Neither IP address nor hostname is logged in messages when %HOSTNAME% is configured in /etc/rsyslog.conf

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Use /etc/hosts for name resolution

Issue

  • %HOSTNAME% is specified to use in the /etc/rsyslog.conf, but there is neither IP address nor hostname logged in messages as expected.

Resolution

  • Make sure the entries are configured correctly and completely in /etc/hosts, and remember to restart rsyslog service after the configuration change.

  • Alternatively,use DNS For a reliable resolution

Root Cause

  • There is only IP address with a blank name in /etc/hosts.
  • In another case, there are both IP and hostname in /etc/hosts, but the name is added after rsyslog service started, which means rsyslog does not have chance to recognize the configuration changes.

Diagnostic Steps

  • If the IP address in /etc/hosts does not have a name (when rsyslog started) , the log has a blank hostname.
/etc/hosts
XX.XX.199.107

Aug 26 14:22:03  local0 notice 122:  Aug 26 2020 14:22:02: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.64.***.235)

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments