[Bug 252095] syslogd not sending hostname to loghost

Thu Dec 24 03:09:24 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252095

            Bug ID: 252095
           Summary: syslogd not sending hostname to loghost
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: raj at gusw.net

When remote logging, the syslogd does not send the hostname over to the
loghost. 

Example, in syslog client's syslog.conf

    *.*  /var/log/all.log
    *.*  @loghost

syslog server is started with 

    syslogd -a 0.0.0.0/0 -H 

(network can be constraint, doesn't matter). The /etc/hosts nor DNS may have
all the hosts registered, it is not important or even desirable that the syslog
server translates the IP address to a hostname, hence the -H flag.

Now, when I do 

    logger -h loghost -H pb00 test

the loghost's syslogd receives the "pb00" hostname and logs it. 

When I do

    logger -h loghost test

then also the syslogd recieves the client's current hostname and logs it.

But when intermediating through the client's own syslogd

    logger test

then the client's syslogd will not send its hostname over to the loghost, and
then the loghost will attempt to decode the hostname via DNS or /etc/hosts. I
think the syslogd should send its hostname over to the client, or the hostname
which it originally received. 

Interestingly, the above command will log the own hostname in the all.log log
file on the syslogd client, which will forward to the loghost without informing
its own idea of its hostname.

    logger -H xx00 test

interestingly, that also does not log the xx00 name on the local syslogd in
all.log even if I started the local syslogd with the -H flag.

I consider this behavior a bug in that there is no reason why the syslogd
should withhold its own idea of its hostname or the original hostname provided
in the log message on to the remote logger. 

I browsed through the source code and couldn't immediately find how I could
quickly fix this, but it seems the issue is somewhere here around line 1790:

                lsent = 0;
                for (r = f->fu_forw_addr; r; r = r->ai_next) {
                        memset(&msghdr, 0, sizeof(msghdr));
                        msghdr.msg_name = r->ai_addr;
                        msghdr.msg_namelen = r->ai_addrlen;
                        msghdr.msg_iov = il->iov;
                        msghdr.msg_iovlen = il->iovcnt;
                        STAILQ_FOREACH(sl, &shead, next) {
                                if (sl->sl_ss.ss_family == AF_LOCAL ||
                                    sl->sl_ss.ss_family == AF_UNSPEC ||
                                    sl->sl_socket < 0)
                                        continue;
                                lsent = sendmsg(sl->sl_socket, &msghdr, 0);
                                if (lsent == (ssize_t)il->totalsize)
                                        break;
                        }
                        if (lsent == (ssize_t)il->totalsize && !send_to_all)
                                break;
                }

when I looked at the packets with tcpdump, it seemed that the forwarded packets
had no hostname of any kind in it.

-- 
You are receiving this mail because:
You are the assignee for the bug.