Is there a way to change the use_fqdn() option based on the destination so that one receives the short host name an the other receives the FQ name? I'm using version 1.6.10. example: options { use_fqdn (yes) ... }; destination d_logfile { file("somelogfile") ; }; destination d_rmtserver { tcp("rmtserver.domain.com" port(514)); use_fqdn(no); }; Thank you, Chris Whipple Sr. Security Analyst Unix Security Group The Hertz Corporation 5601 NW Expressway Oklahoma City, OK 73132, USA cwhipple@hertz.com --------------- This message (including attachments) may contain information that is privileged, confidential or protected from disclosure. If you are not the intended recipient, you are hereby notified that dissemination, disclosure, copying, distribution or use of this message or any information contained in it is strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and delete this message from your computer. Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ---------------
On Thu, 2006-04-20 at 16:59 -0500, Chris Whipple wrote:
Is there a way to change the use_fqdn() option based on the destination so that one receives the short host name an the other receives the FQ name? I'm using version 1.6.10.
example:
options { use_fqdn (yes) ... };
destination d_logfile { file("somelogfile") ; }; destination d_rmtserver { tcp("rmtserver.domain.com" port(514)); use_fqdn(no); };
No it is not currently possible, and it is not very easy to do as hostname resolution is done at the receive side, it would be easier to do on a per-source basis. -- Bazsi
I would also like to be able to choose FQDN based on the local destination even from the same source. For example the local mail log would receive the short name (a requirement by our Sendmail Admins), but still have the security log get the FQ hostname. destination d_maillog { file("/var/log/maillog"); use_fqdn(no); }; destination d_seclog { file("/var/log/secure"); use_fqdn(yes); }; Maybe this could be considered for a future enhancement. Thank you, Chris Whipple Sr. Security Analyst Unix Security Group The Hertz Corporation 5601 NW Expressway Oklahoma City, OK 73132, USA cwhipple@hertz.com To "Syslog-ng users' and developers' mailing list" Balazs Scheidler <syslog-ng@lists.balabit.hu> <bazsi@balabit.hu> cc Sent by: syslog-ng-bounces@lists.bala Subject bit.hu Re: [syslog-ng] FQDN based on destination 04/23/2006 04:30 AM Please respond to "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> On Thu, 2006-04-20 at 16:59 -0500, Chris Whipple wrote:
Is there a way to change the use_fqdn() option based on the destination so that one receives the short host name an the other receives the FQ name? I'm using version 1.6.10.
example:
options { use_fqdn (yes) ... };
destination d_logfile { file("somelogfile") ; }; destination d_rmtserver { tcp("rmtserver.domain.com" port(514)); use_fqdn(no); };
No it is not currently possible, and it is not very easy to do as hostname resolution is done at the receive side, it would be easier to do on a per-source basis. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --------------- This message (including attachments) may contain information that is privileged, confidential or protected from disclosure. If you are not the intended recipient, you are hereby notified that dissemination, disclosure, copying, distribution or use of this message or any information contained in it is strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and delete this message from your computer. Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ---------------
On Tue, 25 Apr 2006 11:16:15 CDT, Chris Whipple said:
I would also like to be able to choose FQDN based on the local destination even from the same source. For example the local mail log would receive the short name (a requirement by our Sendmail Admins), but still have the security log get the FQ hostname.
I give up - why is "short name" a requirement for Sendmail? Perhaps understanding that might provide a better solution...
I give up - why is "short name" a requirement for Sendmail? Perhaps understanding that might provide a better solution...
It's just something at our company for the way the Mail administrators wrote their automated monitoring and investigation processes. They don't want to change to FQ, but we need the FQ name for the security logs since we have multiple subdomains. It's just different requirements for different departments. So, we just need one log (maillog) with the shortname and the rest of the logs with the FQ name. If it's not possible, that's ok. I just needed to find out. We'll work around it if not. Thank you, Chris Whipple Sr. Security Analyst Unix Security Group The Hertz Corporation 5601 NW Expressway Oklahoma City, OK 73132, USA cwhipple@hertz.com --------------- This message (including attachments) may contain information that is privileged, confidential or protected from disclosure. If you are not the intended recipient, you are hereby notified that dissemination, disclosure, copying, distribution or use of this message or any information contained in it is strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and delete this message from your computer. Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ---------------
participants (3)
-
Balazs Scheidler
-
Chris Whipple
-
Valdis.Kletnieks@vt.edu