Bug 85482 - syslogd strips domain names inappropriately
syslogd strips domain names inappropriately
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: sysklogd (Show other bugs)
7.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brian Brock
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-03 12:49 EST by Trever Furnish
Modified: 2007-04-18 12:51 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 11:59:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Trever Furnish 2003-03-03 12:49:57 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2) Gecko/20021126

Description of problem:
There seems to be no way (short of fixing the source code and recompiling the
package) to get syslog to NOT strip the domain name from source host names when
that domain name matches the syslog-host's domain name.

For example, even without the '-s' option on the syslogd command-line, if a
host's name is:

host.foo.com

...then any message logged from a source IP address that has a PTR record
pointing to something else in foo.com will have the domain stripped.  Ie a
message from logger.foo.com get's logged as having been sent by 'logger'
(without the 'foo.com').

That's wrong, according to syslog's manual page, according to how it behaves on
other *nix platforms, and according to my personal needs. :-)  I need to be able
to see a fully-qualified domain name.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Start syslogd with -r.
2. Log a message from another server (one with a fully-qualified PTR record
pointing to a name in the same domain as the log host).  (Kiwi Sysloggen can be
used for this.)
3. Check the log files - the parent domain will have been stripped from the host
field of the message.  Very frustrating.
    

Actual Results:  Domain is stripped.

Expected Results:  Domain should not be stripped unless it is explicitely
requested with -s.

Additional info:

Seems to depend on the host name as reflected by /etc/hosts entries.  If you
make it unqualified for the first name that matches the address that syslogd is
listening on, then it stops stripping the domain names.

That seems broken.
Comment 1 Jason Vas Dias 2005-06-03 16:29:28 EDT
Sorry for the delay in getting to this bug - this one seems to
have slipped through the cracks. 

I think it is a reasonable default to strip the local domain from
remote logging host names, and now people are used to it, so it
will be retained as the default. 

But there should be way of disabling all domain name stripping 
if desired, without having to put your local host address as
an unqualified name in /etc/hosts (and putting "files" before
"dns" in nsswitch.conf).

The next version of syslogd will accept a "-s ''" option meaning
to strip NO domain names, including the local host - you could then
put this option the in the SYSLOGD_OPTIONS variable in
/etc/sysconfig/syslog to disable ALL domain name stripping.

And perhaps the local domain to be stripped by default should
be that from getdomainname(3) rather than whatever follows the first
'.' in the local host name.

This bug is really an enhancement request and will be fixed shortly
in a forthcoming Fedora / Rawhide release .  


Comment 2 Bill Nottingham 2006-08-07 14:30:05 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 3 Bill Nottingham 2006-10-18 11:59:37 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.