I would like to use syslog for logging from a remote application.
I have some questions though:
For example the RFC says:
If the originally formed message has a HOSTNAME field, then it
will contain the hostname as it knows itself. If it does not
have a hostname, then it will contain its own IP address.
What does this mean?
That the message from my application to the logging client library, if it contains some host name then it will be replaced?
Could you please give me an example?
I tried for instance:
From localhost some data
or
From ahost@aa some data
and these strings are stored in syslog server as they were send by my app to the syslog client lib.
Shouldn't they be different as a result of the above req??
I am using log4j for syslog client.
Thank you
You're reading the old RFC 3164. That one's obsolete; the replacement is RFC 5424, which is much clearer on what goes in the HOSTNAME field:
The HOSTNAME field identifies the machine that originally sent the syslog message.
The HOSTNAME field SHOULD contain the hostname and the domain name of the originator in the format specified in STD 13 [RFC1034]. This format is called a Fully Qualified Domain Name (FQDN) in this document.
In practice, not all syslog applications are able to provide an FQDN. As such, other values MAY also be present in HOSTNAME. This document makes provisions for using other values in such situations. A syslog application SHOULD provide the most specific available value first. The order of preference for the contents of the HOSTNAME field is as follows:
FQDN
Static IP address
hostname
Dynamic IP address
the NILVALUE