About the last thing I can think of would be to run syslog-ng in a debug window (or attach to it with gdb) and see exactly which system calls are made when an entry arrives. This will tell you which function is being used to do name resolution –
So just to make sure I understand whats happening – no matter how hosts file or use_dns is set you have hosts that are not being resolved?
Oh – did you check reverse dns ?
From: mrgenius [mailto: mrgenius420@gmail.com]
Sent: Friday, July 15, 2005 3:01 AM
To: Edward Brookhouse
Cc: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Problem with hostnames!
Well if set use_dns(off) then it stops reading /etc/hosts file and start storing hosts as IP addresses.
I am using Mandrake 10.1 Official......
In nsswitch.conf i have tried by giving DNS, file and file,dns both combination.. but it doesn't make any difference... its still neither picking private Ips from /etc/hosts nor from local cache dns server.
On 7/14/05, Edward Brookhouse < ebroo@healthydirections.com> wrote:
What happens if you set use_dns (off); does your hosts file get read then? What OS is this? How is the system nsswitch.conf setup for resolution?
Also maybe double check your resolv.conf what is the domain listing and search order listed in there?
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu ] On Behalf Of mrgenius
Sent: Thursday, July 14, 2005 12:53 AM
To: Ken Garland
Cc: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Problem with hostnames!
Yes here is the portion of my syslog-ng.cong
#####################################
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (yes);
use_dns (yes);
use_fqdn (yes);
create_dirs (no);
keep_hostname (no);
};source sys { unix-stream ("/dev/log"); internal(); };
source net {
udp(ip( 0.0.0.0) port(514) );
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log { source(net); destination(d_mysql);##############################################
But if you say that syslog-ng first queries DNS Server ... then why it is resolving names for all public Ips which i defined in /etc/hosts and those public Ips have no entries in my defined DNS Servers.
i am quite confused how this thing is actually working??
Regards,
-Geni
On 7/14/05, Ken Garland < ken.garland@rotech.com> wrote:
paste the relevant parts of your .conf file.
mrgenius wrote:
>
> Hi All!
>
> I am using Syslog-ng with php-syslog-ng. to give names of my choices
> to different hosts IP what i did was to define hostnames against each
> IP of host in /etc/hosts file.
>
> It was working fine with Public IP adresses.. But I have some hosts on
> local network too with 192.168 IPs . The pRoblem i am now facing is
> that its not storing logs with HOSTNAMES of private IPs. Where as its
> working fine and giving names of Public IPs.
>
> For example In My /etc/hosts file i have these 2 entries
>
> 202.164.1.1 < http://202.164.1.1> broadband-router
> 192.168.77.1 < http://192.168.77.1> primary-router
>
> For 1st entry Logs in database will come with name broadband-router,
> which is what i want
> For 2nd Entry Logs in database will come with name 192.168.77.1
> < http://192.168.77.1>, which is what i Don't want
>
>
> Any body has any idea?? any thing to do in configuration of syslog-ng??
>
> Regards,
>
> -Geni
>
>------------------------------------------------------------------------
>
>_______________________________________________
>syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>