Hi All! I am using Syslog-ng with php-syslog-ng. to give names of my choice to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file. It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs. Any body has any idea?? any thing to do in configuration of syslog-ng?? Regards, -Geni
Hi All! I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file. It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs. For example In My /etc/hosts file i have these 2 entries 202.164.1.1 <http://202.164.1.1> broadband-router 192.168.77.1 <http://192.168.77.1> primary-router For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name 192.168.77.1<http://192.168.77.1>, which is what i Don't want Any body has any idea?? any thing to do in configuration of syslog-ng?? Regards, -Geni
paste the relevant parts of your .conf file. mrgenius wrote:
Hi All!
I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file.
It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs.
For example In My /etc/hosts file i have these 2 entries
202.164.1.1 <http://202.164.1.1> broadband-router 192.168.77.1 <http://192.168.77.1> primary-router
For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name 192.168.77.1 <http://192.168.77.1>, which is what i Don't want
Any body has any idea?? any thing to do in configuration of syslog-ng??
Regards,
-Geni
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Yes here is the portion of my syslog-ng.cong ##################################### options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (yes); use_dns (yes); use_fqdn (yes); create_dirs (no); keep_hostname (no); }; source sys { unix-stream ("/dev/log"); internal(); }; source net { udp(ip(0.0.0.0 <http://0.0.0.0>) port(514) ); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(net); destination(d_mysql); ############################################## But if you say that syslog-ng first queries DNS Server ... then why it is resolving names for all public Ips which i defined in /etc/hosts and those public Ips have no entries in my defined DNS Servers. i am quite confused how this thing is actually working?? Regards, -Geni On 7/14/05, Ken Garland <ken.garland@rotech.com> wrote:
paste the relevant parts of your .conf file.
mrgenius wrote:
Hi All!
I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file.
It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs.
For example In My /etc/hosts file i have these 2 entries
202.164.1.1 <http://202.164.1.1> <http://202.164.1.1> broadband-router 192.168.77.1 <http://192.168.77.1> <http://192.168.77.1> primary-router
For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name 192.168.77.1<http://192.168.77.1> <http://192.168.77.1>, which is what i Don't want
Any body has any idea?? any thing to do in configuration of syslog-ng??
Regards,
-Geni
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
What happens if you set use_dns (off); does your hosts file get read then? What OS is this? How is the system nsswitch.conf setup for resolution? Also maybe double check your resolv.conf what is the domain listing and search order listed in there? _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of mrgenius Sent: Thursday, July 14, 2005 12:53 AM To: Ken Garland Cc: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Problem with hostnames! Yes here is the portion of my syslog-ng.cong ##################################### options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (yes); use_dns (yes); use_fqdn (yes); create_dirs (no); keep_hostname (no); }; source sys { unix-stream ("/dev/log"); internal(); }; source net { udp(ip(0.0.0.0) port(514) ); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(net); destination(d_mysql); ############################################## But if you say that syslog-ng first queries DNS Server ... then why it is resolving names for all public Ips which i defined in /etc/hosts and those public Ips have no entries in my defined DNS Servers. i am quite confused how this thing is actually working?? Regards, -Geni On 7/14/05, Ken Garland <ken.garland@rotech.com> wrote: paste the relevant parts of your .conf file. mrgenius wrote:
Hi All!
I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file.
It was working fine with Public IP adresses.. But I have some hosts on
local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs.
For example In My /etc/hosts file i have these 2 entries
202.164.1.1 <http://202.164.1.1> broadband-router 192.168.77.1 < http://192.168.77.1 <http://192.168.77.1> > primary-router
For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name 192.168.77.1 <http://192.168.77.1>, which is what i Don't want
Any body has any idea?? any thing to do in configuration of syslog-ng??
Regards,
-Geni
-----------------------------------------------------------------------
-
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Well if set use_dns(off) then it stops reading /etc/hosts file and start storing hosts as IP addresses. I am using Mandrake 10.1 Official...... In nsswitch.conf i have tried by giving DNS, file and file,dns both combination.. but it doesn't make any difference... its still neither picking private Ips from /etc/hosts nor from local cache dns server. On 7/14/05, Edward Brookhouse <ebroo@healthydirections.com> wrote:
What happens if you set use_dns (off); does your hosts file get read then? What OS is this? How is the system nsswitch.conf setup for resolution?
Also maybe double check your resolv.conf what is the domain listing and search order listed in there?
------------------------------
*From:* syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] *On Behalf Of *mrgenius *Sent:* Thursday, July 14, 2005 12:53 AM *To:* Ken Garland *Cc:* Syslog-ng users' and developers' mailing list *Subject:* Re: [syslog-ng] Problem with hostnames!
Yes here is the portion of my syslog-ng.cong
#####################################
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (yes); use_dns (yes); use_fqdn (yes); create_dirs (no); keep_hostname (no); };
source sys { unix-stream ("/dev/log"); internal(); }; source net { udp(ip(*0.0.0.0* <http://0.0.0.0/>) port(514) ); };
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(net); destination(d_mysql);
##############################################
But if you say that syslog-ng first queries DNS Server ... then why it is resolving names for all public Ips which i defined in /etc/hosts and those public Ips have no entries in my defined DNS Servers.
i am quite confused how this thing is actually working??
Regards,
-Geni
On 7/14/05, *Ken Garland* <*ken.garland@rotech.com*<ken.garland@rotech.com>> wrote:
paste the relevant parts of your .conf file.
mrgenius wrote:
Hi All!
I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file.
It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs.
For example In My /etc/hosts file i have these 2 entries
*202.164.1.1* <http://202.164.1.1/> <*http://202.164.1.1*<http://202.164.1.1/>>
broadband-router
*192.168.77.1* <http://192.168.77.1/> <* http://192.168.77.1*<http://192.168.77.1/>> primary-router
For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name *192.168.77.1*<http://192.168.77.1/> <*http://192.168.77.1* <http://192.168.77.1/>>, which is what i Don't want
Any body has any idea?? any thing to do in configuration of syslog-ng??
Regards,
-Geni
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - *syslog-ng@lists.balabit.hu*<syslog-ng@lists.balabit.hu> *https://lists.balabit.hu/mailman/listinfo/syslog-ng*<https://lists.balabit.hu/mailman/listinfo/syslog-ng> Frequently asked questions at *http://www.campin.net/syslog-ng/faq.html*<http://www.campin.net/syslog-ng/faq.html>
can someone help me or say me thats not possible to make the list ? ___________________________________________________________ Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
On Fri, 2005-07-15 at 10:15 +0200, Philipp Durrer wrote:
can someone help me or say me thats not possible to make the list ?
it is not currently possible. however I'm thinking about adding this feature. -- Bazsi
On 7/15/05, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Fri, 2005-07-15 at 10:15 +0200, Philipp Durrer wrote:
I'm new to syslog-ng and i would like to put all hosts which sending thier logs to the server in one file without the logs. So i got only the hostnames and/or Ip's in the file as a list (each line a new host ?). And the second list should contain all IP Networks of the senders.
While syslog-ng doesn't do this today, you can accomplish what you are looking for by a destination with a template and an external script (pseudocode follows): destination d_hostlist { program("/usr/local/libexec/hostlist.sh" template("$HOST\n") ); } And in hostlist.sh: #!/bin/sh # Append one host read from stdin to a list of 'seen' hosts. # outfile="/var/tmp/hosts.txt" # Change this!!!! touch outfile read host grep -q -x $host $outfile || exit echo $host >> $outfile exit ###EOF### This is very much sub-optimal, very inefficient. A pipe would be slightly better.
can someone help me or say me thats not possible to make the list ?
it is not currently possible. however I'm thinking about adding this feature.
One approach that adds value could be to add an internal table tracking source hosts and the last time a message was received from each host. This table could be then be written out to internal() at the stats() interval. perhaps with a lower priority level? Kevin Kadow (P.S. Is there a public URL for tracking syslog-ng feature requests?)
Kevin wrote:
On 7/15/05, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Fri, 2005-07-15 at 10:15 +0200, Philipp Durrer wrote:
I'm new to syslog-ng and i would like to put all hosts which sending thier logs to the server in one file without the logs. So i got only the hostnames and/or Ip's in the file as a list (each line a new host ?). And the second list should contain all IP Networks of the senders.
While syslog-ng doesn't do this today, you can accomplish what you are looking for by a destination with a template and an external script (pseudocode follows):
destination d_hostlist { program("/usr/local/libexec/hostlist.sh" template("$HOST\n") ); }
And in hostlist.sh: #!/bin/sh # Append one host read from stdin to a list of 'seen' hosts. # outfile="/var/tmp/hosts.txt" # Change this!!!! touch outfile read host grep -q -x $host $outfile || exit echo $host >> $outfile exit ###EOF###
This is very much sub-optimal, very inefficient. A pipe would be slightly better.
Or how about: sort < /var/tmp/hosts.txt | uniq > /var/tmp/hosts.out
can someone help me or say me thats not possible to make the list ?
it is not currently possible. however I'm thinking about adding this feature.
One approach that adds value could be to add an internal table tracking source hosts and the last time a message was received from each host.
This table could be then be written out to internal() at the stats() interval. perhaps with a lower priority level?
Kevin Kadow
(P.S. Is there a public URL for tracking syslog-ng feature requests?) _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-Hmm.. I think syslog ng internal calls DNS but doesn't look at the hosts file I didn't actually look this up - so ymmv _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of mrgenius Sent: Wednesday, July 13, 2005 3:49 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Problem with hostnames! Hi All! I am using Syslog-ng with php-syslog-ng. to give names of my choices to different hosts IP what i did was to define hostnames against each IP of host in /etc/hosts file. It was working fine with Public IP adresses.. But I have some hosts on local network too with 192.168 IPs . The pRoblem i am now facing is that its not storing logs with HOSTNAMES of private IPs. Where as its working fine and giving names of Public IPs. For example In My /etc/hosts file i have these 2 entries 202.164.1.1 broadband-router 192.168.77.1 primary-router For 1st entry Logs in database will come with name broadband-router, which is what i want For 2nd Entry Logs in database will come with name 192.168.77.1, which is what i Don't want Any body has any idea?? any thing to do in configuration of syslog-ng?? Regards, -Geni
On 7/13/05, Edward Brookhouse <ebroo@healthydirections.com> wrote:
-Hmm.. I think syslog ng internal calls DNS but doesn't look at the hosts file
That is my experience. I work around this "feature" by configuring a local authoritative name server on the machine running syslog-ng, and put "nameserver 127.0.0.1" as the first line of the local /etc/resolv.conf. When syslog-ng sees a packet from 192.168.77.1, it makes a DNS query for 1.77.168.192.in-addr.arpa. If your local server is authoritative for the zone "168.192.in-addr.arpa", you can return any name you like, and that is what syslog-ng will record in the log file. Feature request: It'd be great if you could include a DNS override section in your syslog-ng.conf listing IP addresses and hostnames, which would be consulted before (or instead of DNS if use_dns is disabled) for translating source IP addresses to names. One trivial hack to solve this might be to pre-populate the dns_cache with non-expiring entries. Kevin Kadow
participants (7)
-
Balazs Scheidler
-
Edward Brookhouse
-
Ken Garland
-
Kevin
-
mrgenius
-
Philipp Durrer
-
Sander