Bug 194231 - syslogd Missing Hostname
Summary: syslogd Missing Hostname
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: standards (show other bugs)
Version: 9.3-RELEASE
Hardware: Any Any
: Normal Affects Many People
Assignee: Hiroki Sato
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-07 20:36 UTC by rsecor
Modified: 2020-06-19 21:09 UTC (History)
10 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description rsecor 2014-10-07 20:36:46 UTC
When setup to forward syslog information to another server, syslog does not include the hostname in the information.

Both, rfc3164, entitled "The BSD syslog Protocol," and rfc5424, entitled "The Syslog Protocol," require a value be passed for the hostname.

We also tested a FreeBSD 8.0 and a 9.2, they both include the same issue.


Example (from tcpdump):

(1) Current FreeBSD (incorrect) Packet:
15:18:31.963184 IP 192.168.164.27.514 > 192.168.165.10.514: SYSLOG auth.info, length: 79
E..k....@.,;.......
.....WE.<38>Oct  7 15:18:48 sshd[60620]: Connection closed by 192.168.164.124 [preauth]

(2) Expected Packet:
15:18:31.963184 IP 192.168.164.27.514 > 192.168.165.10.514: SYSLOG auth.info, length: 79
E..k....@.,;.......
.....WE.<38>Oct  7 15:18:48 servername sshd[60620]: Connection closed by 192.168.164.124 [preauth]


References
http://tools.ietf.org/html/rfc3164
http://tools.ietf.org/html/rfc5424
Comment 1 rsecor 2014-10-10 19:19:39 UTC
Waiting for reply.
Comment 2 rsecor 2014-10-22 13:29:59 UTC
Still waiting for reply
Comment 3 rsecor 2014-11-06 15:37:22 UTC
Still waiting for reply
Comment 4 Mateusz Guzik freebsd_committer 2014-11-06 15:39:44 UTC
well, someone will have to look at that

In the meantime you can try to install a 3rd party syslog from ports/packages.
Comment 5 Julian Elischer freebsd_committer 2016-03-18 05:58:44 UTC
probably will need a new argument to not break existing syslog behaviour.
Comment 6 Idar Lund 2019-03-12 09:36:57 UTC
What's the status on this one?
Comment 7 Gleb Smirnoff freebsd_committer 2019-03-12 15:23:53 UTC
Back to the pool, since I don't active work with syslogd. Sorry for keeping the bug for a long time ignored.
Comment 8 Idar Lund 2019-03-12 21:10:21 UTC
FYI; This bug has also been discussed on the pfsense board: https://redmine.pfsense.org/issues/7020
Comment 9 WillemDH 2020-05-10 21:14:09 UTC
It would be really nice to see this solved. Standard syslog patterns don't match because of this. Tx.
Comment 10 Garrett Wollman freebsd_committer 2020-06-18 17:54:16 UTC
See also related #220246, which has a patch.
Comment 11 Li-Wen Hsu freebsd_committer 2020-06-19 16:48:32 UTC
bug200933 seems fixed bug220246, is this issue still existing?
Comment 12 Garrett Wollman freebsd_committer 2020-06-19 17:51:47 UTC
(In reply to Li-Wen Hsu from comment #11)
There are two separate issues: one for a log server receiving new-format log messages, and one for a client transmitting them to a remote server.  The fix for the latter was merged to 12-STABLE after the cutoff for 12.1; I haven't attempted to backport it so I can't verify that that change does the trick.
Comment 13 Garrett Wollman freebsd_committer 2020-06-19 21:09:40 UTC
(In reply to Garrett Wollman from comment #12)
I take that back, the -O functionality was in 12.1; I was confused by a system which had both compressed and (outdated) uncompressed manual pages.