On Thu, 16 Jun 2005, mrgenius wrote:

hi All! I am running syslog-ng logging in msyql database with phpsyslog-ng as front end. 1) Now i have 1 problem. The Devices which are sending logs don't have any hostnames associated with them nor i am running any DNS server. As a result the listing of hosts i am getting are in the form of IP addresses of hosts. Is it possible to show hostname against IP adresses?? Like x.x.x.x will be shown as ABC-ROUTER ?? if i define ABC-Router as x.x.x..x in /etc/hosts .. what configuration do i need to make in syslog-ng.conf??

Hallo! Yes, enter them in the /etc/hosts on the loghost. Make sure that the resolve order in the OS is set to hosts first, then dns.

2) I want to Allow only specific hosts to send logs to loghost. But when i tried to put IP of hosts in configuration it gave me errors. Starting system logger: io.c: bind_inet_socket() bind failed 61.x.x.x:514 Cannot assign requested address I used following configuration source net { udp(ip(61.x.x.x) port(514) ); udp(ip(62.x.x.x) port(514) ); udp(ip(63.x.x.x) port(514) ); }; Do i have to allow this policy on firewall or syslog-ng also supports it?? bcause with only udp(); Every device on internet can start sending me logs and my server will be under attack. Regards, -Geni

Wrong syntax- ip() tells the syslog-ng where on the local system to bind to- if the system is on a network, use firewall rules to protect your syslog agains a DOS attack. (I don't know if syslog-ng also supports tcpwrapper, like that configurable with /etc/hosts.allow) HTH Olaf -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)