David, # hostname -f arm-host # hostname arm-host # /etc/init.d/S01rsyslogd restart Stopping rsyslogd: OK Starting rsyslogd: OK # tail /var/log/myhostname 127/n127/n#
So nope, didn't change anything. -derek On Wed, October 6, 2021 6:10 pm, David Lang wrote: > try > > hostname -f > > that give the fully qualified hostname, it if returns 127.0.0.1 then > somehow > that is getting set as the hostname and gethostname() is removing all > after the > first '.', resulting in 127 that you are seeing > > try setting the hostname > > hostname name-you-want > > then restart rsyslog and see if it finds the correct name (if so, this is > a > problem in setting the name, not in rsyslog fetching the name) > > David Lang > > > On Wed, 6 Oct 2021, David Lang > wrote: > >> Date: Wed, 6 Oct 2021 15:06:04 -0700 (PDT) >> From: David Lang <[email protected]> >> To: Derek Atkins <[email protected]> >> Cc: David Lang <[email protected]>, [email protected] >> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname >> is >> "127.0.0.1"? >> >> ok, that confirms that the syscall to get the hostname isn't working >> >> Rainer, what call do we make? >> >> David Lang >> >> On Wed, 6 Oct 2021, Derek Atkins wrote: >> >>> Date: Wed, 6 Oct 2021 16:20:46 -0400 >>> From: Derek Atkins <[email protected]> >>> To: David Lang <[email protected]> >>> Cc: [email protected] >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's >>> hostname is >>> "127.0.0.1"? >>> >>> David, >>> >>> # cat >> /etc/rsyslog.conf >>> $template foo,"%$myhostname%/n" >>> /var/log/myhostname;foo >>> # /etc/init.d/S01rsyslogd restart >>> Stopping rsyslogd: OK >>> Starting rsyslogd: OK >>> # tail /var/log/myhostname >>> 127/n# >>> >>> -derek >>> >>> On Wed, October 6, 2021 2:35 pm, David Lang wrote: >>>> $template foo,"%$myhostname%/n" >>>> /var/log/myhostname;foo >>>> >>>> run this for a very short time as it will write a line to this file >>>> for >>>> every >>>> log message that arrives :-) >>>> >>>> David Lang >>>> >>>> On Wed, 6 Oct 2021, Derek Atkins wrote: >>>> >>>>> Date: Wed, 6 Oct 2021 13:45:56 -0400 >>>>> From: Derek Atkins <[email protected]> >>>>> To: David Lang <[email protected]> >>>>> Cc: Derek Atkins via rsyslog <[email protected]> >>>>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's >>>>> hostname >>>>> is >>>>> "127.0.0.1"? >>>>> >>>>> David, >>>>> >>>>> I am happy to revert back to the uclibc installation and feed you >>>>> data, >>>>> if >>>>> you can give me what to copy-and-paste into my rsyslogd.conf file? >>>>> >>>>> -derek >>>>> >>>>> On Wed, October 6, 2021 1:43 pm, David Lang wrote: >>>>>> I believe that rsyslog uses the gethostbyname() call to convert the >>>>>> IP >>>>>> to >>>>>> name >>>>>> >>>>>> it would also be interesting to create a custom templete with >>>>>> %$myhostname% in >>>>>> it and see what that returns. >>>>>> >>>>>> I'm not sure if in this case, rsyslog is seeing that there is no >>>>>> hostname >>>>>> in the >>>>>> message and using $myhostname (and that is wrong) or if it's trying >>>>>> to >>>>>> resolve >>>>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname >>>>>> that's >>>>>> wrong) >>>>>> >>>>>> If we can identify what's happening, we can then try to create a >>>>>> fix. >>>>>> It >>>>>> would >>>>>> be nice to support non-glibc builds >>>>>> >>>>>> David Lang >>>>>> >>>>>> >>>>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote: >>>>>> >>>>>>> I just rebuilt the Arm platform with GLibc and.... syslog is >>>>>>> working. >>>>>>> So I will go and blame uclibc for the bug. >>>>>>> >>>>>>> Thank you for getting me to look more closely (and pointing out >>>>>>> that >>>>>>> the >>>>>>> issue is that rsyslogd was not getting a valid hostname). >>>>>>> >>>>>>> Thanks all! >>>>>>> >>>>>>> -derek >>>>>>> >>>>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote: >>>>>>>> Good morning, >>>>>>>> >>>>>>>> Thank you for your help so far. >>>>>>>> >>>>>>>> I just wanted to add one more piece of data, on my other host >>>>>>>> (compiled >>>>>>>> in >>>>>>>> the same way from the same source in the same BuildRoot manner, >>>>>>>> but >>>>>>>> on >>>>>>>> a >>>>>>>> different platform), I get what I would expect: >>>>>>>> >>>>>>>> Debug line with all properties: >>>>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', >>>>>>>> PRI: >>>>>>>> 46, >>>>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: >>>>>>>> 'rsyslogd', >>>>>>>> PROCID: '-', MSGID: '-', >>>>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-', >>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>> x-pid="1780" >>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>> x-pid="1780" x-info="https://www.rsyslog.com";] start' >>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin >>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780" >>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>> $!: >>>>>>>> $.: >>>>>>>> $/: >>>>>>>> >>>>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess >>>>>>>> my >>>>>>>> question is, what APIs are rsyslogd using to try to obtain this >>>>>>>> information? I can certainly compile additional test code and run >>>>>>>> it >>>>>>>> if >>>>>>>> necessary. I just find it odd that the *host* knows its name but >>>>>>>> rsyslogd >>>>>>>> can't figure it out? >>>>>>>> >>>>>>>> Actually, looking a little closer, I noticed that I'm using uclibc >>>>>>>> on >>>>>>>> the >>>>>>>> arm platform (the broken one), but glibc on the nios2. I wonder >>>>>>>> if >>>>>>>> this >>>>>>>> is the issue? >>>>>>>> >>>>>>>> -derek >>>>>>>> >>>>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote: >>>>>>>>> As I said in my OP: >>>>>>>>> >>>>>>>>> # hostname >>>>>>>>> arm-host >>>>>>>>> >>>>>>>>> and from this query: >>>>>>>>> >>>>>>>>> # cat /etc/hosts >>>>>>>>> 127.0.0.1 localhost >>>>>>>>> 127.0.1.1 arm-host >>>>>>>>> >>>>>>>>> >>>>>>>>> However, as I also stated in my OP, I another another machine on >>>>>>>>> a >>>>>>>>> nios2 >>>>>>>>> with the exact same configuration and there the log messages say >>>>>>>>> the >>>>>>>>> correct hostname. >>>>>>>>> >>>>>>>>> -derek >>>>>>>>> >>>>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote: >>>>>>>>>> what is in /etc/hosts and what do you get if you run the command >>>>>>>>>> hostname? >>>>>>>>>> >>>>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip >>>>>>>>>> >>>>>>>>>> the log message you received (as seen by the rawmsg: section) >>>>>>>>>> does >>>>>>>>>> not >>>>>>>>>> provide a >>>>>>>>>> hostname (which could have been the problem) >>>>>>>>>> >>>>>>>>>> so based on this, the problem is with name resolution, which >>>>>>>>>> should >>>>>>>>>> start >>>>>>>>>> with >>>>>>>>>> /etc/hosts and hostname >>>>>>>>>> >>>>>>>>>> David Lang >>>>>>>>>> >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote: >>>>>>>>>> >>>>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400 >>>>>>>>>>> From: Derek Atkins <[email protected]> >>>>>>>>>>> To: David Lang <[email protected]> >>>>>>>>>>> Cc: [email protected] >>>>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is >>>>>>>>>>> "127.0.0.1"? >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> Thank you for the quick response. >>>>>>>>>>> >>>>>>>>>>> The logging here is all done locally, and the issue is in EVERY >>>>>>>>>>> log >>>>>>>>>>> message. The source is local (a call to vsyslog() in an >>>>>>>>>>> application), >>>>>>>>>>> or >>>>>>>>>>> even just a call to "logger". Here is the resulting log >>>>>>>>>>> message >>>>>>>>>>> from >>>>>>>>>>> rsyslogd starting up: >>>>>>>>>>> >>>>>>>>>>> Debug line with all properties: >>>>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', >>>>>>>>>>> PRI: >>>>>>>>>>> 46, >>>>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', >>>>>>>>>>> PROCID: >>>>>>>>>>> '-', MSGID: '-', >>>>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', >>>>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>>>>> x-pid="17368" >>>>>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" >>>>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start' >>>>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: >>>>>>>>>>> [origin >>>>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" >>>>>>>>>>> x-info="https://www.rsyslog.com";] start' >>>>>>>>>>> $!: >>>>>>>>>>> $.: >>>>>>>>>>> $/: >>>>>>>>>>> >>>>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from >>>>>>>>>>> here, >>>>>>>>>>> but >>>>>>>>>>> my >>>>>>>>>>> guess that's the problem? >>>>>>>>>>> >>>>>>>>>>> I can run the same config on the nios2 if you want to see what >>>>>>>>>>> it >>>>>>>>>>> says, >>>>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be >>>>>>>>>>> "nios2" >>>>>>>>>>> instead of "127". >>>>>>>>>>> >>>>>>>>>>> The contents of /etc/hosts is effectively the same on both >>>>>>>>>>> machines >>>>>>>>>>> (the >>>>>>>>>>> one that works correctly and this one). >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> -derek >>>>>>>>>>> >>>>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote: >>>>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we >>>>>>>>>>>> can >>>>>>>>>>>> see >>>>>>>>>>>> exactly what >>>>>>>>>>>> rsyslog is being sent for a problem message. >>>>>>>>>>>> >>>>>>>>>>>> David Lang >>>>>>>>>>>> >>>>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 >>>>>>>>>>>>> From: Derek Atkins via rsyslog <[email protected]> >>>>>>>>>>>>> To: [email protected] >>>>>>>>>>>>> Cc: Derek Atkins <[email protected]> >>>>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is >>>>>>>>>>>>> "127.0.0.1"? >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it >>>>>>>>>>>>> on >>>>>>>>>>>>> two >>>>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform >>>>>>>>>>>>> works >>>>>>>>>>>>> great. >>>>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the >>>>>>>>>>>>> local >>>>>>>>>>>>> hostname >>>>>>>>>>>>> is >>>>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages >>>>>>>>>>>>> contains: >>>>>>>>>>>>> >>>>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" >>>>>>>>>>>>> swVersion="8.2010.0" x-pid="8080" >>>>>>>>>>>>> x-info="https://www.rsyslog.com";] >>>>>>>>>>>>> start >>>>>>>>>>>>> >>>>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is >>>>>>>>>>>>> supposed >>>>>>>>>>>>> to >>>>>>>>>>>>> be. >>>>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, >>>>>>>>>>>>> that >>>>>>>>>>>>> would >>>>>>>>>>>>> explain why this is doing that. But that's weird, because: >>>>>>>>>>>>> >>>>>>>>>>>>> # hostname >>>>>>>>>>>>> arm-host >>>>>>>>>>>>> >>>>>>>>>>>>> Moreover, if I compile and run the code to execute a >>>>>>>>>>>>> "gethostbyname()" >>>>>>>>>>>>> it >>>>>>>>>>>>> also returns "arm-host". So I have no idea where it's >>>>>>>>>>>>> getting >>>>>>>>>>>>> the >>>>>>>>>>>>> idea >>>>>>>>>>>>> that the hostname/FQDN is an IP Address. >>>>>>>>>>>>> >>>>>>>>>>>>> I'll note that on the Nios2 this works as expected: >>>>>>>>>>>>> >>>>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" >>>>>>>>>>>>> swVersion="8.2010.0" x-pid="830" >>>>>>>>>>>>> x-info="https://www.rsyslog.com";] >>>>>>>>>>>>> start >>>>>>>>>>>>> >>>>>>>>>>>>> I'll say this is the same version of rsyslog on both systems, >>>>>>>>>>>>> built >>>>>>>>>>>>> with >>>>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, >>>>>>>>>>>>> and >>>>>>>>>>>>> definitely the same run-time configurations. >>>>>>>>>>>>> >>>>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and >>>>>>>>>>>>> I'm >>>>>>>>>>>>> not >>>>>>>>>>>>> sure >>>>>>>>>>>>> where else to look. >>>>>>>>>>>>> >>>>>>>>>>>>> So I'm hoping you experts might be able to help me? >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks! >>>>>>>>>>>>> >>>>>>>>>>>>> -derek >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Derek Atkins 617-623-3745 >>>>>>>>> [email protected] www.ihtfp.com >>>>>>>>> Computer and Internet Security Consultant >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> rsyslog mailing list >>>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>>>>> http://www.rsyslog.com/professional-services/ >>>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>>>>>> myriad >>>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST >>>>>>>>> if >>>>>>>>> you >>>>>>>>> DON'T LIKE THAT. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Derek Atkins 617-623-3745 >>>>>>>> [email protected] www.ihtfp.com >>>>>>>> Computer and Internet Security Consultant >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> rsyslog mailing list >>>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>>>> http://www.rsyslog.com/professional-services/ >>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>>>>> myriad >>>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>>>>>> you >>>>>>>> DON'T LIKE THAT. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >>> >> > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
