thanks, I'll look into that... it seems to be a standard thing that I have never used or noticed before.... -h Hari Sekhon Evan Rempel wrote:
First, we have two DNS servers, so one can be down without any change in service.
Second, I just run the name service caching deamon (nscd) and configure it for whatever cache name timeout that I want. This does not help with syslog messages that come from a host that does not have an entry in the name cache such as a new host, but it works for me.
Evan.
Hari Sekhon wrote:
I have a logserver with a mysql back-end and php-syslog-ng front-end.
I was doing some work on DNS (migration to another machine, another version) yesterday and it was down for a little while. I noticed today that in the logserver interface I have loads of ip addresses instead of hostnames.
So I had to go through and change the fields for all those hosts manually, which was quite annoying. In order to stop this from happening again I was wondering what steps I could take.
My logserver conf options section is as follows:
options { chain_hostnames(off); sync(10); stats(43200); keep_hostname(no); use_dns(yes); dns_cache(yes); create_dirs(yes); log_fifo_size(5000); };
If I change keep_hostname() to yes will I still get validation via dns or not? I think not judging from the docs. I was wondering if perhaps it would use dns and if unavailable it would use the name from the logs. Wishful thinking?
On a DNS front, I was wondering if I could just copy a hosts file with all the dns names in it to the /etc/hosts of the linux system running the logserver. Would this work? Would syslog-ng obey the nsswitch of the linux system and use the hosts file first? Or does it have to do a dns request when use_dns(yes) is the options{}; ?
This way, I'll never have this problem again if I need to fiddle the DNS server. I already have a hosts file generated when I update my dns server records so this is ready to go if it will work...
All feedback welcome.
-h