1

I do have one log server which runs systemd journal remote software to receive journal entries from remote hosts via systemd journal upload. This works fine. The only trouble that I have is that the journal names in /var/log/journal/remote are named with the IP address instead of the hostname.

The documentation says:

"[...] Files will be called remote-hostname.journal, where the hostname part is the escaped hostname of the source endpoint of the connection, or the numerical address if the hostname cannot be determined."

So in my case it obviously can not be determined.

I have configured the clients ip - host map in the /etc/hosts file on the log server. A nslookup <hostname> resolves the ip address correctly. A comment here tells that the host file is not respected in the process of determining the hostname.

So how do I configure my server to make systemd journal remote pick up the hostname and use it as filename instead of the ip address?

Entry in /etc/hosts

10.0.0.2 web-01

To debug name <--> ip resolution the following commands were run:

Name to ip:

❯ getent ahosts web-01
10.0.0.2        STREAM web-01
10.0.0.2        DGRAM
10.0.0.2        RAW

IP to name:

❯ getent ahosts 10.0.0.2
10.0.0.2        STREAM 10.0.0.2
10.0.0.2        DGRAM
10.0.0.2        RAW

❯ getent hosts 10.0.0.2
10.0.0.2        web-01

❯ nslookup 10.0.0.2
2.0.0.10.in-addr.arpa   name = web-01.
antonio amaddio
  • 11
  • 3
  • Does `getent ahosts ` resolve the name correctly? – user1686 Jan 07 '23 at 11:47
  • What kind of entry do you have for it in /etc/hosts? Does the network have rDNS (10.in-addr.arpa DNS zone)? – user1686 Jan 09 '23 at 10:59
  • _Note: I reposted this comment because I could not edit the formatting anymore:_. The `getent` command does not return the hostname when queried with the ip address: `getent ahosts 10.0.0.2` return: ``` 10.0.0.2 STREAM 10.0.0.2; 10.0.0.2 DGRAM; 10.0.0.2 RAW``` The ip address on the other hand is resolved when the hostname is passed: `getent ahosts mega-apply-ai-web-01` returns: `10.0.0.2 STREAM mega-apply-ai-web-01; 10.0.0.2 DGRAM; 10.0.0.2 RAW. ` – antonio amaddio Jan 11 '23 at 09:11
  • Usually the site recommends editing such information into the main body of the question, rather than comments (one of the reasons why multiline \`\`\` code blocks are not supported in comments). – user1686 Jan 11 '23 at 09:12
  • Going to repeat the question: What kind of entry do you have for it in /etc/hosts? Does the network have rDNS (10.in-addr.arpa DNS zone)? The forward (host→IP) lookup is completely useless for journald – it needs a reverse (IP→host) lookup to succeed. – user1686 Jan 11 '23 at 09:14
  • Thanks @user1686. I updated my post. I struggled to format the output nicely in comment section as the markdown capability is reduced. Sorry for the mess and thanks bunches for the tip to update the post. – antonio amaddio Jan 11 '23 at 09:19
  • Ah, right, I forgot that `getent ahosts` won't actually _try_ to do a reverse lookup – does just `getent hosts 10.0.0.2` return the correct result? – user1686 Jan 11 '23 at 09:22
  • Yes, it does: `getent hosts 10.0.0.2` returns: `10.0.0.2 web-01` – antonio amaddio Jan 11 '23 at 09:24

1 Answers1

0

When receiving a connection, the systemd-journal-remote service sees only the IP address from which the connection originates. To determine the host name from it, a reverse DNS lookup is needed, which is the exact opposite of what nslookup <hostname> does. You need nslookup 10.10.10.10 (or whatever IP the remote host have) to return the host name.

The simplest way (in my opinion) is to use systemd-resolved with the ReadEtcHosts=true config option (it is the default iirc), which will make systemd-resolved to parse the hosts file and serve its contents before forwarding the DNS request to the configured DNS servers.

However, if you need more servers to properly resolve IP addresses to host names, you might want to set up a DNS server for your LAN which serves the .in-addr.arpa domain for your LAN.

Lacek
  • 7,233
  • 24
  • 28
  • There seems to be a nameserver in place. The Ubuntu `20.02` is placed in a Hetzner Cloud server network. The nameserver is configured in `/etc/resolv.conf`. The `nslookup 10.0.0.2` returns the desired result. See updated original post above. Any more ideas? – antonio amaddio Jan 11 '23 at 09:29