[syslog-ng] Host Seperation

[Nigel Bovey]

On Thu, 9 Dec 1999, Balazs Scheidler wrote:

> log_hostnames() means that each hop on which the message traverses gets
> added to the host field:

Ahh ok, this makes complete sense now.

> If I understand correctly the above, if names can be resolved, everything
> works well. If they cannot, syslog-ng gives you "unable to write to file,
> because it's a directory"

Yes, that is correct.

> You should use regular expressions here, host("^1\.1\.1\.1$") should match
> only 1.1.1.1.

Noted. Didn't think to try regexp here.

> I would disable DNS, and add all logging hosts to the /etc/hosts file,
> because otherwise syslog-ng may block on DNS lookups. Maybe I'll have to add
> an option to disable DNS lookups completely, because it may easily lead to
> DoS attacks. 

I'll stick with ip based myself, as this makes it easier when using the
$HOST variable for splitting. With domain names we could end up with a lot
of dupes (eg max1.akl.ihug.co.nz, max1.chc.ihug.co.nz) . The no dns option
would be appeciated as well when you have time.

---
Nigel Bovey
IHUG Network Operations Team