Hi, * What's the difference between long_hostnames() and use_fqdn()? * How get I names instead of ips in the logs? With use_dns()? How dangerouse is use of use_dns()? * Can I write a hostname instead of a ip in tcp()? * I miss the default values of the options in the docu. What's default for use_dns(), stats(),...? * When will encryption and authentication come? Joerg.
On Thu, Aug 15, 2002 at 04:01:33PM +0000, Joerg Sommer wrote:
Hi,
* What's the difference between long_hostnames() and use_fqdn()?
long_hostnames() is a deprecated name for chain_hostnames(), it uses a hostname format that makes it easy to track the syslog path, as every hop inserts its hostname to each message. fqdn means, that resolved hostnames will be inserted as FQDNs, otherwise names after the first dot are truncated.
* How get I names instead of ips in the logs? With use_dns()? How dangerouse is use of use_dns()?
the way syslog-ng calculates hostnames is as follows: if (keep_hostname && hostname present) use the hostname in the message else /* ip is the address the message was received from */ if (use_dns) resolve ip and insert that (taking chain_hostnames into account) else insert ip address (taking chain_hostnames into account) the interesting function is sources.c:do_add_source_name()
* Can I write a hostname instead of a ip in tcp()?
the same applies to tcp() as any other source.
* I miss the default values of the options in the docu. What's default for use_dns(), stats(),...?
the docu is somewhat out of date, and missing some parts.
* When will encryption and authentication come?
in syslog-ng 2 -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Balazs Scheidler schrieb :
On Thu, Aug 15, 2002 at 04:01:33PM +0000, Joerg Sommer wrote:
* How get I names instead of ips in the logs? With use_dns()? How dangerouse is use of use_dns()?
the way syslog-ng calculates hostnames is as follows:
if (keep_hostname && hostname present) use the hostname in the message else /* ip is the address the message was received from */ if (use_dns) resolve ip and insert that (taking chain_hostnames into account) else insert ip address (taking chain_hostnames into account)
How dangerous is that? Is the full service locked until the timeout occures? Is the ip marked as bad. And when will the "keep_hostname" buffer updated?
* I miss the default values of the options in the docu. What's default for use_dns(), stats(),...?
the docu is somewhat out of date, and missing some parts.
It really out of date!
* When will encryption and authentication come?
in syslog-ng 2
..and when will this released?
Msg from Joerg Sommer: Hi,
How dangerous is that? Is the full service locked until the timeout occures? Is the ip marked as bad. And when will the "keep_hostname" buffer updated?
Relying on another service is always dangerous :) The syslog-ng's we run don't seem to be threaded, so I guess there is no way they would not block on DNS lookups? I don't think the IP is marked as bad, since that could affect logging behaviour in another way you might not desi- re when DNS goes down. I'm not sure though. I don't understand the last question, since keep_hostname is somewhat unrelated to DNS? If you're about to rely on *anything* to feed information to your audit trails, better make sure it's secure and it doesn't fail at all. Otherwise, don't. syslog-ng runs beautifully without anything else, and it's really cheap to implement DNS lookups in log reporting programs.
* When will encryption and authentication come?
in syslog-ng 2
..and when will this released?
Are you seriously asking about a timeline for an open source project? Probably when somebody writes the functionality, want to volunteer? ;) As for your complaints about the documentation, have you come across the FAQ at http://www.campin.net/syslog-ng/faq.html yet? Greetings, Gregor.
On Mon, Aug 26, 2002 at 04:42:38PM +0000, Joerg Sommer wrote:
Balazs Scheidler schrieb :
On Thu, Aug 15, 2002 at 04:01:33PM +0000, Joerg Sommer wrote: in syslog-ng 2
..and when will this released?
I have a semiworking syslog-ng release 1.9.0 on my laptop, though it's not ready for real-life scenarios. we are currently focusing on Zorp 2 (to be released this autumn), and then syslog-ng 2. syslog-ng 2 is a complete reimplementation based on glib. so the hassle with libol and scsh will not be needed. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (3)
-
Balazs Scheidler
-
Gregor Binder
-
Joerg Sommer