David, I am happy to revert back to the uclibc installation and feed you data, if you can give me what to copy-and-paste into my rsyslogd.conf file?
-derek On Wed, October 6, 2021 1:43 pm, David Lang wrote: > I believe that rsyslog uses the gethostbyname() call to convert the IP to > name > > it would also be interesting to create a custom templete with > %$myhostname% in > it and see what that returns. > > I'm not sure if in this case, rsyslog is seeing that there is no hostname > in the > message and using $myhostname (and that is wrong) or if it's trying to > resolve > 127.0.0.1 and that's failing (I suspect that it's the $myhostname that's > wrong) > > If we can identify what's happening, we can then try to create a fix. It > would > be nice to support non-glibc builds > > David Lang > > > On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote: > >> I just rebuilt the Arm platform with GLibc and.... syslog is working. >> So I will go and blame uclibc for the bug. >> >> Thank you for getting me to look more closely (and pointing out that the >> issue is that rsyslogd was not getting a valid hostname). >> >> Thanks all! >> >> -derek >> >> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote: >>> Good morning, >>> >>> Thank you for your help so far. >>> >>> I just wanted to add one more piece of data, on my other host (compiled >>> in >>> the same way from the same source in the same BuildRoot manner, but on >>> a >>> different platform), I get what I would expect: >>> >>> Debug line with all properties: >>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: >>> 46, >>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: >>> 'rsyslogd', >>> PROCID: '-', MSGID: '-', >>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-', >>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780" >>> x-info="https://www.rsyslog.com";] start' >>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>> x-pid="1780" x-info="https://www.rsyslog.com";] start' >>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin >>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780" >>> x-info="https://www.rsyslog.com";] start' >>> $!: >>> $.: >>> $/: >>> >>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my >>> question is, what APIs are rsyslogd using to try to obtain this >>> information? I can certainly compile additional test code and run it >>> if >>> necessary. I just find it odd that the *host* knows its name but >>> rsyslogd >>> can't figure it out? >>> >>> Actually, looking a little closer, I noticed that I'm using uclibc on >>> the >>> arm platform (the broken one), but glibc on the nios2. I wonder if >>> this >>> is the issue? >>> >>> -derek >>> >>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote: >>>> As I said in my OP: >>>> >>>> # hostname >>>> arm-host >>>> >>>> and from this query: >>>> >>>> # cat /etc/hosts >>>> 127.0.0.1 localhost >>>> 127.0.1.1 arm-host >>>> >>>> >>>> However, as I also stated in my OP, I another another machine on a >>>> nios2 >>>> with the exact same configuration and there the log messages say the >>>> correct hostname. >>>> >>>> -derek >>>> >>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote: >>>>> what is in /etc/hosts and what do you get if you run the command >>>>> hostname? >>>>> >>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip >>>>> >>>>> the log message you received (as seen by the rawmsg: section) does >>>>> not >>>>> provide a >>>>> hostname (which could have been the problem) >>>>> >>>>> so based on this, the problem is with name resolution, which should >>>>> start >>>>> with >>>>> /etc/hosts and hostname >>>>> >>>>> David Lang >>>>> >>>>> On Tue, 5 Oct 2021, Derek Atkins wrote: >>>>> >>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400 >>>>>> From: Derek Atkins <[email protected]> >>>>>> To: David Lang <[email protected]> >>>>>> Cc: [email protected] >>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is >>>>>> "127.0.0.1"? >>>>>> >>>>>> Hi, >>>>>> >>>>>> Thank you for the quick response. >>>>>> >>>>>> The logging here is all done locally, and the issue is in EVERY log >>>>>> message. The source is local (a call to vsyslog() in an >>>>>> application), >>>>>> or >>>>>> even just a call to "logger". Here is the resulting log message >>>>>> from >>>>>> rsyslogd starting up: >>>>>> >>>>>> Debug line with all properties: >>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: 46, >>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', >>>>>> PROCID: >>>>>> '-', MSGID: '-', >>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>> x-pid="17368" >>>>>> x-info="https://www.rsyslog.com";] start' >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start' >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >>>>>> x-info="https://www.rsyslog.com";] start' >>>>>> $!: >>>>>> $.: >>>>>> $/: >>>>>> >>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, >>>>>> but >>>>>> my >>>>>> guess that's the problem? >>>>>> >>>>>> I can run the same config on the nios2 if you want to see what it >>>>>> says, >>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be >>>>>> "nios2" >>>>>> instead of "127". >>>>>> >>>>>> The contents of /etc/hosts is effectively the same on both machines >>>>>> (the >>>>>> one that works correctly and this one). >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -derek >>>>>> >>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote: >>>>>>> please log with the template RSYSLOG_DebugFormat so that we can see >>>>>>> exactly what >>>>>>> rsyslog is being sent for a problem message. >>>>>>> >>>>>>> David Lang >>>>>>> >>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: >>>>>>> >>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 >>>>>>>> From: Derek Atkins via rsyslog <[email protected]> >>>>>>>> To: [email protected] >>>>>>>> Cc: Derek Atkins <[email protected]> >>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is >>>>>>>> "127.0.0.1"? >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on >>>>>>>> two >>>>>>>> different platforms (nios2 and arm). The Nios2 platform works >>>>>>>> great. >>>>>>>> However, on the Arm platform, rsyslog seems to think the local >>>>>>>> hostname >>>>>>>> is >>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages >>>>>>>> contains: >>>>>>>> >>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" >>>>>>>> swVersion="8.2010.0" x-pid="8080" >>>>>>>> x-info="https://www.rsyslog.com";] >>>>>>>> start >>>>>>>> >>>>>>>> Notice the "127" in there? That's where the "hostname" is >>>>>>>> supposed >>>>>>>> to >>>>>>>> be. >>>>>>>> So if for some reason it thinks the FQDN is an IP address, that >>>>>>>> would >>>>>>>> explain why this is doing that. But that's weird, because: >>>>>>>> >>>>>>>> # hostname >>>>>>>> arm-host >>>>>>>> >>>>>>>> Moreover, if I compile and run the code to execute a >>>>>>>> "gethostbyname()" >>>>>>>> it >>>>>>>> also returns "arm-host". So I have no idea where it's getting the >>>>>>>> idea >>>>>>>> that the hostname/FQDN is an IP Address. >>>>>>>> >>>>>>>> I'll note that on the Nios2 this works as expected: >>>>>>>> >>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" >>>>>>>> swVersion="8.2010.0" x-pid="830" x-info="https://www.rsyslog.com";] >>>>>>>> start >>>>>>>> >>>>>>>> I'll say this is the same version of rsyslog on both systems, >>>>>>>> built >>>>>>>> with >>>>>>>> the same sources, and (ostensibly) with the same build-time, and >>>>>>>> definitely the same run-time configurations. >>>>>>>> >>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm >>>>>>>> not >>>>>>>> sure >>>>>>>> where else to look. >>>>>>>> >>>>>>>> So I'm hoping you experts might be able to help me? >>>>>>>> >>>>>>>> Thanks! >>>>>>>> >>>>>>>> -derek >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Derek Atkins 617-623-3745 >>>> [email protected] www.ihtfp.com >>>> Computer and Internet Security Consultant >>>> >>>> _______________________________________________ >>>> rsyslog mailing list >>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>> >>> >>> -- >>> Derek Atkins 617-623-3745 >>> [email protected] www.ihtfp.com >>> Computer and Internet Security Consultant >>> >>> _______________________________________________ >>> rsyslog mailing list >>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>> myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >> >> >> > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
