ah, nah.. This could happen:
gethostname() returns "arm-host".
We see a non-FQDN, so it is not a "real" name and name resolution is
enabled. Then we call getaddrinfo("arm-host", ...), which seems to
return "127.0.0.1". This means the host "arm-host" is not properly
resolved. To prove this is the point, set hostname to
"arm-host.localhost" - due to the dot it now is a FQDN and so the name
resolution should not be done.
Rainer
El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
(<[email protected]>) escribió:
>
> It is gethostname(). But depending on circumstances DNS is also
> involved. In the sample here, "127.0.0.1" being returned, this should
> not be the case.
>
> The prime function used to get the local host name is:
> https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
>
> HTH
> Rainer
>
> El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
> (<[email protected]>) escribió:
> >
> > ok, that confirms that the syscall to get the hostname isn't working
> >
> > Rainer, what call do we make?
> >
> > David Lang
> >
> > On Wed, 6 Oct 2021, Derek Atkins wrote:
> >
> > > Date: Wed, 6 Oct 2021 16:20:46 -0400
> > > From: Derek Atkins <[email protected]>
> > > To: David Lang <[email protected]>
> > > Cc: [email protected]
> > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
> > > is
> > > "127.0.0.1"?
> > >
> > > David,
> > >
> > > # cat >> /etc/rsyslog.conf
> > > $template foo,"%$myhostname%/n"
> > > /var/log/myhostname;foo
> > > # /etc/init.d/S01rsyslogd restart
> > > Stopping rsyslogd: OK
> > > Starting rsyslogd: OK
> > > # tail /var/log/myhostname
> > > 127/n#
> > >
> > > -derek
> > >
> > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
> > >> $template foo,"%$myhostname%/n"
> > >> /var/log/myhostname;foo
> > >>
> > >> run this for a very short time as it will write a line to this file for
> > >> every
> > >> log message that arrives :-)
> > >>
> > >> David Lang
> > >>
> > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
> > >>
> > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
> > >>> From: Derek Atkins <[email protected]>
> > >>> To: David Lang <[email protected]>
> > >>> Cc: Derek Atkins via rsyslog <[email protected]>
> > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's hostname
> > >>> is
> > >>> "127.0.0.1"?
> > >>>
> > >>> David,
> > >>>
> > >>> I am happy to revert back to the uclibc installation and feed you data,
> > >>> if
> > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
> > >>>
> > >>> -derek
> > >>>
> > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
> > >>>> I believe that rsyslog uses the gethostbyname() call to convert the IP
> > >>>> to
> > >>>> name
> > >>>>
> > >>>> it would also be interesting to create a custom templete with
> > >>>> %$myhostname% in
> > >>>> it and see what that returns.
> > >>>>
> > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
> > >>>> hostname
> > >>>> in the
> > >>>> message and using $myhostname (and that is wrong) or if it's trying to
> > >>>> resolve
> > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
> > >>>> that's
> > >>>> wrong)
> > >>>>
> > >>>> If we can identify what's happening, we can then try to create a fix.
> > >>>> It
> > >>>> would
> > >>>> be nice to support non-glibc builds
> > >>>>
> > >>>> David Lang
> > >>>>
> > >>>>
> > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
> > >>>>
> > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is working.
> > >>>>> So I will go and blame uclibc for the bug.
> > >>>>>
> > >>>>> Thank you for getting me to look more closely (and pointing out that
> > >>>>> the
> > >>>>> issue is that rsyslogd was not getting a valid hostname).
> > >>>>>
> > >>>>> Thanks all!
> > >>>>>
> > >>>>> -derek
> > >>>>>
> > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
> > >>>>>> Good morning,
> > >>>>>>
> > >>>>>> Thank you for your help so far.
> > >>>>>>
> > >>>>>> I just wanted to add one more piece of data, on my other host
> > >>>>>> (compiled
> > >>>>>> in
> > >>>>>> the same way from the same source in the same BuildRoot manner, but
> > >>>>>> on
> > >>>>>> a
> > >>>>>> different platform), I get what I would expect:
> > >>>>>>
> > >>>>>> Debug line with all properties:
> > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', PRI:
> > >>>>>> 46,
> > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
> > >>>>>> 'rsyslogd',
> > >>>>>> PROCID: '-', MSGID: '-',
> > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
> > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > >>>>>> x-info="https://www.rsyslog.com";] start'
> > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com";] start'
> > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin
> > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
> > >>>>>> x-info="https://www.rsyslog.com";] start'
> > >>>>>> $!:
> > >>>>>> $.:
> > >>>>>> $/:
> > >>>>>>
> > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess my
> > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
> > >>>>>> information? I can certainly compile additional test code and run it
> > >>>>>> if
> > >>>>>> necessary. I just find it odd that the *host* knows its name but
> > >>>>>> rsyslogd
> > >>>>>> can't figure it out?
> > >>>>>>
> > >>>>>> Actually, looking a little closer, I noticed that I'm using uclibc on
> > >>>>>> the
> > >>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if
> > >>>>>> this
> > >>>>>> is the issue?
> > >>>>>>
> > >>>>>> -derek
> > >>>>>>
> > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote:
> > >>>>>>> As I said in my OP:
> > >>>>>>>
> > >>>>>>> # hostname
> > >>>>>>> arm-host
> > >>>>>>>
> > >>>>>>> and from this query:
> > >>>>>>>
> > >>>>>>> # cat /etc/hosts
> > >>>>>>> 127.0.0.1 localhost
> > >>>>>>> 127.0.1.1 arm-host
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> However, as I also stated in my OP, I another another machine on a
> > >>>>>>> nios2
> > >>>>>>> with the exact same configuration and there the log messages say the
> > >>>>>>> correct hostname.
> > >>>>>>>
> > >>>>>>> -derek
> > >>>>>>>
> > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
> > >>>>>>>> what is in /etc/hosts and what do you get if you run the command
> > >>>>>>>> hostname?
> > >>>>>>>>
> > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip
> > >>>>>>>>
> > >>>>>>>> the log message you received (as seen by the rawmsg: section) does
> > >>>>>>>> not
> > >>>>>>>> provide a
> > >>>>>>>> hostname (which could have been the problem)
> > >>>>>>>>
> > >>>>>>>> so based on this, the problem is with name resolution, which should
> > >>>>>>>> start
> > >>>>>>>> with
> > >>>>>>>> /etc/hosts and hostname
> > >>>>>>>>
> > >>>>>>>> David Lang
> > >>>>>>>>
> > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
> > >>>>>>>>
> > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
> > >>>>>>>>> From: Derek Atkins <[email protected]>
> > >>>>>>>>> To: David Lang <[email protected]>
> > >>>>>>>>> Cc: [email protected]
> > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is
> > >>>>>>>>> "127.0.0.1"?
> > >>>>>>>>>
> > >>>>>>>>> Hi,
> > >>>>>>>>>
> > >>>>>>>>> Thank you for the quick response.
> > >>>>>>>>>
> > >>>>>>>>> The logging here is all done locally, and the issue is in EVERY
> > >>>>>>>>> log
> > >>>>>>>>> message. The source is local (a call to vsyslog() in an
> > >>>>>>>>> application),
> > >>>>>>>>> or
> > >>>>>>>>> even just a call to "logger". Here is the resulting log message
> > >>>>>>>>> from
> > >>>>>>>>> rsyslogd starting up:
> > >>>>>>>>>
> > >>>>>>>>> Debug line with all properties:
> > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI:
> > >>>>>>>>> 46,
> > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog',
> > >>>>>>>>> PROCID:
> > >>>>>>>>> '-', MSGID: '-',
> > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
> > >>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>>>>> x-pid="17368"
> > >>>>>>>>> x-info="https://www.rsyslog.com";] start'
> > >>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
> > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start'
> > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin
> > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
> > >>>>>>>>> x-info="https://www.rsyslog.com";] start'
> > >>>>>>>>> $!:
> > >>>>>>>>> $.:
> > >>>>>>>>> $/:
> > >>>>>>>>>
> > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from here,
> > >>>>>>>>> but
> > >>>>>>>>> my
> > >>>>>>>>> guess that's the problem?
> > >>>>>>>>>
> > >>>>>>>>> I can run the same config on the nios2 if you want to see what it
> > >>>>>>>>> says,
> > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be
> > >>>>>>>>> "nios2"
> > >>>>>>>>> instead of "127".
> > >>>>>>>>>
> > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
> > >>>>>>>>> machines
> > >>>>>>>>> (the
> > >>>>>>>>> one that works correctly and this one).
> > >>>>>>>>>
> > >>>>>>>>> Thanks,
> > >>>>>>>>>
> > >>>>>>>>> -derek
> > >>>>>>>>>
> > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
> > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can
> > >>>>>>>>>> see
> > >>>>>>>>>> exactly what
> > >>>>>>>>>> rsyslog is being sent for a problem message.
> > >>>>>>>>>>
> > >>>>>>>>>> David Lang
> > >>>>>>>>>>
> > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
> > >>>>>>>>>>
> > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
> > >>>>>>>>>>> From: Derek Atkins via rsyslog <[email protected]>
> > >>>>>>>>>>> To: [email protected]
> > >>>>>>>>>>> Cc: Derek Atkins <[email protected]>
> > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
> > >>>>>>>>>>> "127.0.0.1"?
> > >>>>>>>>>>>
> > >>>>>>>>>>> Hi,
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it on
> > >>>>>>>>>>> two
> > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works
> > >>>>>>>>>>> great.
> > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local
> > >>>>>>>>>>> hostname
> > >>>>>>>>>>> is
> > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages
> > >>>>>>>>>>> contains:
> > >>>>>>>>>>>
> > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
> > >>>>>>>>>>> x-info="https://www.rsyslog.com";]
> > >>>>>>>>>>> start
> > >>>>>>>>>>>
> > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
> > >>>>>>>>>>> supposed
> > >>>>>>>>>>> to
> > >>>>>>>>>>> be.
> > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, that
> > >>>>>>>>>>> would
> > >>>>>>>>>>> explain why this is doing that. But that's weird, because:
> > >>>>>>>>>>>
> > >>>>>>>>>>> # hostname
> > >>>>>>>>>>> arm-host
> > >>>>>>>>>>>
> > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
> > >>>>>>>>>>> "gethostbyname()"
> > >>>>>>>>>>> it
> > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting
> > >>>>>>>>>>> the
> > >>>>>>>>>>> idea
> > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
> > >>>>>>>>>>>
> > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd"
> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
> > >>>>>>>>>>> x-info="https://www.rsyslog.com";]
> > >>>>>>>>>>> start
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'll say this is the same version of rsyslog on both systems,
> > >>>>>>>>>>> built
> > >>>>>>>>>>> with
> > >>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, and
> > >>>>>>>>>>> definitely the same run-time configurations.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and I'm
> > >>>>>>>>>>> not
> > >>>>>>>>>>> sure
> > >>>>>>>>>>> where else to look.
> > >>>>>>>>>>>
> > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
> > >>>>>>>>>>>
> > >>>>>>>>>>> Thanks!
> > >>>>>>>>>>>
> > >>>>>>>>>>> -derek
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> Derek Atkins 617-623-3745
> > >>>>>>> [email protected] www.ihtfp.com
> > >>>>>>> Computer and Internet Security Consultant
> > >>>>>>>
> > >>>>>>> _______________________________________________
> > >>>>>>> rsyslog mailing list
> > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>>>> http://www.rsyslog.com/professional-services/
> > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > >>>>>>> myriad
> > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > >>>>>>> you
> > >>>>>>> DON'T LIKE THAT.
> > >>>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> --
> > >>>>>> Derek Atkins 617-623-3745
> > >>>>>> [email protected] www.ihtfp.com
> > >>>>>> Computer and Internet Security Consultant
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> rsyslog mailing list
> > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>>> http://www.rsyslog.com/professional-services/
> > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > >>>>>> myriad
> > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > >>>>>> you
> > >>>>>> DON'T LIKE THAT.
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>
> > >
> > >
> > >
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> > LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
