Good morning,
Indeed, this is what appears to be the case.
# hostname arm-host.local
# /etc/init.d/S01rsyslogd restart
Stopping rsyslogd: OK
Starting rsyslogd: OK
# tail /var/log/myhostname
127/n127/arm-host/n#
So now the question is why getddrinfo() is returning the wrong info?
-derek
On Thu, October 7, 2021 8:22 am, Rainer Gerhards wrote:
> ah, nah.. This could happen:
>
> gethostname() returns "arm-host".
>
> We see a non-FQDN, so it is not a "real" name and name resolution is
> enabled. Then we call getaddrinfo("arm-host", ...), which seems to
> return "127.0.0.1". This means the host "arm-host" is not properly
> resolved. To prove this is the point, set hostname to
> "arm-host.localhost" - due to the dot it now is a FQDN and so the name
> resolution should not be done.
>
> Rainer
>
> El jue, 7 oct 2021 a las 14:16, Rainer Gerhards
> (<[email protected]>) escribió:
>>
>> It is gethostname(). But depending on circumstances DNS is also
>> involved. In the sample here, "127.0.0.1" being returned, this should
>> not be the case.
>>
>> The prime function used to get the local host name is:
>> https://github.com/rsyslog/rsyslog/blob/master/runtime/net.c#L1166
>>
>> HTH
>> Rainer
>>
>> El jue, 7 oct 2021 a las 0:06, David Lang via rsyslog
>> (<[email protected]>) escribió:
>> >
>> > ok, that confirms that the syscall to get the hostname isn't working
>> >
>> > Rainer, what call do we make?
>> >
>> > David Lang
>> >
>> > On Wed, 6 Oct 2021, Derek Atkins wrote:
>> >
>> > > Date: Wed, 6 Oct 2021 16:20:46 -0400
>> > > From: Derek Atkins <[email protected]>
>> > > To: David Lang <[email protected]>
>> > > Cc: [email protected]
>> > > Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>> hostname is
>> > > "127.0.0.1"?
>> > >
>> > > David,
>> > >
>> > > # cat >> /etc/rsyslog.conf
>> > > $template foo,"%$myhostname%/n"
>> > > /var/log/myhostname;foo
>> > > # /etc/init.d/S01rsyslogd restart
>> > > Stopping rsyslogd: OK
>> > > Starting rsyslogd: OK
>> > > # tail /var/log/myhostname
>> > > 127/n#
>> > >
>> > > -derek
>> > >
>> > > On Wed, October 6, 2021 2:35 pm, David Lang wrote:
>> > >> $template foo,"%$myhostname%/n"
>> > >> /var/log/myhostname;foo
>> > >>
>> > >> run this for a very short time as it will write a line to this file
>> for
>> > >> every
>> > >> log message that arrives :-)
>> > >>
>> > >> David Lang
>> > >>
>> > >> On Wed, 6 Oct 2021, Derek Atkins wrote:
>> > >>
>> > >>> Date: Wed, 6 Oct 2021 13:45:56 -0400
>> > >>> From: Derek Atkins <[email protected]>
>> > >>> To: David Lang <[email protected]>
>> > >>> Cc: Derek Atkins via rsyslog <[email protected]>
>> > >>> Subject: Re: [rsyslog] [SOLVED] Re: RSyslog thinks my machine's
>> hostname
>> > >>> is
>> > >>> "127.0.0.1"?
>> > >>>
>> > >>> David,
>> > >>>
>> > >>> I am happy to revert back to the uclibc installation and feed you
>> data,
>> > >>> if
>> > >>> you can give me what to copy-and-paste into my rsyslogd.conf file?
>> > >>>
>> > >>> -derek
>> > >>>
>> > >>> On Wed, October 6, 2021 1:43 pm, David Lang wrote:
>> > >>>> I believe that rsyslog uses the gethostbyname() call to convert
>> the IP
>> > >>>> to
>> > >>>> name
>> > >>>>
>> > >>>> it would also be interesting to create a custom templete with
>> > >>>> %$myhostname% in
>> > >>>> it and see what that returns.
>> > >>>>
>> > >>>> I'm not sure if in this case, rsyslog is seeing that there is no
>> > >>>> hostname
>> > >>>> in the
>> > >>>> message and using $myhostname (and that is wrong) or if it's
>> trying to
>> > >>>> resolve
>> > >>>> 127.0.0.1 and that's failing (I suspect that it's the $myhostname
>> > >>>> that's
>> > >>>> wrong)
>> > >>>>
>> > >>>> If we can identify what's happening, we can then try to create a
>> fix.
>> > >>>> It
>> > >>>> would
>> > >>>> be nice to support non-glibc builds
>> > >>>>
>> > >>>> David Lang
>> > >>>>
>> > >>>>
>> > >>>> On Wed, 6 Oct 2021, Derek Atkins via rsyslog wrote:
>> > >>>>
>> > >>>>> I just rebuilt the Arm platform with GLibc and.... syslog is
>> working.
>> > >>>>> So I will go and blame uclibc for the bug.
>> > >>>>>
>> > >>>>> Thank you for getting me to look more closely (and pointing out
>> that
>> > >>>>> the
>> > >>>>> issue is that rsyslogd was not getting a valid hostname).
>> > >>>>>
>> > >>>>> Thanks all!
>> > >>>>>
>> > >>>>> -derek
>> > >>>>>
>> > >>>>> On Wed, October 6, 2021 8:36 am, Derek Atkins via rsyslog wrote:
>> > >>>>>> Good morning,
>> > >>>>>>
>> > >>>>>> Thank you for your help so far.
>> > >>>>>>
>> > >>>>>> I just wanted to add one more piece of data, on my other host
>> > >>>>>> (compiled
>> > >>>>>> in
>> > >>>>>> the same way from the same source in the same BuildRoot manner,
>> but
>> > >>>>>> on
>> > >>>>>> a
>> > >>>>>> different platform), I get what I would expect:
>> > >>>>>>
>> > >>>>>> Debug line with all properties:
>> > >>>>>> FROMHOST: 'nios2', fromhost-ip: '127.0.0.1', HOSTNAME: 'nios2',
>> PRI:
>> > >>>>>> 46,
>> > >>>>>> syslogtag 'rsyslogd:', programname: 'rsyslogd', APP-NAME:
>> > >>>>>> 'rsyslogd',
>> > >>>>>> PROCID: '-', MSGID: '-',
>> > >>>>>> TIMESTAMP: 'Oct 6 12:27:44', STRUCTURED-DATA: '-',
>> > >>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> x-pid="1780"
>> > >>>>>> x-info="https://www.rsyslog.com";] start'
>> > >>>>>> escaped msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> > >>>>>> x-pid="1780" x-info="https://www.rsyslog.com";] start'
>> > >>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 12:27:44 rsyslogd:
>> [origin
>> > >>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="1780"
>> > >>>>>> x-info="https://www.rsyslog.com";] start'
>> > >>>>>> $!:
>> > >>>>>> $.:
>> > >>>>>> $/:
>> > >>>>>>
>> > >>>>>> So ... FROMHOST and HOSTNAME are clearly correct here. So I
>> guess my
>> > >>>>>> question is, what APIs are rsyslogd using to try to obtain this
>> > >>>>>> information? I can certainly compile additional test code and
>> run it
>> > >>>>>> if
>> > >>>>>> necessary. I just find it odd that the *host* knows its name
>> but
>> > >>>>>> rsyslogd
>> > >>>>>> can't figure it out?
>> > >>>>>>
>> > >>>>>> Actually, looking a little closer, I noticed that I'm using
>> uclibc on
>> > >>>>>> the
>> > >>>>>> arm platform (the broken one), but glibc on the nios2. I
>> wonder if
>> > >>>>>> this
>> > >>>>>> is the issue?
>> > >>>>>>
>> > >>>>>> -derek
>> > >>>>>>
>> > >>>>>> On Tue, October 5, 2021 9:13 pm, Derek Atkins via rsyslog
>> wrote:
>> > >>>>>>> As I said in my OP:
>> > >>>>>>>
>> > >>>>>>> # hostname
>> > >>>>>>> arm-host
>> > >>>>>>>
>> > >>>>>>> and from this query:
>> > >>>>>>>
>> > >>>>>>> # cat /etc/hosts
>> > >>>>>>> 127.0.0.1 localhost
>> > >>>>>>> 127.0.1.1 arm-host
>> > >>>>>>>
>> > >>>>>>>
>> > >>>>>>> However, as I also stated in my OP, I another another machine
>> on a
>> > >>>>>>> nios2
>> > >>>>>>> with the exact same configuration and there the log messages
>> say the
>> > >>>>>>> correct hostname.
>> > >>>>>>>
>> > >>>>>>> -derek
>> > >>>>>>>
>> > >>>>>>> On Tue, October 5, 2021 8:52 pm, David Lang wrote:
>> > >>>>>>>> what is in /etc/hosts and what do you get if you run the
>> command
>> > >>>>>>>> hostname?
>> > >>>>>>>>
>> > >>>>>>>> rsyslog gets fromhost by doing a name lookup of the
>> fromhost-ip
>> > >>>>>>>>
>> > >>>>>>>> the log message you received (as seen by the rawmsg: section)
>> does
>> > >>>>>>>> not
>> > >>>>>>>> provide a
>> > >>>>>>>> hostname (which could have been the problem)
>> > >>>>>>>>
>> > >>>>>>>> so based on this, the problem is with name resolution, which
>> should
>> > >>>>>>>> start
>> > >>>>>>>> with
>> > >>>>>>>> /etc/hosts and hostname
>> > >>>>>>>>
>> > >>>>>>>> David Lang
>> > >>>>>>>>
>> > >>>>>>>> On Tue, 5 Oct 2021, Derek Atkins wrote:
>> > >>>>>>>>
>> > >>>>>>>>> Date: Tue, 5 Oct 2021 20:28:34 -0400
>> > >>>>>>>>> From: Derek Atkins <[email protected]>
>> > >>>>>>>>> To: David Lang <[email protected]>
>> > >>>>>>>>> Cc: [email protected]
>> > >>>>>>>>> Subject: Re: [rsyslog] RSyslog thinks my machine's hostname
>> is
>> > >>>>>>>>> "127.0.0.1"?
>> > >>>>>>>>>
>> > >>>>>>>>> Hi,
>> > >>>>>>>>>
>> > >>>>>>>>> Thank you for the quick response.
>> > >>>>>>>>>
>> > >>>>>>>>> The logging here is all done locally, and the issue is in
>> EVERY
>> > >>>>>>>>> log
>> > >>>>>>>>> message. The source is local (a call to vsyslog() in an
>> > >>>>>>>>> application),
>> > >>>>>>>>> or
>> > >>>>>>>>> even just a call to "logger". Here is the resulting log
>> message
>> > >>>>>>>>> from
>> > >>>>>>>>> rsyslogd starting up:
>> > >>>>>>>>>
>> > >>>>>>>>> Debug line with all properties:
>> > >>>>>>>>> FROMHOST: '127', fromhost-ip: '127.0.0.1', HOSTNAME: '127',
>> PRI:
>> > >>>>>>>>> 46,
>> > >>>>>>>>> syslogtag 'syslog:', programname: 'syslog', APP-NAME:
>> 'syslog',
>> > >>>>>>>>> PROCID:
>> > >>>>>>>>> '-', MSGID: '-',
>> > >>>>>>>>> TIMESTAMP: 'Oct 6 00:14:18', STRUCTURED-DATA: '-',
>> > >>>>>>>>> msg: ' [origin software="rsyslogd" swVersion="8.2010.0"
>> > >>>>>>>>> x-pid="17368"
>> > >>>>>>>>> x-info="https://www.rsyslog.com";] start'
>> > >>>>>>>>> escaped msg: ' [origin software="rsyslogd"
>> swVersion="8.2010.0"
>> > >>>>>>>>> x-pid="17368" x-info="https://www.rsyslog.com";] start'
>> > >>>>>>>>> inputname: imuxsock rawmsg: '<46>Oct 6 00:14:18 syslog:
>> [origin
>> > >>>>>>>>> software="rsyslogd" swVersion="8.2010.0" x-pid="17368"
>> > >>>>>>>>> x-info="https://www.rsyslog.com";] start'
>> > >>>>>>>>> $!:
>> > >>>>>>>>> $.:
>> > >>>>>>>>> $/:
>> > >>>>>>>>>
>> > >>>>>>>>> So... no clue where "FROMHOST" or "HOSTNAME" are coming from
>> here,
>> > >>>>>>>>> but
>> > >>>>>>>>> my
>> > >>>>>>>>> guess that's the problem?
>> > >>>>>>>>>
>> > >>>>>>>>> I can run the same config on the nios2 if you want to see
>> what it
>> > >>>>>>>>> says,
>> > >>>>>>>>> but my guess is that FROMHOST and HOSTNAME are going to both
>> be
>> > >>>>>>>>> "nios2"
>> > >>>>>>>>> instead of "127".
>> > >>>>>>>>>
>> > >>>>>>>>> The contents of /etc/hosts is effectively the same on both
>> > >>>>>>>>> machines
>> > >>>>>>>>> (the
>> > >>>>>>>>> one that works correctly and this one).
>> > >>>>>>>>>
>> > >>>>>>>>> Thanks,
>> > >>>>>>>>>
>> > >>>>>>>>> -derek
>> > >>>>>>>>>
>> > >>>>>>>>> On Tue, October 5, 2021 6:16 pm, David Lang wrote:
>> > >>>>>>>>>> please log with the template RSYSLOG_DebugFormat so that we
>> can
>> > >>>>>>>>>> see
>> > >>>>>>>>>> exactly what
>> > >>>>>>>>>> rsyslog is being sent for a problem message.
>> > >>>>>>>>>>
>> > >>>>>>>>>> David Lang
>> > >>>>>>>>>>
>> > >>>>>>>>>> On Tue, 5 Oct 2021, Derek Atkins via rsyslog wrote:
>> > >>>>>>>>>>
>> > >>>>>>>>>>> Date: Tue, 5 Oct 2021 15:58:07 -0400
>> > >>>>>>>>>>> From: Derek Atkins via rsyslog <[email protected]>
>> > >>>>>>>>>>> To: [email protected]
>> > >>>>>>>>>>> Cc: Derek Atkins <[email protected]>
>> > >>>>>>>>>>> Subject: [rsyslog] RSyslog thinks my machine's hostname is
>> > >>>>>>>>>>> "127.0.0.1"?
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Hi,
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'm using rsyslog in a BuildRoot environment. I've built
>> it on
>> > >>>>>>>>>>> two
>> > >>>>>>>>>>> different platforms (nios2 and arm). The Nios2 platform
>> works
>> > >>>>>>>>>>> great.
>> > >>>>>>>>>>> However, on the Arm platform, rsyslog seems to think the
>> local
>> > >>>>>>>>>>> hostname
>> > >>>>>>>>>>> is
>> > >>>>>>>>>>> "127.0.0.1". Why do I think that? Well,
>> /var/log/messages
>> > >>>>>>>>>>> contains:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Oct 5 19:34:25 127 syslog: [origin software="rsyslogd"
>> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="8080"
>> > >>>>>>>>>>> x-info="https://www.rsyslog.com";]
>> > >>>>>>>>>>> start
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Notice the "127" in there? That's where the "hostname" is
>> > >>>>>>>>>>> supposed
>> > >>>>>>>>>>> to
>> > >>>>>>>>>>> be.
>> > >>>>>>>>>>> So if for some reason it thinks the FQDN is an IP address,
>> that
>> > >>>>>>>>>>> would
>> > >>>>>>>>>>> explain why this is doing that. But that's weird,
>> because:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> # hostname
>> > >>>>>>>>>>> arm-host
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Moreover, if I compile and run the code to execute a
>> > >>>>>>>>>>> "gethostbyname()"
>> > >>>>>>>>>>> it
>> > >>>>>>>>>>> also returns "arm-host". So I have no idea where it's
>> getting
>> > >>>>>>>>>>> the
>> > >>>>>>>>>>> idea
>> > >>>>>>>>>>> that the hostname/FQDN is an IP Address.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'll note that on the Nios2 this works as expected:
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Sep 30 19:28:41 nios2 rsyslogd: [origin
>> software="rsyslogd"
>> > >>>>>>>>>>> swVersion="8.2010.0" x-pid="830"
>> > >>>>>>>>>>> x-info="https://www.rsyslog.com";]
>> > >>>>>>>>>>> start
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'll say this is the same version of rsyslog on both
>> systems,
>> > >>>>>>>>>>> built
>> > >>>>>>>>>>> with
>> > >>>>>>>>>>> the same sources, and (ostensibly) with the same
>> build-time, and
>> > >>>>>>>>>>> definitely the same run-time configurations.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> I'm just at a loss for why rsyslog might be doing this,
>> and I'm
>> > >>>>>>>>>>> not
>> > >>>>>>>>>>> sure
>> > >>>>>>>>>>> where else to look.
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> So I'm hoping you experts might be able to help me?
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> Thanks!
>> > >>>>>>>>>>>
>> > >>>>>>>>>>> -derek
>> > >>>>>>>>>>>
>> > >>>>>>>>>>>
>> > >>>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>>
>> > >>>>>>>>
>> > >>>>>>>
>> > >>>>>>>
>> > >>>>>>> --
>> > >>>>>>> Derek Atkins 617-623-3745
>> > >>>>>>> [email protected] www.ihtfp.com
>> > >>>>>>> Computer and Internet Security Consultant
>> > >>>>>>>
>> > >>>>>>> _______________________________________________
>> > >>>>>>> rsyslog mailing list
>> > >>>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > >>>>>>> http://www.rsyslog.com/professional-services/
>> > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
>> by a
>> > >>>>>>> myriad
>> > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>> POST if
>> > >>>>>>> you
>> > >>>>>>> DON'T LIKE THAT.
>> > >>>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> --
>> > >>>>>> Derek Atkins 617-623-3745
>> > >>>>>> [email protected] www.ihtfp.com
>> > >>>>>> Computer and Internet Security Consultant
>> > >>>>>>
>> > >>>>>> _______________________________________________
>> > >>>>>> rsyslog mailing list
>> > >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > >>>>>> http://www.rsyslog.com/professional-services/
>> > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
>> a
>> > >>>>>> myriad
>> > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if
>> > >>>>>> you
>> > >>>>>> DON'T LIKE THAT.
>> > >>>>>>
>> > >>>>>
>> > >>>>>
>> > >>>>>
>> > >>>>
>> > >>>
>> > >>>
>> > >>>
>> > >>
>> > >
>> > >
>> > >
>> > _______________________________________________
>> > rsyslog mailing list
>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if you DON'T LIKE THAT.
>
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
