194231 – syslogd Missing Hostname

Bug 194231 - syslogd Missing Hostname

Summary: syslogd Missing Hostname

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	standards (show other bugs)
Version:	9.3-RELEASE
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Hiroki Sato

URL:
Keywords:	needs-qa, standards

Depends on:
Blocks:

Reported:	2014-10-07 20:36 UTC by rsecor
Modified:	2024-01-20 21:33 UTC (History)
CC List:	11 users (show)

See Also:	220246

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description rsecor 2014-10-07 20:36:46 UTC

When setup to forward syslog information to another server, syslog does not include the hostname in the information.

Both, rfc3164, entitled "The BSD syslog Protocol," and rfc5424, entitled "The Syslog Protocol," require a value be passed for the hostname.

We also tested a FreeBSD 8.0 and a 9.2, they both include the same issue.


Example (from tcpdump):

(1) Current FreeBSD (incorrect) Packet:
15:18:31.963184 IP 192.168.164.27.514 > 192.168.165.10.514: SYSLOG auth.info, length: 79
E..k....@.,;.......
.....WE.<38>Oct  7 15:18:48 sshd[60620]: Connection closed by 192.168.164.124 [preauth]

(2) Expected Packet:
15:18:31.963184 IP 192.168.164.27.514 > 192.168.165.10.514: SYSLOG auth.info, length: 79
E..k....@.,;.......
.....WE.<38>Oct  7 15:18:48 servername sshd[60620]: Connection closed by 192.168.164.124 [preauth]


References
http://tools.ietf.org/html/rfc3164
http://tools.ietf.org/html/rfc5424

Comment 1 rsecor 2014-10-10 19:19:39 UTC

Waiting for reply.

Comment 2 rsecor 2014-10-22 13:29:59 UTC

Still waiting for reply

Comment 3 rsecor 2014-11-06 15:37:22 UTC

Still waiting for reply

Comment 4 Mateusz Guzik freebsd_committer

2014-11-06 15:39:44 UTC

well, someone will have to look at that

In the meantime you can try to install a 3rd party syslog from ports/packages.

Comment 5 Julian Elischer freebsd_committer

2016-03-18 05:58:44 UTC

probably will need a new argument to not break existing syslog behaviour.

Comment 6 Idar Lund 2019-03-12 09:36:57 UTC

What's the status on this one?

Comment 7 Gleb Smirnoff freebsd_committer

2019-03-12 15:23:53 UTC

Back to the pool, since I don't active work with syslogd. Sorry for keeping the bug for a long time ignored.

Comment 8 Idar Lund 2019-03-12 21:10:21 UTC

FYI; This bug has also been discussed on the pfsense board: https://redmine.pfsense.org/issues/7020

Comment 9 WillemDH 2020-05-10 21:14:09 UTC

It would be really nice to see this solved. Standard syslog patterns don't match because of this. Tx.

Comment 10 Garrett Wollman freebsd_committer

2020-06-18 17:54:16 UTC

See also related #220246, which has a patch.

Comment 11 Li-Wen Hsu freebsd_committer

2020-06-19 16:48:32 UTC

bug200933 seems fixed bug220246, is this issue still existing?

Comment 12 Garrett Wollman freebsd_committer

2020-06-19 17:51:47 UTC

(In reply to Li-Wen Hsu from comment #11)
There are two separate issues: one for a log server receiving new-format log messages, and one for a client transmitting them to a remote server.  The fix for the latter was merged to 12-STABLE after the cutoff for 12.1; I haven't attempted to backport it so I can't verify that that change does the trick.

Comment 13 Garrett Wollman freebsd_committer

2020-06-19 21:09:40 UTC

(In reply to Garrett Wollman from comment #12)
I take that back, the -O functionality was in 12.1; I was confused by a system which had both compressed and (outdated) uncompressed manual pages.

Comment 14 Bryan Drewery freebsd_committer

2022-05-12 19:24:26 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220246 has an updated patch for latest syslogd.

Comment 15 Mark Linimon freebsd_committer

2024-01-20 21:33:09 UTC

^Triage: now see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220246 .