On Thu, 9 Dec 1999, Balazs Scheidler wrote:
log_hostnames() means that each hop on which the message traverses gets added to the host field:
Ahh ok, this makes complete sense now.
If I understand correctly the above, if names can be resolved, everything works well. If they cannot, syslog-ng gives you "unable to write to file, because it's a directory"
Yes, that is correct.
You should use regular expressions here, host("^1\.1\.1\.1$") should match only 1.1.1.1.
Noted. Didn't think to try regexp here.
I would disable DNS, and add all logging hosts to the /etc/hosts file, because otherwise syslog-ng may block on DNS lookups. Maybe I'll have to add an option to disable DNS lookups completely, because it may easily lead to DoS attacks.
I'll stick with ip based myself, as this makes it easier when using the $HOST variable for splitting. With domain names we could end up with a lot of dupes (eg max1.akl.ihug.co.nz, max1.chc.ihug.co.nz) . The no dns option would be appeciated as well when you have time. --- Nigel Bovey IHUG Network Operations Team