David, # cat >> /etc/rsyslog.conf $template foo,"%$myhostname%/n" /var/log/myhostname;foo # /etc/init.d/S01rsyslogd restart Stopping rsyslogd: OK Starting rsyslogd: OK # tail /var/log/myhostname 127/n#
-derek On Wed, October 6, 2021 2:35 pm, David Lang wrote: > $template foo,"%$myhostname%/n" > /var/log/myhostname;foo > > run this for a very short time as it will write a line to this file for > every > log message that arrives :-) > > David Lang > > On Wed, 6 Oct 2021, Derek Atkins wrote: > >> Date: Wed, 6 Oct 2021 13:45:56 -0400 >> From: Derek Atkins <[email protected]> >> To: David Lang <[email protected]> >> Cc: Derek Atkins via rsyslog <[email protected]> >> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname >> is >> "127.0.0.1"? >> >> David, >> >> I am happy to revert back to the uclibc installation and feed you data, >> if >> you can give me what to copy-and-paste into my rsyslogd.conf file? >> >> -derek >> >> On Wed, October 6, 2021 1:43 pm, David Lang wrote: >>> I believe that rsyslog uses the gethostbyname() call to convert the IP >>> to >>> name >>> >>> it would also be interesting to create a custom templete with >>> %$myhostname% in >>> it and see what that returns. >>> >>> I'm not sure if in this case, rsyslog is seeing that there is no >>> hostname >>> in the >>> message and using $myhostname (and that is wrong) or if it's trying to >>> resolve >>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname >>> that's >>> wrong) >>> >>> If we can identify what's happening, we can then try to create a fix. >>> It >>> would >>> be nice to support non-glibc builds >>> >>> David Lang >>> >>> >>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote: >>> >>>> I just rebuilt the Arm platform with GLibc and.... syslog is working. >>>> So I will go and blame uclibc for the bug. >>>> >>>> Thank you for getting me to look more closely (and pointing out that >>>> the >>>> issue is that rsyslogd was not getting a valid hostname). >>>> >>>> Thanks all! >>>> >>>> -derek >>>> >>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote: >>>>> Good morning, >>>>> >>>>> Thank you for your help so far. >>>>> >>>>> I just wanted to add one more piece of data, on my other host >>>>> (compiled >>>>> in >>>>> the same way from the same source in the same BuildRoot manner, but >>>>> on >>>>> a >>>>> different platform), I get what I would expect: >>>>> >>>>> Debug line with all properties: >>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI: >>>>> 46, >>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: >>>>> 'rsyslogd', >>>>> PROCID: '-', MSGID: '-', >>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-', >>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780" >>>>> x-info="https://www.rsyslog.com";] start' >>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>> x-pid="1780" x-info="https://www.rsyslog.com";] start' >>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin >>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780" >>>>> x-info="https://www.rsyslog.com";] start' >>>>> $!: >>>>> $.: >>>>> $/: >>>>> >>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my >>>>> question is, what APIs are rsyslogd using to try to obtain this >>>>> information? I can certainly compile additional test code and run it >>>>> if >>>>> necessary. I just find it odd that the *host* knows its name but >>>>> rsyslogd >>>>> can't figure it out? >>>>> >>>>> Actually, looking a little closer, I noticed that I'm using uclibc on >>>>> the >>>>> arm platform (the broken one), but glibc on the nios2. I wonder if >>>>> this >>>>> is the issue? >>>>> >>>>> -derek >>>>> >>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote: >>>>>> As I said in my OP: >>>>>> >>>>>> # hostname >>>>>> arm-host >>>>>> >>>>>> and from this query: >>>>>> >>>>>> # cat /etc/hosts >>>>>> 127.0.0.1 localhost >>>>>> 127.0.1.1 arm-host >>>>>> >>>>>> >>>>>> However, as I also stated in my OP, I another another machine on a >>>>>> nios2 >>>>>> with the exact same configuration and there the log messages say the >>>>>> correct hostname. >>>>>> >>>>>> -derek >>>>>> >>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote: >>>>>>> what is in /etc/hosts and what do you get if you run the command >>>>>>> hostname? >>>>>>> >>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip >>>>>>> >>>>>>> the log message you received (as seen by the rawmsg: section) does >>>>>>> not >>>>>>> provide a >>>>>>> hostname (which could have been the problem) >>>>>>> >>>>>>> so based on this, the problem is with name resolution, which should >>>>>>> start >>>>>>> with >>>>>>> /etc/hosts and hostname >>>>>>> >>>>>>> David Lang >>>>>>> >>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote: >>>>>>> >>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400 >>>>>>>> From: Derek Atkins <[email protected]> >>>>>>>> To: David Lang <[email protected]> >>>>>>>> Cc: [email protected] >>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is >>>>>>>> "127.0.0.1"? >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Thank you for the quick response. >>>>>>>> >>>>>>>> The logging here is all done locally, and the issue is in EVERY >>>>>>>> log >>>>>>>> message. The source is local (a call to vsyslog() in an >>>>>>>> application), >>>>>>>> or >>>>>>>> even just a call to "logger". Here is the resulting log message >>>>>>>> from >>>>>>>> rsyslogd starting up: >>>>>>>> >>>>>>>> Debug line with all properties: >>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: >>>>>>>> 46, >>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', >>>>>>>> PROCID: >>>>>>>> '-', MSGID: '-', >>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', >>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>> x-pid="17368" >>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start' >>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin >>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>> $!: >>>>>>>> $.: >>>>>>>> $/: >>>>>>>> >>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here, >>>>>>>> but >>>>>>>> my >>>>>>>> guess that's the problem? >>>>>>>> >>>>>>>> I can run the same config on the nios2 if you want to see what it >>>>>>>> says, >>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be >>>>>>>> "nios2" >>>>>>>> instead of "127". >>>>>>>> >>>>>>>> The contents of /etc/hosts is effectively the same on both >>>>>>>> machines >>>>>>>> (the >>>>>>>> one that works correctly and this one). >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> -derek >>>>>>>> >>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote: >>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can >>>>>>>>> see >>>>>>>>> exactly what >>>>>>>>> rsyslog is being sent for a problem message. >>>>>>>>> >>>>>>>>> David Lang >>>>>>>>> >>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: >>>>>>>>> >>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 >>>>>>>>>> From: Derek Atkins via rsyslog <[email protected]> >>>>>>>>>> To: [email protected] >>>>>>>>>> Cc: Derek Atkins <[email protected]> >>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is >>>>>>>>>> "127.0.0.1"? >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on >>>>>>>>>> two >>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works >>>>>>>>>> great. >>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local >>>>>>>>>> hostname >>>>>>>>>> is >>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages >>>>>>>>>> contains: >>>>>>>>>> >>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" >>>>>>>>>> swVersion="8.2010.0" x-pid="8080" >>>>>>>>>> x-info="https://www.rsyslog.com";] >>>>>>>>>> start >>>>>>>>>> >>>>>>>>>> Notice the "127" in there? That's where the "hostname" is >>>>>>>>>> supposed >>>>>>>>>> to >>>>>>>>>> be. >>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that >>>>>>>>>> would >>>>>>>>>> explain why this is doing that. But that's weird, because: >>>>>>>>>> >>>>>>>>>> # hostname >>>>>>>>>> arm-host >>>>>>>>>> >>>>>>>>>> Moreover, if I compile and run the code to execute a >>>>>>>>>> "gethostbyname()" >>>>>>>>>> it >>>>>>>>>> also returns "arm-host". So I have no idea where it's getting >>>>>>>>>> the >>>>>>>>>> idea >>>>>>>>>> that the hostname/FQDN is an IP Address. >>>>>>>>>> >>>>>>>>>> I'll note that on the Nios2 this works as expected: >>>>>>>>>> >>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" >>>>>>>>>> swVersion="8.2010.0" x-pid="830" >>>>>>>>>> x-info="https://www.rsyslog.com";] >>>>>>>>>> start >>>>>>>>>> >>>>>>>>>> I'll say this is the same version of rsyslog on both systems, >>>>>>>>>> built >>>>>>>>>> with >>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and >>>>>>>>>> definitely the same run-time configurations. >>>>>>>>>> >>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm >>>>>>>>>> not >>>>>>>>>> sure >>>>>>>>>> where else to look. >>>>>>>>>> >>>>>>>>>> So I'm hoping you experts might be able to help me? >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> -derek >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Derek Atkins 617-623-3745 >>>>>> [email protected] www.ihtfp.com >>>>>> Computer and Internet Security Consultant >>>>>> >>>>>> _______________________________________________ >>>>>> rsyslog mailing list >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>> http://www.rsyslog.com/professional-services/ >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>>> myriad >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>>>> you >>>>>> DON'T LIKE THAT. >>>>>> >>>>> >>>>> >>>>> -- >>>>> Derek Atkins 617-623-3745 >>>>> [email protected] www.ihtfp.com >>>>> Computer and Internet Security Consultant >>>>> >>>>> _______________________________________________ >>>>> rsyslog mailing list >>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>> http://www.rsyslog.com/professional-services/ >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>>> you >>>>> DON'T LIKE THAT. >>>>> >>>> >>>> >>>> >>> >> >> >> > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
