On Fri, 2009-01-09 at 10:46 +0000, Pennington, Philip wrote:
Sandor,
Thanks for your comments and useful suggestions.
The requirement is somewhat complicated in that at a point along the chain, I need to have the originating hostname for host filtering purposes, whereas at the end of the chain, I need syslog-ng to present the IP. That's why I began talking about reverse name resolution on the last relay.
well, with syslog-ng 3.0 and parse/rewrite you could probably encode all the needed information into the message payload and the change it back at the endpoints. see my blog about parse/rewrite capabilities: http://bazsi.blogs.balabit.com/2008/10/syslog-ng-message-parsing.html or the what's new document: http://www.balabit.com/dl/guides/syslog-ng-v3.0-guide-whatsnew-en.pdf the open source version of syslog-ng 3.0 is already released, although the official announcement is still due. -- Bazsi