Thanks David, for the response with a probable workaround. Already we have this configuration in place in our config file like below;
### On Demand Debug $DebugFile ##var_local_log_path## $DebugLevel 1 *global( parser.controlCharacterEscapePrefix="#")* *Insight:* With the same configurations, in another client it is able to get the correct hostname instead of localhost. Is there anything that the syslog is doing during translation from UDP to TCP? Coz, UDP logging is getting the correct hostname in this problematic client itself. We only see issues in TCP port while the messages are getting forwarded to the syslog server. As per debug logs, syslog is able to get the correct hostname "glbl.c: GenerateLocalHostName uses '*testclient1*'" But fails to add it to the messages while forwarding! And also we are not formatting the logs, below is what we are doing to forward to the syslog server: $RuleSet auditlog1 $RulesetCreateMainQueue on $MainMsgQueueType FixedArray $MainMsgQueueSize 2000000 $MainMsgQueueDequeueBatchSize 1000 $MainMsgQueueWorkerThreads 2 *.* @@<syslog_server_IP>:1290 $ActionExecOnlyWhenPreviousIsSuspended on & @@ <syslog_server_IP_fallback>:1290 $ActionExecOnlyWhenPreviousIsSuspended off Regards, On Thu, Oct 27, 2022 at 6:32 PM David Lang <[email protected]> wrote: > 8.32 is several years old, but it contains things that RedHat has > backported. > > In the current upstream version, this is a recently discovered bug, the > work-around is to add a globel() section into your config, what's in the > global > section doesn't matter, but if there isn't one, hostname gets set > incorrectly. > It's possible that RedHat backported this bug accidently. > > David Lang > > On Thu, 27 Oct 2022, Naveenkumar MH via rsyslog wrote: > > > Hi, > > > > We have a problem where a client syslog forwarded a message to the syslog > > server, is getting *localhost* instead of the actual *hostname* in the > logs. > > > > > > *Example;Expected:* > > Oct 27 17:33:46 *testclient1* <Test message> > > > > *Getting:* > > Oct 27 17:33:46 *localhost* <Test message> > > > > > > Here, we are forwarding the logs from client to server via UDP port to > TCP > > port. Seems during handoff time from UDP to TCP, its getting localhost. > > > > *Other Details:* > > 1. Platform(VM) : RHEL79. > > 2. rsyslogd version : 8.32.0 > > 3. hostname : testclient1 > > > > Help in resolving this issue is greatly appreciated. > > > > Attached complete debug logs. PFA. > > > > Regards, > > > > > -- *Naveenkumar Hanchinamani* Software Engineer II , Server +91 9741919257 M (PTT) +91 080 – 4000 5555 O [email protected] *Kodiak*, a Motorola Solutions Company +1 972-665-0200 | kodiakptt.com | motorolasolutions.com -- *For more information on how and why we collect your personal information, please visit our Privacy Policy <https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.* _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
