HPE Community
Operating System - Linux
1829750 Members
1419 Online
109992 Solutions
New Discussion

how do I prevent syslogd from stripping domain names?

 
Trever Furnish
Regular Advisor

‎01-14-2003 02:15 PM

‎01-14-2003 02:15 PM

how do I prevent syslogd from stripping domain names?

Running redhat7.2. My syslogd seems to be stripping off any domains from network hosts in the same domain as the redhat box when logging messages from those hosts, EVEN THOUGH -s is empty.

I've tried explicitely listing -s '' as an option - no luck.

I've tried explicitely listing -s with a bad domain like so: -s 'moomoo.cowcow' - no luck.

I've verified that if I add a fake entry to /etc/hosts for the ip address of the message source, then syslogd will leave the domain name alone *if* it doesn't have the same domain name as the domain reported on the end of the output of the 'hostname' command.

In other words, if the logging source is:
logger.foo.com

...and the logging receiver is:
logserver.foo.com

...then syslog strips foo.com, but if I go to logserver and execute:
hostname logserver

...thereby stripping the domain name, THEN syslogd happily records messages from logger as being from "logger.foo.com".

I need it to *always* record the FQDN. Anyone have a solution, other than chopping the domain out of the hostname?

I'll admit to a little confusion (and headache) regarding whether the domain name should even be there in the output of the hostname command normally, so any comments on that are welcome.
Hockey PUX?
0 Kudos
Reply
7 REPLIES 7
Stuart Browne
Honored Contributor

‎01-14-2003 02:57 PM

‎01-14-2003 02:57 PM

Re: how do I prevent syslogd from stripping domain names?

I don't suppose you've got a 'search ' in your /etc/resolv.conf ?
One long-haired git at your service...
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎01-15-2003 05:25 AM

‎01-15-2003 05:25 AM

Re: how do I prevent syslogd from stripping domain names?

Yes, there's a search domain defined, but it doesn't seem to have an effect on this behavior - I took it out, restarted syslog, no joy.
Hockey PUX?
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎01-15-2003 02:35 PM

‎01-15-2003 02:35 PM

Re: how do I prevent syslogd from stripping domain names?

*nod* thought it was a bit of straw grasping.

The Syslog documentation says that if the domain of the remote machine is the same as the domain of the local machine, it will strip all but the host-name (i.e. do a '-s local.domain.com').

But you've found this out already with your test of changing the local host name.

The documentation also states that there isn't a flag to say "don't strip".

Sorry.

You might want to grab the sources for syslogd, and manually remove the parsing routine that removes the domain, recompile, and use that.
One long-haired git at your service...
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎01-15-2003 02:38 PM

‎01-15-2003 02:38 PM

Re: how do I prevent syslogd from stripping domain names?

Yeah, that was what I was afraid of. Well, not afraid, just avoiding.

I'm wondering though whether the domain name is even supposed to be in the output returned by the hostname command.

Ie if I do hostname now, just the unqualified hostname is returned - I'm not sure whether that is optimal or will cause a problem.

Sendmail uses an entirely different domain name and /etc/sysconfig/network still contains the FQDN. The man page for the hostname command isn't all that clear (at least not to me) on that point. Any thoughts?
Hockey PUX?
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎01-15-2003 07:55 PM

‎01-15-2003 07:55 PM

Re: how do I prevent syslogd from stripping domain names?

Hi,

remove 'domain' directive from /etc/resolv.conf
Restart syslogd .

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎01-16-2003 06:07 AM

‎01-16-2003 06:07 AM

Re: how do I prevent syslogd from stripping domain names?

Um, I'm guessing you're refering to the search directive, and as I already mentioned I've verified that that doesn't help. Other thoughts?
Hockey PUX?
0 Kudos
Reply
Donny Jekels
Respected Contributor

‎09-06-2003 06:10 AM

‎09-06-2003 06:10 AM

Re: how do I prevent syslogd from stripping domain names?

Trevor,

Did you ever get to fix this issue?

You probibly forgot about this thread, but you should also look at your /etc/nsswitch.conf file to see where your system resolves name from.

Step 2, get the source code for your syslogd and recompile it, make sure you tell syslog no to truncate domain suffix. while youre at it, reroute your syslog.conf file to another location. security trick! then leave your existing /etc/syslog.conf intact. but you make all your new config changes in the new file only you know of.

peace
Donny
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.