我正在尝试在Ubuntu 10.04 LTS上使用stock rsyslogd(4.2.0-2ubuntu8.1)实现一个简单的集中式系统日志服务器.此时,我的所有客户端节点都将日志发送到中央服务器,但客户端正在发送包含其短主机名而不是其FQDN的日志消息.

根据Ubuntu rsyslogd手册页：

If the remote host is located in the same domain as the host,rsyslogd is running on,only the simple hostname will be logged instead of the whole fqdn.

这对我来说是有问题的,因为我在环境之间重复使用短名称,例如core1.example.com和core1.stg.example.com都将其消息记录为core1.

客户端和服务器都具有相同的/ etc / default / rsyslog：

RSYSLOGD_OPTIONS="-c4"

和/etc/rsyslogd.conf文件一样：

$ModLoad imuxsock
$ModLoad imklog
$PreserveFQDN on
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$IncludeConfig /etc/rsyslog.d/*.conf

客户端有这个/etc/rsyslog.d/remote.conf文件,告诉他们发送到远程服务器：

*.* @@syslog.example.com

并且服务器使用此/etc/rsyslog.d/server.conf文件：

$ModLoad imtcp
$InputTCPServerRun 514
$DirGroup root
$DirCreateMode 0755
$FileGroup root
$template PerHostAuth,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
$template PerHostCron,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
$template PerHostSyslog,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
$template PerHostDaemon,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/daemon.log"
$template PerHostKern,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/kern.log"
$template PerHostLpr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/lpr.log"
$template PerHostUser,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/user.log"
$template PerHostMail,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.log"
$template PerHostMailInfo,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.info"
$template PerHostMailWarn,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.warn"
$template PerHostMailErr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.err"
$template PerHostNewsCrit,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.crit"
$template PerHostNewsErr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.err"
$template PerHostNewsNotice,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice"
$template PerHostDebug,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug"
$template PerHostMessages,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
auth,authpriv.*         ?PerHostAuth
*.*;auth,authpriv.none  -?PerHostSyslog
cron.*                  ?PerHostCron
daemon.*                -?PerHostDaemon
kern.*                  -?PerHostKern
lpr.*                   -?PerHostLpr
mail.*                  -?PerHostMail
user.*                  -?PerHostUser
mail.info               -?PerHostMailInfo
mail.warn               ?PerHostMailWarn
mail.err                ?PerHostMailErr
news.crit               ?PerHostNewsCrit
news.err                ?PerHostNewsErr
news.notice             -?PerHostNewsNotice
*.=debug;\
   auth,authpriv.none;\
   news.none;mail.none   -?PerHostDebug
   *.=info;*.=notice;*.=warn;\
      auth,authpriv.none;\
      cron,daemon.none;\
      mail,news.none        -?PerHostMessages

由于客户端和服务器共享一个指定“$PreserveFQDN on”的配置,我希望在syslog消息中看到FQDN主机名,但该设置似乎没有任何效果.我发现的rsyslog的大多数其他设置都旨在从FQDN中剥离域而不是保留它们.我认为问题的根源是我的客户端首先不发送FQDN,但我不知道如何强制这种行为.

任何人都可以评论我可能会失踪的东西吗？我想我不是唯一需要将FQDN包含在日志消息中的人.