> > I like
> > #2 or #3, but I don't know how to use a private nsswitch.conf file, however
> > I know that this is possible, since sendmail uses one.
>
> I think I'll use both, #2 and #3 in parallel which should give me a maximum of
> reliablility. This solution should work fine for me because I do not need to
> mix local and remote entries within one logfile.
>
> But what about the following idea:
>
> Some sort of "private" hosts file for syslog-ng? Let's say
> /etc/syslog-ng/syslog-ng.hosts with an "ip\thost" format (even simpler than
> /etc/hosts), e.g.:
>
> 127.0.0.1 localhost
> 192.168.1.1 host1
> 192.168.1.2 host2
> 192.168.1.3 host3
> 192.168.1.4 host4
>
> It shouldn't be very hard to implement a new option which allows you to use
> this file (and only this file) as the source of name resolution. If an IP is
> found, great if not we'll resort to the ip. This makes us independent from any
> name service problems (not only outages, syslog-ng will use the correct
> hostname, even if someone spoofes your nameserver)
>
> In my eyes, something worth thinking about. Maybe I'll have some free minutes
> tomorrow giving this a try.
I've found an internal glibc 2.1 function which would allow exactly this,
but using the system's /etc/hosts file. This would add a dependency on glibc
though, and could also mean that a future glibc would become incompatible.
This example shows how it looks like:
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
int main()
{
struct in_addr a;
struct hostent *he;
inet_aton("193.6.40.1", &a);
__nss_configure_lookup("hosts", "files");
he = gethostbyaddr((char *) &a, sizeof(a), AF_INET);
if (he)
{
printf("hostname=%s\n", he->h_name);
}
else
{
printf("not found\n");
}
}
The name of 193.6.40.1 is only found if it's listed in /etc/hosts.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt