I like #2 or #3, but I don't know how to use a private nsswitch.conf file, however I know that this is possible, since sendmail uses one.
I think I'll use both, #2 and #3 in parallel which should give me a maximum of reliablility. This solution should work fine for me because I do not need to mix local and remote entries within one logfile.
But what about the following idea:
Some sort of "private" hosts file for syslog-ng? Let's say /etc/syslog-ng/syslog-ng.hosts with an "ip\thost" format (even simpler than /etc/hosts), e.g.:
127.0.0.1 localhost 192.168.1.1 host1 192.168.1.2 host2 192.168.1.3 host3 192.168.1.4 host4
It shouldn't be very hard to implement a new option which allows you to use this file (and only this file) as the source of name resolution. If an IP is found, great if not we'll resort to the ip. This makes us independent from any name service problems (not only outages, syslog-ng will use the correct hostname, even if someone spoofes your nameserver)
In my eyes, something worth thinking about. Maybe I'll have some free minutes tomorrow giving this a try.
I've found an internal glibc 2.1 function which would allow exactly this, but using the system's /etc/hosts file. This would add a dependency on glibc though, and could also mean that a future glibc would become incompatible. This example shows how it looks like: #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> int main() { struct in_addr a; struct hostent *he; inet_aton("193.6.40.1", &a); __nss_configure_lookup("hosts", "files"); he = gethostbyaddr((char *) &a, sizeof(a), AF_INET); if (he) { printf("hostname=%s\n", he->h_name); } else { printf("not found\n"); } } The name of 193.6.40.1 is only found if it's listed in /etc/hosts. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt