<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2>Hello,</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial size=2>I am sure this
topic has been beaten to death, but I cannot find answers anywhere.
Apologies if I have missed something - here we go:</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial size=2>I run syslog-ng
1.6.4 on Sol 9 Sparc (sunfreeware distribution). It works fine, except
</FONT></SPAN><SPAN class=536341210-01032006><FONT face=Arial size=2>I want
syslog-ng to resolve IP's to hostnames, and create directories using the
resolved name rather than IP (long term, I will look at MySQL, but I
would still have to get either DNS or keep_hostname to work). I installed
bind 9.2.3 on the log server and setup a reverse zone authoritative for
in-addr.arpa., but it still doesn't work. At this time, I prefer to
use reverse DNS rather than hostname. I was not able to create_dirs based on
keep_hostname(yes) either.</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial size=2>dig works, and
returns NOERROR when I run dig -x 1.2.3.4 @127.0.0.1 for example.
The reverse zone is fully populated with all hosts that will be logging
syslog-ng.</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2>nsswitch.conf:</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2>hosts: dns
files<BR>ipnodes: dns files<BR>everything else is files
only.</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2>resolv.conf:</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial size=2>nameserver
127.0.0.1</FONT></SPAN></DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=536341210-01032006><FONT face=Arial
size=2>syslog-ng.conf:</FONT></SPAN></DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006># Options<BR>options
{<BR>
use_fqdn(no);<BR>
use_dns(yes);<BR>
dns_cache(yes);<BR>
sync(5);<BR>
keep_hostname(no);<BR>
chain_hostnames(no);<BR>
create_dirs(yes);
# bad!<BR>
perm(0644);<BR>
dir_perm(0755);<BR>
use_time_recvd(yes);<BR>
};</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006># Sources</SPAN></FONT></DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006>source
s_udp { udp(); };</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006># logging to
console<BR>destination l_console { file
("/dev/console"); };</SPAN></FONT></DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006><BR># logging of cisco's via
udp to individual files and to one file<BR>destination r_cisco { file(
"/remote/$HOST/$HOST-$YEAR$MONTH.LOG" ); file( "/r<BR>emote/all/alldevices.log"
); };</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006># Remote sources<BR>log {
source (s_udp); destination (r_cisco); };<BR></SPAN></FONT></DIV>
<DIV><FONT size=2><SPAN class=536341210-01032006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=536341210-01032006>Kind
regards</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=536341210-01032006>Jesper</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=536341210-01032006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left>
<P class=MsoNormal align=left><STRONG><B><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Jesper
Markenstam</SPAN></FONT></B></STRONG><?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p></o:p></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">IS&T Systems
Analyst<BR></SPAN></FONT></P>
<P class=MsoNormal><STRONG><B><FONT face=Verdana size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana">REUTERS.KNOW.NOW.</SPAN></FONT></B></STRONG><B><FONT
face=Verdana size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Verdana"><BR></SPAN></FONT></B><FONT
title=http://www.reuters.com/ face=Verdana size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana"><A title=http://www.reuters.com/
href="http://www.reuters.com/">www.reuters.com</A></SPAN></FONT></P></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV><FONT SIZE=3><BR>
<BR>
To find out more about Reuters visit www.about.reuters.com<BR>
<BR>
Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.<BR>
</FONT>
</BODY></HTML>