsyslog.com";] start' >>>> $!: >>>> $.: >>>> $/: >>>> >>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, but >>>> my >>>> guess that's the problem? >>>> >>>> I can run the same config on the nios2 if you want to see what it >>>> says, >>>> but my guess is that FROMHOST and HOSTNAME are going to both be >>>> "nios2" >>>> instead of "127". >>>> >>>> The contents of /etc/hosts is effectively the same on both machines >>>> (the >>>> one that works correctly and this one). >>>> >>>> Thanks, >>>> >>>> -derek >>>> >>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote: >>>>> please log with the template RSYSLOG_DebugFormat so that we can see >>>>> exactly what >>>>> rsyslog is being sent for a problem message. >>>>> >>>>> David Lang >>>>> >>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: >>>>> >>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 >>>>>> From: Derek Atkins via rsyslog <[email protected]> >>>>>> To: [email protected] >>>>>> Cc: Derek Atkins <[email protected]> >>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is >>>>>> "127.0.0.1"? >>>>>> >>>>>> Hi, >>>>>> >>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on two >>>>>> different platforms (nios2 and arm). The Nios2 platform works >>>>>> great. >>>>>> However, on the Arm platform, rsyslog seems to think the local >>>>>> hostname >>>>>> is >>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages >>>>>> contains: >>>>>> >>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" >>>>>> swVersion="8.2010.0" x-pid="8080" x-info="https://www.rsyslog.com";] >>>>>> start >>>>>> >>>>>> Notice the "127" in there? That's where the "hostname" is supposed >>>>>> to >>>>>> be. >>>>>> So if for some reason it thinks the FQDN is an IP address, that >>>>>> would >>>>>> explain why this is doing that. But that's weird, because: >>>>>> >>>>>> # hostname >>>>>> arm-host >>>>>> >>>>>> Moreover, if I compile and run the code to execute a >>>>>> "gethostbyname()" >>>>>> it >>>>>> also returns "arm-host". So I have no idea where it's getting the >>>>>> idea >>>>>> that the hostname/FQDN is an IP Address. >>>>>> >>>>>> I'll note that on the Nios2 this works as expected: >>>>>> >>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" >>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com";] >>>>>> start >>>>>> >>>>>> I'll say this is the same version of rsyslog on both systems, built >>>>>> with >>>>>> the same sources, and (ostensibly) with the same build-time, and >>>>>> definitely the same run-time configurations. >>>>>> >>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm not >>>>>> sure >>>>>> where else to look. >>>>>> >>>>>> So I'm hoping you experts might be able to help me? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> -derek >>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>> >> >> >> -- >> Derek Atkins 617-623-3745 >> [email protected] www.ihtfp.com >> Computer and Internet Security Consultant >> >> _______________________________________________ >> rsyslog mailing list >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > -- > Derek Atkins 617-623-3745 > [email protected] www.ihtfp.com > Computer and Internet Security Consultant > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
