I appreciate your response. Here is a snippet from /etc/nsswitch.conf. As I said in my previous email, as soon as I make the change in /etc/hosts file and after that when I do a tcpdump it shows me the /etc/hosts change has taken place. I see the ips getting translated into the new corrected hostname but for some reason syslog-ng keeps logging under the old hostname. Sometimes I have to wait for almost an hour until it recognizes the hostname change. If I restart the syslog-ng daemon, it immediately recognizes the hostname change but restarting the service is not always a practical solution. Any help will be highly appreciated. Ketan passwd: files shadow: files group: files #hosts: db files nisplus nis dns *hosts: files dns* # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus Valdis.Kletnieks@vt.edu wrote:
On Fri, 30 Sep 2005 15:33:27 EDT, Ketan Vankawala said:
I have currently installed Syslog-ng ver 1.6.8. Here is a snippet of my syslog-ng config file.So accordingly when a syslog message comes in, depending on the ip address, it does a lookup in /etc/hosts, creates an appropriate host name folder and forwards the message there. If the hostname does not exists, it creates a folder named with the ip address.
Updating /etc/hosts *should* provide fast response. I'm wondering if your /etc/nsswitch.conf specifies 'hosts: NIS files dns', and the NIS query functions are being too clever about caching..