At one point, this was working correctly...but now I'm not sure what
went wrong. I have a Sparc 5 running Solaris 2.6 and sending syslog
logins to a central syslog server. The problem is that for whatever
reason, I now no longer get the hostname (or IP address) in the syslog
header, and the server doesn't know what to do with it.
The following is a tcpdump of the syslog message that was sent for a
18:11:43.164547 IP qasparc5.32925 > qa36.q1labs.lab.514: UDP, length 90
E..v .@...........<$.....b..<37>Aug 10 14:28:49 login: [ID 254462
auth.notice] ROOT LOGIN /dev/pts/2 FROM 10.100.50.42
Notice in that packet that where there should normally be the hostname,
following the timestamp, is the start of the data instead (ie: "login:"
instead of "qasparc5").
The machine is in DNS, and can resolve its own hostname fine:
# uname -a
SunOS qasparc5 5.8 Generic sun4m sparc SUNW,SPARCstation-5
# cat /etc/hosts
# Internet host table
172.16.20.198 qasparc5 qasparc5.q1labs.lab
# grep host /etc/nsswitch.conf
# "hosts:" and "services:" in this file are used only if the
hosts: files dns
Can anyone tell me what's wrong? Here's the syslog.conf snippet of
what to send:
||8/10/2005 6:33:02 PM