On 7/13/05, Edward Brookhouse <ebroo@healthydirections.com> wrote:
-Hmm.. I think syslog ng internal calls DNS but doesn't look at the hosts file
That is my experience. I work around this "feature" by configuring a local authoritative name server on the machine running syslog-ng, and put "nameserver 127.0.0.1" as the first line of the local /etc/resolv.conf. When syslog-ng sees a packet from 192.168.77.1, it makes a DNS query for 1.77.168.192.in-addr.arpa. If your local server is authoritative for the zone "168.192.in-addr.arpa", you can return any name you like, and that is what syslog-ng will record in the log file. Feature request: It'd be great if you could include a DNS override section in your syslog-ng.conf listing IP addresses and hostnames, which would be consulted before (or instead of DNS if use_dns is disabled) for translating source IP addresses to names. One trivial hack to solve this might be to pre-populate the dns_cache with non-expiring entries. Kevin Kadow