I have several hosts using systemd-journal-upload to send their logs to my systemd-journal-remote server. The name of the files in /var/log/journal/remote are remote-[IP_ADDR].journal but I'd like them to be remote-[HOSTNAME].journal. How do I do this?
Asked
Active
Viewed 569 times
1 Answers
0
The remote journals should be saved to files named remote-hostname.journal, so if you're getting IP addresses instead, it means you have DNS resolution problems that make systemd-journal-remote have to fall back to IP addresses.
From the systemd-journal-remote man page:
Files will be called
remote-hostname.journal, where thehostnamepart is the escaped hostname of the source endpoint of the connection, or the numerical address if the hostname cannot be determined.
If that's not working, check if DNS resolution is working as expected, with commands such as host ip-address (for example, host 192.168.23.34 if that's one of your IP addresses) and confirm it returns the correct expected hostname.
(You might need direct DNS to match it as well, make sure that host hostname resolves back to the same IP address.)
filbranden
- 21,751
- 4
- 63
- 86
-
1My receiving server is able to do the reverse lookup for the ip correctly, but still the journal files are named after the IP, anything else that could be a problem here? – feedc0de Oct 16 '22 at 13:00
-
@feedc0de Does the hostname resolve to that IP when you do direct DNS lookup resolution? If reverse and direct lookups don’t match, systemd will probably ignore the hostname and fall back to IP instead. – filbranden Oct 17 '22 at 01:13