Hari, This may help: ######################################################################## ################### # My config below ######################################################################## ################### options { long_hostnames(off); # doesn't actually help on Solaris, log(3) truncates at 1024 chars log_msg_size(8192); # buffer just a little for performance sync(1); # memory is cheap, buffer messages unable to write (like to loghost) log_fifo_size(16384); # Hosts we don't want syslog from #bad_hostname("^(ctld.|cmd|tmd|last)$"); # The time to wait before a dead connection is reestablished (seconds) time_reopen(10); #Use DNS so that our good names are used, not hostnames use_dns(yes); dns_cache(yes); #Use the whole DNS name use_fqdn(no); keep_hostname(no); chain_hostnames(yes); #Read permission for everyone perm(0644); # The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); }; -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Hari Sekhon Sent: Thursday, September 28, 2006 10:20 AM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] DNS and hosts I have a logserver with a mysql back-end and php-syslog-ng front-end. I was doing some work on DNS (migration to another machine, another version) yesterday and it was down for a little while. I noticed today that in the logserver interface I have loads of ip addresses instead of hostnames. So I had to go through and change the fields for all those hosts manually, which was quite annoying. In order to stop this from happening again I was wondering what steps I could take. My logserver conf options section is as follows: options { chain_hostnames(off); sync(10); stats(43200); keep_hostname(no); use_dns(yes); dns_cache(yes); create_dirs(yes); log_fifo_size(5000); }; If I change keep_hostname() to yes will I still get validation via dns or not? I think not judging from the docs. I was wondering if perhaps it would use dns and if unavailable it would use the name from the logs. Wishful thinking? On a DNS front, I was wondering if I could just copy a hosts file with all the dns names in it to the /etc/hosts of the linux system running the logserver. Would this work? Would syslog-ng obey the nsswitch of the linux system and use the hosts file first? Or does it have to do a dns request when use_dns(yes) is the options{}; ? This way, I'll never have this problem again if I need to fiddle the DNS server. I already have a hosts file generated when I update my dns server records so this is ready to go if it will work... All feedback welcome. -h -- Hari Sekhon _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html