1

I would like to ask question about fromhost message properties.

http://www.rsyslog.com/doc/v7-stable/configuration/properties.html

I am using rsyslog 7.4.7 on RHEL 7.3 . However, the fromhost message properties seems to set the hostname in lowercase letters even though uppercase letters are used for hostname in /etc/hosts/

/etc/hosts

[root@RHEL73-1 log]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.2.12 RHEL73-1 10.0.2.13 RHEL73-test

However, when log from remote log is received fromhost is set as lowercase letters.

Debug line with all properties: FROMHOST: 'rhel73-test', fromhost-ip: '10.0.2.13', HOSTNAME: 'RHEL73-2', PRI: 30, syslogtag 'systemd:', programname: 'systemd', APP-NAME: 'systemd', PROCID: '-', MSGID: '-', TIMESTAMP: 'Nov 13 20:01:01', STRUCTURED-DATA: '-', msg: ' Removed slice user-0.slice.' escaped msg: ' Removed slice user-0.slice.' inputname: imudp rawmsg: '<30>Nov 13 20:01:01 RHEL73-2 systemd: Removed slice user-0.slice.'

Is the resolved hostname set as lowercase or uppercase ? Document seems to not mention about this behavior...

Improve this question
2
  • how does the IP address of the server resolve on the receiving end? Commented Nov 13, 2017 at 11:23
  • I only use /etc/hosts . I do not have dns. /etc/hosts I pasted is the one on receiving end. Commented Nov 13, 2017 at 11:29

2 Answers 2

Reset to default
1

It seems that rsyslog stores the result of reverse lookups only in lower cases, even if a dns is configured. I observed this behaviour in 8.24.0-41.el7_7 rhel7.

Improve this answer
1

This is not an rsyslog issue in my opinion:

It seems that valid hostnames are per RFC (952) case-insensitiv:

see here for the similiar SO question https://stackoverflow.com/questions/3523028/valid-characters-of-a-hostname

which qoutes wikipedia https://en.wikipedia.org/wiki/Hostname

'The Internet standards (Requests for Comments) for protocols mandate that component hostname labels may contain only the ASCII letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9', and the hyphen ('-').'

added the mentioned RFC 952: https://www.rfc-editor.org/rfc/rfc952

1. A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". (See RFC-921, "Domain Name System Implementation Schedule", for background). No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case. The first character must be an alpha character.
Improve this answer
1
  • Pretty much everything normalizes Internet hostnames to lowercase. This should not be unexpected. Commented Aug 29, 2019 at 10:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.