On Wed, 2010-12-01 at 10:34 +0100, Christophe Brocas wrote:
Hello
I am working on the right and consistent way to store log messages in destination files. I try to obtain a single file per host, based on HOST value in log messages..
Currently, I have inconsistent values in HOST part of log messages, so destination files are also inconsistents.
To answer to this problem, I am going to use at first the SOURCEIP macro in my destination file paths.
But I want to improve this situation. So I would like to be sure of the understanding I have of the FULLHOST_FROM macro.
If use_dns() is set to yes, does the expansion of FULLHOST_FROM macro follow this stream ?
1. Syslog-NG takes the IP address of the host sending the message 2. Syslog-NG tries to get the reverse value (as dig -x) from the IP address 3. Syslog-NG expands the macro with the FQDN obtained in point 2
That's right.
(What if DNS reverse fails ? The macro returns only the IP address ?)
yes. -- Bazsi