On 8/12/07, mobidyc <mobidyc@gmail.com> wrote:
K K wrote:
Why not just make sure that all of the servers have good reverse DNS entries for the IP from which they would source syslog packets, and let "keep_hostname(no); use_dns(yes);" populate $HOST with the DNS lookup results?
because it's impossible to change the way the reverse dns are done.
the names server0e0 and server0e1 are here because there is multpile networks for the same machine, i can't ask the network team for change the way they use for a software i want to use.
There is one way -- you can override them locally on the server runnign syslog-ng, so your log server believes the reverse DNS for all those aliases all actually resolve to "server0". You can do this with /etc/hosts if your resolver will check /etc/hosts for reverse DNS (e.g. with a flag in /etc/resolv.conf, but the exact mechanism is OS-dependent).
i think i need to find another way for dispatch the messages in the good destinations, maybe dynamically create symlinks before the message pass through the log statment but i must be careful with the cpu consumption in this case.
Sounds like it would be easier to hack the syslog-ng source code to find where it translates IP addresses to names, and just add code to check if the last two characters are 'e' followed by a number, and if so, truncate. Not that anybody here would endorse making your own unique unsupportable fork, but it would solve your problem. Kevin