[syslog-ng] Host Seperation
Fri, 10 Dec 1999 02:11:40 +1300 (NZDT)
On Thu, 9 Dec 1999, Balazs Scheidler wrote:
> log_hostnames() means that each hop on which the message traverses gets
> added to the host field:
Ahh ok, this makes complete sense now.
> If I understand correctly the above, if names can be resolved, everything
> works well. If they cannot, syslog-ng gives you "unable to write to file,
> because it's a directory"
Yes, that is correct.
> You should use regular expressions here, host("^1\.1\.1\.1$") should match
> only 184.108.40.206.
Noted. Didn't think to try regexp here.
> I would disable DNS, and add all logging hosts to the /etc/hosts file,
> because otherwise syslog-ng may block on DNS lookups. Maybe I'll have to add
> an option to disable DNS lookups completely, because it may easily lead to
> DoS attacks.
I'll stick with ip based myself, as this makes it easier when using the
$HOST variable for splitting. With domain names we could end up with a lot
of dupes (eg max1.akl.ihug.co.nz, max1.chc.ihug.co.nz) . The no dns option
would be appeciated as well when you have time.
IHUG Network Operations Team