By the time you have to query dns you may as well just re-write the hostname, though. If storing things by IP, it's not as friendly and doesn't come out very well if using any interface since you then have to become a dns server yourself and query to match host and ip before you can get any useful information out of it. The advantage of your method is that you can inspect it the machines are sending the wrong hostname. -h Hari Sekhon Nathan Campi wrote:
I think I put an example in the faq on how to store logs in files/dirs according to the source IP or DNS hostname but store the log entries with the hostname the client sent.
Something like that is a good balance between the two, don't trust the client but still have record of what was sent. -- Nate Campi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html