Just populate your hosts file. On Tue, 1 Mar 2005 13:57:13 -0600, Kevin <kkadow@gmail.com> wrote:
On Mon, 28 Feb 2005 06:29:38 -0800, Nate Campi <nate@campin.net> wrote:
You haven't said what would you have it do when there's no hostname in the incoming message (as is the case here). Would you have it fall back to using the IP of the remote system? Maybe that's not a bad idea.
Anyways, the FAQ states that creating files based on hostnames in syslog messages is bad:
http://www.campin.net/syslog-ng/faq.html#bad_filenames
...and I happen to agree with it (oh wait - I wrote that! ;).
On the subject of log destination filenames by hostname or IP address, I would like to see an internal IP lookup table in syslog-ng, used to substitute for the IP address.
Currently I use DNS lookups against a local (tinydns) nameserver, one which does not know about the internet, is only populated with my local log source names and IP reverse DNS. In my opinion it'd be considerably more secure and efficient to keep the IP->name lookup table internally to syslog-ng.
Perhaps adding macros for $SRCIP and $SRCHOST expanding to the IP from which the packet was received by syslog-ng, and the hostname from an internal lookup table?