and another one: why do we do this? Far too many systems are called "localhost" or some similar nonsense. So if we find indication this system is not properly identifying itself, we ask the resolver for its real name. Remember that a remote peer must be able to identify the host based on the hostname field, and putting nonsense into it isn't really helpful.
Rainer El jue, 7 oct 2021 a las 14:22, Rainer Gerhards (<[email protected]>) escribió: > > ah, nah.. This could happen: > > gethostname() returns "arm-host". > > We see a non-FQDN, so it is not a "real" name and name resolution is > enabled. Then we call getaddrinfo("arm-host", ...), which seems to > return "127.0.0.1". This means the host "arm-host" is not properly > resolved. To prove this is the point, set hostname to > "arm-host.localhost" - due to the dot it now is a FQDN and so the name > resolution should not be done. > > Rainer > > El jue, 7 oct 2021 a las 14:16, Rainer Gerhards > (<[email protected]>) escribió: > > > > It is gethostname(). But depending on circumstances DNS is also > > involved. In the sample here, "127.0.0.1" being returned, this should > > not be the case. > > > > The prime function used to get the local host name is: > > https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166 > > > > HTH > > Rainer > > > > El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog > > (<[email protected]>) escribió: > > > > > > ok, that confirms that the syscall to get the hostname isn't working > > > > > > Rainer, what call do we make? > > > > > > David Lang > > > > > > On Wed, 6 Oct 2021, Derek Atkins wrote: > > > > > > > Date: Wed, 6 Oct 2021 16:20:46 -0400 > > > > From: Derek Atkins <[email protected]> > > > > To: David Lang <[email protected]> > > > > Cc: [email protected] > > > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's > > > > hostname is > > > > "127.0.0.1"? > > > > > > > > David, > > > > > > > > # cat >> /etc/rsyslog.conf > > > > $template foo,"%$myhostname%/n" > > > > /var/log/myhostname;foo > > > > # /etc/init.d/S01rsyslogd restart > > > > Stopping rsyslogd: OK > > > > Starting rsyslogd: OK > > > > # tail /var/log/myhostname > > > > 127/n# > > > > > > > > -derek > > > > > > > > On Wed, October 6, 2021 2:35 pm, David Lang wrote: > > > >> $template foo,"%$myhostname%/n" > > > >> /var/log/myhostname;foo > > > >> > > > >> run this for a very short time as it will write a line to this file for > > > >> every > > > >> log message that arrives :-) > > > >> > > > >> David Lang > > > >> > > > >> On Wed, 6 Oct 2021, Derek Atkins wrote: > > > >> > > > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400 > > > >>> From: Derek Atkins <[email protected]> > > > >>> To: David Lang <[email protected]> > > > >>> Cc: Derek Atkins via rsyslog <[email protected]> > > > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's > > > >>> hostname > > > >>> is > > > >>> "127.0.0.1"? > > > >>> > > > >>> David, > > > >>> > > > >>> I am happy to revert back to the uclibc installation and feed you > > > >>> data, > > > >>> if > > > >>> you can give me what to copy-and-paste into my rsyslogd.conf file? > > > >>> > > > >>> -derek > > > >>> > > > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote: > > > >>>> I believe that rsyslog uses the gethostbyname() call to convert the > > > >>>> IP > > > >>>> to > > > >>>> name > > > >>>> > > > >>>> it would also be interesting to create a custom templete with > > > >>>> %$myhostname% in > > > >>>> it and see what that returns. > > > >>>> > > > >>>> I'm not sure if in this case, rsyslog is seeing that there is no > > > >>>> hostname > > > >>>> in the > > > >>>> message and using $myhostname (and that is wrong) or if it's trying > > > >>>> to > > > >>>> resolve > > > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname > > > >>>> that's > > > >>>> wrong) > > > >>>> > > > >>>> If we can identify what's happening, we can then try to create a fix. > > > >>>> It > > > >>>> would > > > >>>> be nice to support non-glibc builds > > > >>>> > > > >>>> David Lang > > > >>>> > > > >>>> > > > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote: > > > >>>> > > > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is > > > >>>>> working. > > > >>>>> So I will go and blame uclibc for the bug. > > > >>>>> > > > >>>>> Thank you for getting me to look more closely (and pointing out that > > > >>>>> the > > > >>>>> issue is that rsyslogd was not getting a valid hostname). > > > >>>>> > > > >>>>> Thanks all! > > > >>>>> > > > >>>>> -derek > > > >>>>> > > > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote: > > > >>>>>> Good morning, > > > >>>>>> > > > >>>>>> Thank you for your help so far. > > > >>>>>> > > > >>>>>> I just wanted to add one more piece of data, on my other host > > > >>>>>> (compiled > > > >>>>>> in > > > >>>>>> the same way from the same source in the same BuildRoot manner, but > > > >>>>>> on > > > >>>>>> a > > > >>>>>> different platform), I get what I would expect: > > > >>>>>> > > > >>>>>> Debug line with all properties: > > > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2', > > > >>>>>> PRI: > > > >>>>>> 46, > > > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME: > > > >>>>>> 'rsyslogd', > > > >>>>>> PROCID: '-', MSGID: '-', > > > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-', > > > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" > > > >>>>>> x-pid="1780" > > > >>>>>> x-info="https://www.rsyslog.com";] start' > > > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" > > > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com";] start' > > > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd: [origin > > > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780" > > > >>>>>> x-info="https://www.rsyslog.com";] start' > > > >>>>>> $!: > > > >>>>>> $.: > > > >>>>>> $/: > > > >>>>>> > > > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I guess > > > >>>>>> my > > > >>>>>> question is, what APIs are rsyslogd using to try to obtain this > > > >>>>>> information? I can certainly compile additional test code and run > > > >>>>>> it > > > >>>>>> if > > > >>>>>> necessary. I just find it odd that the *host* knows its name but > > > >>>>>> rsyslogd > > > >>>>>> can't figure it out? > > > >>>>>> > > > >>>>>> Actually, looking a little closer, I noticed that I'm using uclibc > > > >>>>>> on > > > >>>>>> the > > > >>>>>> arm platform (the broken one), but glibc on the nios2. I wonder if > > > >>>>>> this > > > >>>>>> is the issue? > > > >>>>>> > > > >>>>>> -derek > > > >>>>>> > > > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog wrote: > > > >>>>>>> As I said in my OP: > > > >>>>>>> > > > >>>>>>> # hostname > > > >>>>>>> arm-host > > > >>>>>>> > > > >>>>>>> and from this query: > > > >>>>>>> > > > >>>>>>> # cat /etc/hosts > > > >>>>>>> 127.0.0.1 localhost > > > >>>>>>> 127.0.1.1 arm-host > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> However, as I also stated in my OP, I another another machine on a > > > >>>>>>> nios2 > > > >>>>>>> with the exact same configuration and there the log messages say > > > >>>>>>> the > > > >>>>>>> correct hostname. > > > >>>>>>> > > > >>>>>>> -derek > > > >>>>>>> > > > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote: > > > >>>>>>>> what is in /etc/hosts and what do you get if you run the command > > > >>>>>>>> hostname? > > > >>>>>>>> > > > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the fromhost-ip > > > >>>>>>>> > > > >>>>>>>> the log message you received (as seen by the rawmsg: section) > > > >>>>>>>> does > > > >>>>>>>> not > > > >>>>>>>> provide a > > > >>>>>>>> hostname (which could have been the problem) > > > >>>>>>>> > > > >>>>>>>> so based on this, the problem is with name resolution, which > > > >>>>>>>> should > > > >>>>>>>> start > > > >>>>>>>> with > > > >>>>>>>> /etc/hosts and hostname > > > >>>>>>>> > > > >>>>>>>> David Lang > > > >>>>>>>> > > > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote: > > > >>>>>>>> > > > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400 > > > >>>>>>>>> From: Derek Atkins <[email protected]> > > > >>>>>>>>> To: David Lang <[email protected]> > > > >>>>>>>>> Cc: [email protected] > > > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname is > > > >>>>>>>>> "127.0.0.1"? > > > >>>>>>>>> > > > >>>>>>>>> Hi, > > > >>>>>>>>> > > > >>>>>>>>> Thank you for the quick response. > > > >>>>>>>>> > > > >>>>>>>>> The logging here is all done locally, and the issue is in EVERY > > > >>>>>>>>> log > > > >>>>>>>>> message. The source is local (a call to vsyslog() in an > > > >>>>>>>>> application), > > > >>>>>>>>> or > > > >>>>>>>>> even just a call to "logger". Here is the resulting log message > > > >>>>>>>>> from > > > >>>>>>>>> rsyslogd starting up: > > > >>>>>>>>> > > > >>>>>>>>> Debug line with all properties: > > > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127', PRI: > > > >>>>>>>>> 46, > > > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME: 'syslog', > > > >>>>>>>>> PROCID: > > > >>>>>>>>> '-', MSGID: '-', > > > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-', > > > >>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0" > > > >>>>>>>>> x-pid="17368" > > > >>>>>>>>> x-info="https://www.rsyslog.com";] start' > > > >>>>>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0" > > > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start' > > > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog: [origin > > > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368" > > > >>>>>>>>> x-info="https://www.rsyslog.com";] start' > > > >>>>>>>>> $!: > > > >>>>>>>>> $.: > > > >>>>>>>>> $/: > > > >>>>>>>>> > > > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from > > > >>>>>>>>> here, > > > >>>>>>>>> but > > > >>>>>>>>> my > > > >>>>>>>>> guess that's the problem? > > > >>>>>>>>> > > > >>>>>>>>> I can run the same config on the nios2 if you want to see what > > > >>>>>>>>> it > > > >>>>>>>>> says, > > > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both be > > > >>>>>>>>> "nios2" > > > >>>>>>>>> instead of "127". > > > >>>>>>>>> > > > >>>>>>>>> The contents of /etc/hosts is effectively the same on both > > > >>>>>>>>> machines > > > >>>>>>>>> (the > > > >>>>>>>>> one that works correctly and this one). > > > >>>>>>>>> > > > >>>>>>>>> Thanks, > > > >>>>>>>>> > > > >>>>>>>>> -derek > > > >>>>>>>>> > > > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote: > > > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we can > > > >>>>>>>>>> see > > > >>>>>>>>>> exactly what > > > >>>>>>>>>> rsyslog is being sent for a problem message. > > > >>>>>>>>>> > > > >>>>>>>>>> David Lang > > > >>>>>>>>>> > > > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote: > > > >>>>>>>>>> > > > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400 > > > >>>>>>>>>>> From: Derek Atkins via rsyslog <[email protected]> > > > >>>>>>>>>>> To: [email protected] > > > >>>>>>>>>>> Cc: Derek Atkins <[email protected]> > > > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is > > > >>>>>>>>>>> "127.0.0.1"? > > > >>>>>>>>>>> > > > >>>>>>>>>>> Hi, > > > >>>>>>>>>>> > > > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built it > > > >>>>>>>>>>> on > > > >>>>>>>>>>> two > > > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform works > > > >>>>>>>>>>> great. > > > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the local > > > >>>>>>>>>>> hostname > > > >>>>>>>>>>> is > > > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well, /var/log/messages > > > >>>>>>>>>>> contains: > > > >>>>>>>>>>> > > > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd" > > > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080" > > > >>>>>>>>>>> x-info="https://www.rsyslog.com";] > > > >>>>>>>>>>> start > > > >>>>>>>>>>> > > > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is > > > >>>>>>>>>>> supposed > > > >>>>>>>>>>> to > > > >>>>>>>>>>> be. > > > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address, > > > >>>>>>>>>>> that > > > >>>>>>>>>>> would > > > >>>>>>>>>>> explain why this is doing that. But that's weird, because: > > > >>>>>>>>>>> > > > >>>>>>>>>>> # hostname > > > >>>>>>>>>>> arm-host > > > >>>>>>>>>>> > > > >>>>>>>>>>> Moreover, if I compile and run the code to execute a > > > >>>>>>>>>>> "gethostbyname()" > > > >>>>>>>>>>> it > > > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's getting > > > >>>>>>>>>>> the > > > >>>>>>>>>>> idea > > > >>>>>>>>>>> that the hostname/FQDN is an IP Address. > > > >>>>>>>>>>> > > > >>>>>>>>>>> I'll note that on the Nios2 this works as expected: > > > >>>>>>>>>>> > > > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin software="rsyslogd" > > > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830" > > > >>>>>>>>>>> x-info="https://www.rsyslog.com";] > > > >>>>>>>>>>> start > > > >>>>>>>>>>> > > > >>>>>>>>>>> I'll say this is the same version of rsyslog on both systems, > > > >>>>>>>>>>> built > > > >>>>>>>>>>> with > > > >>>>>>>>>>> the same sources, and (ostensibly) with the same build-time, > > > >>>>>>>>>>> and > > > >>>>>>>>>>> definitely the same run-time configurations. > > > >>>>>>>>>>> > > > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this, and > > > >>>>>>>>>>> I'm > > > >>>>>>>>>>> not > > > >>>>>>>>>>> sure > > > >>>>>>>>>>> where else to look. > > > >>>>>>>>>>> > > > >>>>>>>>>>> So I'm hoping you experts might be able to help me? > > > >>>>>>>>>>> > > > >>>>>>>>>>> Thanks! > > > >>>>>>>>>>> > > > >>>>>>>>>>> -derek > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> -- > > > >>>>>>> Derek Atkins 617-623-3745 > > > >>>>>>> [email protected] www.ihtfp.com > > > >>>>>>> Computer and Internet Security Consultant > > > >>>>>>> > > > >>>>>>> _______________________________________________ > > > >>>>>>> rsyslog mailing list > > > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog > > > >>>>>>> http://www.rsyslog.com/professional-services/ > > > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > > > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > >>>>>>> myriad > > > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > >>>>>>> you > > > >>>>>>> DON'T LIKE THAT. > > > >>>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Derek Atkins 617-623-3745 > > > >>>>>> [email protected] www.ihtfp.com > > > >>>>>> Computer and Internet Security Consultant > > > >>>>>> > > > >>>>>> _______________________________________________ > > > >>>>>> rsyslog mailing list > > > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog > > > >>>>>> http://www.rsyslog.com/professional-services/ > > > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > > > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > >>>>>> myriad > > > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > >>>>>> you > > > >>>>>> DON'T LIKE THAT. > > > >>>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>> > > > >>> > > > >>> > > > >>> > > > >> > > > > > > > > > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
