on CentOS 7
The new hosts.php report page is matching more than just the hostname of the system.
For example, from the unique hosts report I click on my server named test01.mydomain.com, and it shows me results for test02.mydomain.com and numerous other results along with test01.mydomain.com where .mydomain.com is highlighted in yellow in all the results. I essentially see a large majority of our servers in the query results, not a single unique server.
If I wrap my host name in quotes the query results show the correct and accurate host logs.
Is there a supported way I can correct this behavior that won’t get overridden by updates?
It looks like this section of code could do with out the conditional if clause and just have it always wrap the host in quotes in the elasticsearch query:
Code: Select all
foreach ($hosts as $host => $logs) {
$hostname = gethostbyaddr($host);
$display = $host;
if ($hostname != $host) {
$display = $host . " (" . $hostname . ")";
}
$query = $host;
if (strpos($query, ':') !== false) { $query = '"' . $query . '"'; }
Works better like this:
Code: Select all
foreach ($hosts as $host => $logs) {
$hostname = gethostbyaddr($host);
$display = $host;
if ($hostname != $host) {
$display = $host . " (" . $hostname . ")";
}
$query = $host;
$query = '"' . $query . '"';
