Ticket #655 (closed defect: wontfix)

Opened 11 years ago

Last modified 8 years ago

remote syslog includes hostname twice

Reported by: jweiss Owned by:
Priority: trivial Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

remote syslogs collected from some machines (such as cvp and zulu) include the hostname twice in the message. I've just taught our syslog parsing code to work around it, but can't guarantee that other reports won't be affected.

Change History

comment:1 Changed 9 years ago by jdreed

Is still happening? Because I fail to see what could be causing it.

comment:2 Changed 9 years ago by jweiss

I believe this is due to the use of rsyslogd on athena, and syslogd on our logging server. If it hasn't broken any other reports, I wouldn't be sad if you wontfix'd it (and that may be TRT, since I suspect we'll eventually switch to rsyslogd on our logging server (tho we have no explicit plans to do so.)). That said I see the following on ops RHEL6 servers that also use rsyslogd:

# If you are forwarding messages from a rsyslog client to a sysklogd
#server, it can lead to doubled hostnames in the syslog message on the
#server side. The reason is a limitation in sysklogd which does not parse
#the hostname in the syslog header (as defined by RFC 3164)

$template sysklogd,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
*.warning;kern,user,auth.info @SYSLOGGER.MIT.EDU;sysklogd

comment:3 Changed 8 years ago by jdreed

  • Status changed from new to closed
  • Resolution set to wontfix

We're now using rsyslogd on urania.

Note: See TracTickets for help on using tickets.