我想问一下来自主机消息属性。
http://www.rsyslog.com/doc/v7-stable/configuration/properties.html
我在用rsyslog 7.4.7在 RHEL 7.3 上。但是,来自主机消息属性似乎设置了主机名小写字母虽然大写字母用于 /etc/hosts/ 中的主机名
/etc/hosts
[root@RHEL73-1 log]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.2.12 RHEL73-1
10.0.2.13 RHEL73-test
然而,当收到远程日志的日志时来自主机设置为小写字母。
Debug line with all properties:
FROMHOST: 'rhel73-test', fromhost-ip: '10.0.2.13', HOSTNAME: 'RHEL73-2', PRI: 30,
syslogtag 'systemd:', programname: 'systemd', APP-NAME: 'systemd', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Nov 13 20:01:01', STRUCTURED-DATA: '-',
msg: ' Removed slice user-0.slice.'
escaped msg: ' Removed slice user-0.slice.'
inputname: imudp rawmsg: '<30>Nov 13 20:01:01 RHEL73-2 systemd: Removed slice user-0.slice.'
解析的主机名是否设置为小写或者大写? 文档好像没有提到这个行为...
答案1
似乎 rsyslog 仅以小写形式存储反向查找的结果,即使配置了 dns 也是如此。我在 8.24.0-41.el7_7 rhel7 中观察到了这种行为。
答案2
在我看来这不是 rsyslog 问题:
看来有效的主机名符合 RFC(952)中不区分大小写的规定:
请参阅此处了解类似的问题https://stackoverflow.com/questions/3523028/valid-characters-of-a-hostname
引用维基百科 https://en.wikipedia.org/wiki/Hostname
'The Internet standards (Requests for Comments) for protocols mandate that
component hostname labels may contain only the ASCII letters 'a' through 'z'
(in a case-insensitive manner), the digits '0' through '9', and the hyphen
('-').'
添加了提到的RFC 952: https://www.rfc-editor.org/rfc/rfc952
1. A "name" (Net, Host, Gateway, or Domain name) is a text string up
to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
sign (-), and period (.). Note that periods are only allowed when
they serve to delimit components of "domain style names". (See
RFC-921, "Domain Name System Implementation Schedule", for
background). No blank or space characters are permitted as part of a
name. No distinction is made between upper and lower case. The first
character must be an alpha character.