Hello,
I am sure this
topic has been beaten to death, but I cannot find answers anywhere.
Apologies if I have missed something - here we go:
I run syslog-ng
1.6.4 on Sol 9 Sparc (sunfreeware distribution). It works fine, except
I want
syslog-ng to resolve IP's to hostnames, and create directories using the
resolved name rather than IP (long term, I will look at MySQL, but I
would still have to get either DNS or keep_hostname to work). I installed
bind 9.2.3 on the log server and setup a reverse zone authoritative for
in-addr.arpa., but it still doesn't work. At this time, I prefer to
use reverse DNS rather than hostname. I was not able to create_dirs based on
keep_hostname(yes) either.
dig works, and
returns NOERROR when I run dig -x 1.2.3.4 @127.0.0.1 for example.
The reverse zone is fully populated with all hosts that will be logging
syslog-ng.
nsswitch.conf:
hosts: dns
files
ipnodes: dns files
everything else is files
only.
resolv.conf:
nameserver
127.0.0.1
syslog-ng.conf:
# Options
options
{
use_fqdn(no);
use_dns(yes);
dns_cache(yes);
sync(5);
keep_hostname(no);
chain_hostnames(no);
create_dirs(yes);
# bad!
perm(0644);
dir_perm(0755);
use_time_recvd(yes);
};
# Sources
source
s_udp { udp(); };
# logging to
console
destination l_console { file
("/dev/console"); };
# logging of cisco's via
udp to individual files and to one file
destination r_cisco { file(
"/remote/$HOST/$HOST-$YEAR$MONTH.LOG" ); file( "/r
emote/all/alldevices.log"
); };
# Remote sources
log {
source (s_udp); destination (r_cisco); };
Kind
regards
Jesper
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.