Rsyslog logs display short hostname instead of FQDN, causing hostname conflicts in Centralized log server.

Solution Verified - Updated -

Issue

  • Syslog is sending logs based on the short hostname, causing conflicts when multiple servers have the same short name.
  • For instance, servers with hostnames server.example.com and server.lab.example.com both send logs under the short name server.
  • This behavior causes confusion when reviewing logs in a SIEM system, especially when multiple servers share the same short hostname.
  • It's difficult to differentiate between logs from different servers in a centralized logging environment.

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 10
  • Centralized logging setup with logs forwarded to SIEM or remote rsyslog server

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content