[rsyslog] Rsyslog is not using FQDN in all messages
Pablo Martinez Schroder
pablo at docecosas.com
Fri Mar 26 19:28:16 CET 2010
> My first question would be if the logs have the FQDN in them in the first
> place.
>
> you may want to create a log with the format %raw% and see what is
> arriving to your box.
I'm currently testing this issue on local, with the configuration below,
and the logs saved are a mix: some of them have a hostname like
syslog-test.scrambled.com (only the logs generated from kernel and
rsyslog) and all the other lines publish syslog-test as hostname.
$PreserveFQDN on
*.* /var/log/everything.log
>> I'm using rsyslog-5.4.0 and I having a issue that I cannot understand. I
>> want to implement a central logging server using stunnel, and I need to
>> use FQDN always, I don't want to have HOSTNAME trunked to the hostname
>> so
>> I enable $PreserveFQDN but only some of the messages seems to use the
>> whole hostname. I've seen this issue in multiple versions of rsyslog, so
>> I'm quite sure is not caused by rsyslog-5.4.0
>>
>> I start rsyslogd with the "-c 4" option, and if I enable $PreserveFQDN
>> in
>> the conf messages from kernel and rsyslogd are saved with the proper
>> FQDN
>> but the rest of the messages are stored as if they were originated from
>> the hostname, without domain.
--
Pablo Martinez Schroder
More information about the rsyslog
mailing list