On Tue, 2013-08-27 at 16:58 +0200, Christophe Brocas wrote:
Hello,
I have a log management infrastructure with many servers sending logs to centralized servers.
Currently, on the server side, I use the HOST field present in the log messages to store log messages in separate files (like <path>/<host>/messages).
Of course, due to inconsistent content of the HOST value in the log messages, I have several log file locations for a single client. Bad point.
My question : I want to fix the problem at the source and so, set a single unique value in the HOST field of every log message sent by each client.
What is your preferred way to address this problem on the client side ? Do you use use_fqdn() global option ? If yes, how it works ? A reverse DNS call ? What is the value returned if a PTR value is not set in the DNS zone for the IP of the host ?
Thank you for the reading and for your answer :) Christophe
well either the server trusts the client with the hostname it sent in the message (keep-hostname(yes) setting) or it doesn't. if the server doesn't trust the client, it will reverse the IP address based on DNS and /etc/hosts (we do have an option to only use /etc/hosts) if the server does trust the client, the client will have to use proper HOST value in the messages it sends. by default syslog-ng uses gethostname() to find out its own hostname, but if you are using a different client that might work differently. if you use syslog-ng on the client side HOST should be consistent for all messages. Hope this helps,