Re: [syslog-ng] Problem with hostnames!

5 Aug 2005

      phewww.. Its been over a month i am trying different things ..but its not 
giving me desired result... i have even switched my os from mandrake to RHEL 
4 .. still no sucess.
 i am again explaining my issue.. 
 i've syslog-ng-1.6.8-1 running on RHEL 4 AS. This Server is on public IP 
202.163.x.x . And Its receving Logs from Different Devices on network. 
(basically i run own isp). In Order to give friendly name to IPs of devices 
what i have done is to enter hostnames against IPs in /etc/hosts file.
So as a result of it.. All logs i get gets name of my desire.
 however Problem arises when i enabled syslog on certain devices which have 
Prive IP of 192.168.x.x 
 I entered hostnames in /etc/hosts for these private Ips as i did in case of 
public iP hosts .. but what i am getting in database is not the names of 
these Hosts.. instead i am getting PRIVATE IPs.
 I tried running local DNS on machine and make even reserve zones.. still 
result remained same.. then i entered these hosts names in my ISP's DNS .. 
but even then same result..
 Can Some one tell me Why this is happening?? why in the world syslog-ng is 
not giving hostnames to PRIVATE IPs.
 Please help me out :(

 On 7/15/05, Edward Brookhouse <ebroo@healthydirections.com> wrote:
...
About the last thing I can think of would be to run syslog-ng in a debug 
window (or attach to it with gdb) and see exactly which system calls are 
made when an entry arrives. This will tell you which function is being used 
to do name resolution –
So just to make sure I understand whats happening – no matter how hosts 
file or use_dns is set you have hosts that are not being resolved?
Oh – did you check reverse dns ?
------------------------------
*From:* mrgenius [mailto:mrgenius420@gmail.com] 
*Sent:* Friday, July 15, 2005 3:01 AM
*To:* Edward Brookhouse 
*Cc:* Syslog-ng users' and developers' mailing list
*Subject:* Re: [syslog-ng] Problem with hostnames!
Well if set use_dns(off) then it stops reading /etc/hosts file and start 
storing hosts as IP addresses.
I am using Mandrake 10.1 Official......
In nsswitch.conf i have tried by giving DNS, file and file,dns both 
combination.. but it doesn't make any difference... its still neither 
picking private Ips from /etc/hosts nor from local cache dns server.
On 7/14/05, *Edward Brookhouse* <*ebroo@healthydirections.com*<ebroo@healthydirections.com>> 
wrote:
What happens if you set use_dns (off); does your hosts file get read then? 
What OS is this? How is the system nsswitch.conf setup for resolution?
Also maybe double check your resolv.conf what is the domain listing and 
search order listed in there?
------------------------------
*From:* *syslog-ng-bounces@lists.balabit.hu*<syslog-ng-bounces@lists.balabit.hu>[mailto:
*syslog-ng-bounces@lists.balabit.hu* <syslog-ng-bounces@lists.balabit.hu>] 
*On Behalf Of *mrgenius
*Sent:* Thursday, July 14, 2005 12:53 AM
*To:* Ken Garland
*Cc:* Syslog-ng users' and developers' mailing list
*Subject:* Re: [syslog-ng] Problem with hostnames!
Yes here is the portion of my syslog-ng.cong
#####################################
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (yes);
use_dns (yes);
use_fqdn (yes);
create_dirs (no);
keep_hostname (no); 
};
source sys { unix-stream ("/dev/log"); internal(); };
source net { 
udp(ip(* 0.0.0.0* <http://0.0.0.0/>) port(514) );
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg) 
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', 
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', 
'$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log { source(net); destination(d_mysql);
##############################################
But if you say that syslog-ng first queries DNS Server ... then why it 
is resolving names for all public Ips which i defined in /etc/hosts and 
those public Ips have no entries in my defined DNS Servers.
i am quite confused how this thing is actually working??
Regards,
-Geni
On 7/14/05, *Ken Garland* <* ken.garland@rotech.com*<ken.garland@rotech.com>> 
wrote:
paste the relevant parts of your .conf file.
mrgenius wrote:
...
Hi All!
I am using Syslog-ng with php-syslog-ng. to give names of my choices 
to different hosts IP what i did was to define hostnames against each
IP of host in /etc/hosts file.
It was working fine with Public IP adresses.. But I have some hosts on 
local network too with 192.168 IPs . The pRoblem i am now facing is
that its not storing logs with HOSTNAMES of private IPs. Where as its
working fine and giving names of Public IPs.
For example In My /etc/hosts file i have these 2 entries
*202.164.1.1* <http://202.164.1.1/> <* http://202.164.1.1*<http://202.164.1.1/>>
broadband-router
...
*192.168.77.1* <http://192.168.77.1/> <* http://192.168.77.1*<http://192.168.77.1/>> 
primary-router
For 1st entry Logs in database will come with name broadband-router,
which is what i want
For 2nd Entry Logs in database will come with name *192.168.77.1*<http://192.168.77.1/>
<* http://192.168.77.1* <http://192.168.77.1/>>, which is what i Don't 
want
Any body has any idea?? any thing to do in configuration of syslog-ng??
Regards,
-Geni
------------------------------------------------------------------------
_______________________________________________
syslog-ng maillist - *syslog-ng@lists.balabit.hu*<syslog-ng@lists.balabit.hu>

...
*https://lists.balabit.hu/mailman/listinfo/syslog-ng*<https://lists.balabit.hu/mailman/listinfo/syslog-ng>
Frequently asked questions at *http://www.campin.net/syslog-ng/faq.html*<http://www.campin.net/syslog-ng/faq.html>