Does rsyslog use lowercase letter for from host message properties? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Does rsyslog use lowercase letter for from host message properties? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, rsyslog, , , .
I would like to ask question about fromhost message properties.
I am using rsyslog 7.4.7 on RHEL 7.3 . However, the fromhost message properties seems to set the hostname in lowercase letters even though uppercase letters are used for hostname in /etc/hosts/
[root@RHEL73-1 log]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.2.12 RHEL73-1 10.0.2.13 RHEL73-test
However, when log from remote log is received fromhost is set as lowercase letters.
Debug line with all properties: FROMHOST: 'rhel73-test', fromhost-ip: '10.0.2.13', HOSTNAME: 'RHEL73-2', PRI: 30, syslogtag 'systemd:', programname: 'systemd', APP-NAME: 'systemd', PROCID: '-', MSGID: '-', TIMESTAMP: 'Nov 13 20:01:01', STRUCTURED-DATA: '-', msg: ' Removed slice user-0.slice.' escaped msg: ' Removed slice user-0.slice.' inputname: imudp rawmsg: '<30>Nov 13 20:01:01 RHEL73-2 systemd: Removed slice user-0.slice.'
Is the resolved hostname set as lowercase or uppercase ? Document seems to not mention about this behavior…
It seems that rsyslog stores the result of reverse lookups only in lower cases, even if a dns is configured. I observed this behaviour in 8.24.0-41.el7_7 rhel7.
This is not an rsyslog issue in my opinion:
It seems that valid hostnames are per RFC (952) case-insensitiv:
see here for the similiar SO question https://stackoverflow.com/questions/3523028/valid-characters-of-a-hostname
which qoutes wikipedia
'The Internet standards (Requests for Comments) for protocols mandate that component hostname labels may contain only the ASCII letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9', and the hyphen ('-').'
added the mentioned RFC 952:
1. A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Note that periods are only allowed when they serve to delimit components of "domain style names". (See RFC-921, "Domain Name System Implementation Schedule", for background). No blank or space characters are permitted as part of a name. No distinction is made between upper and lower case. The first character must be an alpha character.