On Wed, 25 May 2005 15:26:59 -0000, Speedy Sweedy said:
I am new to this list and new to syslog-ng so please forgive me if this question has been asked before. I looked through the archive but didn't come across anything that helped me.
I have syslog-ng working on my FC3 box with SELinux set at its highest setting(wow that was fun!) but it logs the IP address of the remote host instead of the hostname. I can't seem to get it to log anything different than the IP address of the box sending the log. Here is my options in syslog-ng.conf:
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); };
what am I doing wrong?
Most likely, you have a borked syslog-ng.te that doesn't allow the syslog-ng process to read /etc/nsswitch.conf or similar, breaking DNS lookups. Grep through your logs and find any avc entries that reference syslog-ng. (And BTW - FC4 is about to escape, I'd *strongly* recommend upgrading to it if you're doing any SELinux work - the policy definitions have been worked on a *lot*. If you can't upgrade, at least get the updated SELinux RPMs (they should work OK on the FC3 kernel)).