Ubiquiti Edge Router devices use rsyslog for syslog, but the default configuration does not preserve the FQDN of the router. This is causing complications in my Graylog/LibreNMS configuration.
After researching the problem I found that the three potential candidates to fix the issue are:
- The hostname in the /etc/hosts file needs to be set to the FQDN. I tried this, it had no effect on the syslog output.
- add "$PreserveFQDN on" to the syslog configuration.
- Append "$LocalHostName host.name.org" to the rsyslog config.
All three configurations were made in varying order, but nothing worked. I had (incorrectly) assumed that since they were using rsyslog and /etc/rsyslog.conf existed, that /etc/rsyslog.conf would be the correct config file to edit. I even tried adding a new config file in /etc/rsyslog.d/ to no avail.
The only changes that seemed to take were in /etc/rsyslog.d/vyatta-log.conf. The "$PreserveFQDN on" syntax didn't seem to have any effect by itself, even though the system domain-name is set properly.
I tried to manually set the FQDN in /etc/rsyslog.d/vyatta-log.conf by manually appending "$LocalHostName host.name.org" and restarting the rsyslog service. Again, it had no effect. Finally, adding both "$LocalHostName host.name.org" *and* "$PreserveFQDN on" worked.
I haven't tested to see if these changes will be persistent through web interface config changes, but at least it's a start.
UPDATE: It gets weirder, most syslog messages are making it to the server with the FQDN....except anything related to PAM. Strange...
No comments:
Post a Comment