Join Log in
Score:1
antonio amaddio avatar Server

How to make systemd journal remote use hostname instead of IP address?

kg flag
antonio amaddio

I do have one log server which runs systemd journal remote software to receive journal entries from remote hosts via systemd journal upload. This works fine. The only trouble that I have is that the journal names in /var/log/journal/remote are named with the IP address instead of the hostname.

The documentation says:

"[...] Files will be called remote-hostname.journal, where the hostname part is the escaped hostname of the source endpoint of the connection, or the numerical address if the hostname cannot be determined."

So in my case it obviously can not be determined.

I have configured the clients ip - host map in the /etc/hosts file on the log server. A nslookup <hostname> resolves the ip address correctly. A comment here tells that the host file is not respected in the process of determining the hostname.

So how do I configure my server to make systemd journal remote pick up the hostname and use it as filename instead of the ip address?

Entry in /etc/hosts

10.0.0.2 web-01

To debug name <--> ip resolution the following commands were run:

Name to ip:

❯ getent ahosts web-01
10.0.0.2        STREAM web-01
10.0.0.2        DGRAM
10.0.0.2        RAW

IP to name:

❯ getent ahosts 10.0.0.2
10.0.0.2        STREAM 10.0.0.2
10.0.0.2        DGRAM
10.0.0.2        RAW

❯ getent hosts 10.0.0.2
10.0.0.2        web-01

❯ nslookup 10.0.0.2
2.0.0.10.in-addr.arpa   name = web-01.
276
1 + 8
user1686 avatar
fr flag
user1686
Does `getent ahosts <ipaddress>` resolve the name correctly?
0
Reply
user1686 avatar
fr flag
user1686
What kind of entry do you have for it in /etc/hosts? Does the network have rDNS (10.in-addr.arpa DNS zone)?
0
Reply
antonio amaddio avatar
kg flag
antonio amaddio
_Note: I reposted this comment because I could not edit the formatting anymore:_. The `getent` command does not return the hostname when queried with the ip address: `getent ahosts 10.0.0.2` return: ``` 10.0.0.2 STREAM 10.0.0.2; 10.0.0.2 DGRAM; 10.0.0.2 RAW``` The ip address on the other hand is resolved when the hostname is passed: `getent ahosts mega-apply-ai-web-01` returns: `10.0.0.2 STREAM mega-apply-ai-web-01; 10.0.0.2 DGRAM; 10.0.0.2 RAW. `
0
Reply
user1686 avatar
fr flag
user1686
Usually the site recommends editing such information into the main body of the question, rather than comments (one of the reasons why multiline \`\`\` code blocks are not supported in comments).
0
Reply
user1686 avatar
fr flag
user1686
Going to repeat the question: What kind of entry do you have for it in /etc/hosts? Does the network have rDNS (10.in-addr.arpa DNS zone)? The forward (host→IP) lookup is completely useless for journald – it needs a reverse (IP→host) lookup to succeed.
0
Reply
antonio amaddio avatar
kg flag
antonio amaddio
Thanks @user1686. I updated my post. I struggled to format the output nicely in comment section as the markdown capability is reduced. Sorry for the mess and thanks bunches for the tip to update the post.
0
Reply
user1686 avatar
fr flag
user1686
Ah, right, I forgot that `getent ahosts` won't actually _try_ to do a reverse lookup – does just `getent hosts 10.0.0.2` return the correct result?
0
Reply
antonio amaddio avatar
kg flag
antonio amaddio
Yes, it does: `getent hosts 10.0.0.2` returns: `10.0.0.2 web-01`
0
Reply
Score:0
avatar Server
in flag
Lacek

When receiving a connection, the systemd-journal-remote service sees only the IP address from which the connection originates. To determine the host name from it, a reverse DNS lookup is needed, which is the exact opposite of what nslookup <hostname> does. You need nslookup 10.10.10.10 (or whatever IP the remote host have) to return the host name.

The simplest way (in my opinion) is to use systemd-resolved with the ReadEtcHosts=true config option (it is the default iirc), which will make systemd-resolved to parse the hosts file and serve its contents before forwarding the DNS request to the configured DNS servers.

However, if you need more servers to properly resolve IP addresses to host names, you might want to set up a DNS server for your LAN which serves the .in-addr.arpa domain for your LAN.

+ 1
antonio amaddio avatar
kg flag
antonio amaddio
There seems to be a nameserver in place. The Ubuntu `20.02` is placed in a Hetzner Cloud server network. The nameserver is configured in `/etc/resolv.conf`. The `nslookup 10.0.0.2` returns the desired result. See updated original post above. Any more ideas?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.