[rsyslog] quick question regarding property values in rsyslog-2.0.6 [NC]

Kambiz Aghaiepour kambiz at mcnc.org
Wed May 20 15:03:59 CEST 2009 

Thank you for the response Vivien.  One thing I've noticed is that I get
the same behavior whether I use %source% or %FROMHOST%.  However, I did
notice something interesting.  If the sending host is say
somehost.<somedomain>, and <somedomain> is the same domain as that of
the central loghost, then both %source% and  %FROMHOST% expand out to
the short form of the hostname.  However, if the sender's domain differs
than that of the loghost, the %source% and %FROMHOST% expand to the FQDN.

Kambiz

Vivien BERNET-ROLLANDE wrote:
> Hi
> It is normal (as per RFC<insert number here>) that %source% does not 
> contain a FQDN. %HOSTNAME% is an alias for %source% (or maybe the other 
> way arround).
> 
> However, %FROMHOST% should contain the result of a reverse DNS query, i.e. 
> the FQDN of the host the message was recieved from. If you're not using a 
> relay, this will also be the FQDN of the source.
> If you're using a relay and the relay is running rsyslog, it might be 
> possible to hack something up using the property replacer.
> 
> I know the doc on the site is for more recent versions, but you should be 
> able to find the doc for 2.0.6 under /usr/share/doc/rsyslog-2.0.6/ .
> 
> -- Vivien Bernet-Rollande
> *************************************************************************
> This message and any attachments (the "message") are confidential, intended solely for the addressee(s), and may contain legally privileged information.
> Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration.   
> Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or
> falsified.
>                               ************
> Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et susceptibles de contenir des informations couvertes 
> par le secret professionnel. 
> Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.
> Tout message electronique est susceptible d'alteration. 
> La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie.
> *************************************************************************
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com


-- 
"In the end, we will remember not the words of our enemies,
but the silence of our friends."  --MLK

More information about the rsyslog mailing list