[syslog-ng]syslog entries without hostnames
David Douthitt
ssrat@mailbag.com
Tue, 19 Jun 2001 14:56:33 -0500
It seems like there are a LOT of these. Isn't it possible to make
some options to handle them? I was thinking of options, but... what
about this?
Check the hostname of the message against the hostname using DNS and
see if they match. If not, shift the message over and put the
hostname in - and perhaps label it to show that it was inserted....
So a message from 192.168.3.3 (hostname folly) that contained no
hostname but said: "last message repeated 5 times" would then become:
Jun-XX XX:XX:XX folly* last message repeated 5 times
...and the log might look like this:
Jun-XX XX:XX:XX folly su: access denied
Jun-XX XX:XX:XX folly* last message repeated 5 times
Jun-XX XX:XX:XX folly --mark--
Well?
Only problem I could see is if the hostname in the syslog entry
doesn't match the name of the host as a normal event; I don't see this
happening.
This does, however, generate more DNS traffic, unless you cache the
entries - maybe within syslog-ng.