Hiya- I'm setting up new syslog servers using syslog-ng in a mostly Solaris environment. Regular syslog logs messages from hosts with the actual hostname, but syslog-ng is logging the host's IP address instead. Not all machines are in DNS. Here's what I have: options { chain_hostnames(no); use_time_recvd(yes); log_fifo_size(1000); }; source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); udp(); }; destination d_hostlogs { file("/logs1/HOSTS/$HOST/capturedmessages.$HOST.$YEAR$MONTH$DAY" owner(root) group(sys) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(src); destination(d_hostlogs); }; Syslog-ng creates the files and dirs nicely. I just can't get the actual hostname like I used to when running regular ol' out-o'-the-box syslogd. I checked out the FAQ on Nate's site already (Nice job on the site and FAQ, Nate. It's been a very useful resource for me.). Many thanks. -->scottg
On Wed, Sep 18, 2002 at 05:06:54PM -0500, Grenier, Scott 1 - San Mateo, CA wrote:
I'm setting up new syslog servers using syslog-ng in a mostly Solaris environment. Regular syslog logs messages from hosts with the actual hostname, but syslog-ng is logging the host's IP address instead. Not all machines are in DNS. Here's what I have:
options { chain_hostnames(no); use_time_recvd(yes); log_fifo_size(1000); };
Use the options: keep_hostname(no); use_dns(yes); You might want to turn on DNS caching, since syslog-ng blocks on DNS lookups. dns_cache(yes); I find it handy to use fully qualified names, as hosts like "ns1" tend to pop up a lot. The FQDN saves the day. use_fqdn(yes);
I checked out the FAQ on Nate's site already (Nice job on the site and FAQ, Nate. It's been a very useful resource for me.).
Glad to hear it. -- "A round man cannot be expected to fit in a square hole right away. He must have time to modify his shape." - Samuel Clemens
participants (2)
-
Grenier, Scott 1 - San Mateo, CA
-
Nate Campi