Ticket #655 (closed defect: wontfix)
remote syslog includes hostname twice
Reported by: | jweiss | Owned by: | |
---|---|---|---|
Priority: | trivial | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
remote syslogs collected from some machines (such as cvp and zulu) include the hostname twice in the message. I've just taught our syslog parsing code to work around it, but can't guarantee that other reports won't be affected.
Change History
comment:2 Changed 12 years ago by jweiss
I believe this is due to the use of rsyslogd on athena, and syslogd on our logging server. If it hasn't broken any other reports, I wouldn't be sad if you wontfix'd it (and that may be TRT, since I suspect we'll eventually switch to rsyslogd on our logging server (tho we have no explicit plans to do so.)). That said I see the following on ops RHEL6 servers that also use rsyslogd:
# If you are forwarding messages from a rsyslog client to a sysklogd
#server, it can lead to doubled hostnames in the syslog message on the
#server side. The reason is a limitation in sysklogd which does not parse
#the hostname in the syslog header (as defined by RFC 3164)
$template sysklogd,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
*.warning;kern,user,auth.info @SYSLOGGER.MIT.EDU;sysklogd
Is still happening? Because I fail to see what could be causing it.