13 Oct
2010
13 Oct
'10
8:23 a.m.
Hello, We have a single entry in the SCHEMAS to store login/logout sources: usracct.device. Often only IP address appears in the logs, but sometimes both hostname and IP address. I tend to use IP address in this case, as that's something stable network wide, while a hostname could have only local relevance (/etc/hosts or a local DNS server). What do you think? Is IP enough, or we should also find a way to store hostnames? Is there any situation, when hostnames matter? Bye, -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/