Does rsyslog use lowercase letter for from host message properties?

Posted on

Does rsyslog use lowercase letter for from host message properties? – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Does rsyslog use lowercase letter for from host message properties? was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, rsyslog, , , .

I would like to ask question about fromhost message properties.

http://www.rsyslog.com/doc/v7-stable/configuration/properties.html

I am using rsyslog 7.4.7 on RHEL 7.3 . However, the fromhost message properties seems to set the hostname in lowercase letters even though uppercase letters are used for hostname in /etc/hosts/

/etc/hosts

[root@RHEL73-1 log]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.0.2.12 RHEL73-1
10.0.2.13 RHEL73-test

However, when log from remote log is received fromhost is set as lowercase letters.

Debug line with all properties:
FROMHOST: 'rhel73-test', fromhost-ip: '10.0.2.13', HOSTNAME: 'RHEL73-2', PRI: 30,
syslogtag 'systemd:', programname: 'systemd', APP-NAME: 'systemd', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Nov 13 20:01:01', STRUCTURED-DATA: '-',
msg: ' Removed slice user-0.slice.'
escaped msg: ' Removed slice user-0.slice.'
inputname: imudp rawmsg: '<30>Nov 13 20:01:01 RHEL73-2 systemd: Removed slice user-0.slice.'

Is the resolved hostname set as lowercase or uppercase ? Document seems to not mention about this behavior…

It seems that rsyslog stores the result of reverse lookups only in lower cases, even if a dns is configured. I observed this behaviour in 8.24.0-41.el7_7 rhel7.

This is not an rsyslog issue in my opinion:

It seems that valid hostnames are per RFC (952) case-insensitiv:

see here for the similiar SO question https://stackoverflow.com/questions/3523028/valid-characters-of-a-hostname

which qoutes wikipedia
https://en.wikipedia.org/wiki/Hostname

'The Internet standards (Requests for Comments) for protocols mandate that 
component hostname labels may contain only the ASCII letters 'a' through 'z' 
(in a case-insensitive manner), the digits '0' through '9', and the hyphen  
('-').'

added the mentioned RFC 952:
https://www.rfc-editor.org/rfc/rfc952

1. A "name" (Net, Host, Gateway, or Domain name) is a text string up
to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
sign (-), and period (.).  Note that periods are only allowed when
they serve to delimit components of "domain style names". (See
RFC-921, "Domain Name System Implementation Schedule", for
background).  No blank or space characters are permitted as part of a
name. No distinction is made between upper and lower case.  The first
character must be an alpha character.

Leave a Reply

Your email address will not be published.