Bug #63035 for Log-Syslog-Fast: extra space added when hostname is empty

Tue Nov 16 06:14:40 2010 POWERMAN [...] cpan.org - Ticket created

Subject:

extra space added when hostname is empty

When logging to local syslog, it have no sense to add hostname to logs. But if we call Log::Syslog::Fast->new() with empty $hostname, it still append needless space before $appname. One solution will be check is $hostname empty and doesn't add this extra space, but I think it will be better to replace two these non-standard fields by single standard $ident field and let user manually set $ident="$hostname $appname" if she want. One more reason to not include $hostname inside $ident is ability of syslog daemons to automatically append remote IP to each message they receive from network - this is both much more secure and native way to distinguish messages sent to remote syslog from different hosts (at least "socklog" syslog daemon from "runit" package has this feature, not sure about standard "syslogd").

Tue Nov 16 17:30:28 2010 athomason [...] cpan.org - Correspondence added

The syslog standard (RFC3164) requires that a hostname be included in the message. Section 4.1.2: "HOSTNAME will contain the hostname, as it knows itself. If it does not have a hostname, then it will contain its own IP address." Various log consumers would undoubtedly break if it were omitted. "localhost" or "127.0.0.1" are acceptable if the hostname is unavailable for some reason. The program name is similarly defined in the standard: "The value in the TAG field will be the name of the program or process that generated the message." On Tue Nov 16 06:14:40 2010, POWERMAN wrote: Show quoted text

> When logging to local syslog, it have no sense to add hostname to logs. > But if we call Log::Syslog::Fast->new() with empty $hostname, it still > append needless space before $appname. > > One solution will be check is $hostname empty and doesn't add this extra > space, but I think it will be better to replace two these non-standard > fields by single standard $ident field and let user manually set > $ident="$hostname $appname" if she want. > > One more reason to not include $hostname inside $ident is ability of > syslog daemons to automatically append remote IP to each message they > receive from network - this is both much more secure and native way to > distinguish messages sent to remote syslog from different hosts (at > least "socklog" syslog daemon from "runit" package has this feature, not > sure about standard "syslogd").

Tue Nov 16 17:30:29 2010 The RT System itself - Status changed from 'new' to 'open'

Tue Nov 16 17:30:29 2010 athomason [...] cpan.org - Status changed from 'open' to 'rejected'

Tue Nov 16 19:55:02 2010 POWERMAN [...] cpan.org - Correspondence added

Yeah, I've read the RFC. But including HOSTNAME is just "RECOMMENDED", "SHOULD", and so on. And a most of standard tools (actually, all I've tested) doesn't include HOSTNAME. For example: 1) glibc: /usr/bin/logger (from util-linux-ng-2.17.2) using standard syslog(3): $ echo test | strace -ff logger 2>&1 | grep ^send send(1, "<13>Nov 17 02:39:42 logger: test", 32, MSG_NOSIGNAL) = 32 2) /usr/bin/logger, using it's own implementation: $ echo test | strace -ff logger -d -u /dev/log 2>&1 | grep ^write write(3, "<5>Nov 17 02:47:30 <someone>: te"..., 35) = 35 3) Sys::Syslog $ strace -ff perl -e 'use Sys::Syslog qw(:standard :macros); openlog ("myapp","pid",LOG_USER); syslog(LOG_INFO,"test")' 2>&1 | grep ^send send(3, "<14>Nov 17 02:42:32 myapp[26576]"..., 39, MSG_NOSIGNAL) = 39 And common sense also says it doesn't really interesting to spam local logs with local hostname in every line, and doesn't really important to included hostname in messages sent to remote log if this hostname can't be trusted.

Tue Nov 16 19:55:02 2010 The RT System itself - Status changed from 'rejected' to 'open'

Tue Nov 16 20:56:18 2010 athomason [...] cpan.org - Correspondence added

On Tue Nov 16 19:55:02 2010, POWERMAN wrote: Show quoted text

> Yeah, I've read the RFC. But including HOSTNAME is just "RECOMMENDED", > "SHOULD", and so on.

I don't see any such language specific to the hostname, only the allowance that any message on port 514 is technically "valid". But even so, I'm not convinced that deliberately emitting messages that violate the recommendation is a good idea. Show quoted text

> And a most of standard tools (actually, all I've > tested) doesn't include HOSTNAME. For example: > > 1) glibc: /usr/bin/logger (from util-linux-ng-2.17.2) using standard > syslog(3): > $ echo test | strace -ff logger 2>&1 | grep ^send > send(1, "<13>Nov 17 02:39:42 logger: test", 32, MSG_NOSIGNAL) = 32 > > 2) /usr/bin/logger, using it's own implementation: > $ echo test | strace -ff logger -d -u /dev/log 2>&1 | grep ^write > write(3, "<5>Nov 17 02:47:30 <someone>: te"..., 35) = 35 > > 3) Sys::Syslog > $ strace -ff perl -e 'use Sys::Syslog qw(:standard :macros); openlog > ("myapp","pid",LOG_USER); syslog(LOG_INFO,"test")' 2>&1 | grep ^send > send(3, "<14>Nov 17 02:42:32 myapp[26576]"..., 39, MSG_NOSIGNAL) = > 39

Both of those only talk to the unix log socket. The messages that the module send also need to be consumable by network log daemons. Show quoted text

> > And common sense also says it doesn't really interesting to spam local > logs with local hostname in every line, and doesn't really important to > included hostname in messages sent to remote log if this hostname can't > be trusted.

Can't you just configure your syslogger to omit that field in the written logs? The client-to-logger wire format shouldn't matter. I guess I'm not understanding what benefit is provided by this change that justifies added complexity and violating the recommendation of the RFC.

Wed Dec 15 21:26:02 2010 athomason [...] cpan.org - Status changed from 'open' to 'stalled'

Fri Feb 25 18:21:33 2011 athomason [...] cpan.org - Status changed from 'stalled' to 'rejected'