[syslog-ng]syslog entries without hostnames

Brad Arlt arlt@cpsc.ucalgary.ca
Tue, 19 Jun 2001 15:57:01 -0600 

On Tue, Jun 19, 2001 at 02:56:33PM -0500, David Douthitt wrote:
> Jun-XX XX:XX:XX folly* last message repeated 5 times
> 
> ...and the log might look like this:
> 
> Jun-XX XX:XX:XX folly su: access denied
> Jun-XX XX:XX:XX folly* last message repeated 5 times
> Jun-XX XX:XX:XX folly --mark--
> 
> Well?

I like it.  I can't recall if this in syslog-ng already, but something
I have always want was for syslog-ng not to believe the remote host
when it say my hostname is x, and to replace x with the IP address in
the packet (not useful for forwarded logs, but thats why its an
option).

The problem I can see with this is there isn't really a way to tell
in, "last message repeated 5 times" that the word "last" is not a
hostname (I'm not that intimate with the protocol so I could be
wrong).  One could simply prepend a hostname to the line (with a
delimiter), and this would side step the issue.  The down side is you
may get messages like: "folly*folly last message repeated 5 times"

While typing I recall that 1.5.x has some sort of template
functionality, if there is a "remote host IP" macro then you may be
able to do this now.

> Only problem I could see is if the hostname in the syslog entry
> doesn't match the name of the host as a normal event; I don't see this
> happening.

I can see this happening semi frequently in the enviroment, I setup
boxes with one name, but the name the rest of the world uses.  This is
more a product of my laziness than anything else.  But I prefer to log
IP addresses anyway, so the point is moot (for me atleast :).

> This does, however, generate more DNS traffic, unless you cache the
> entries - maybe within syslog-ng.

Or in the hosts file.  Yes, I know you loose flexablity, but you do
gain speed, and reliability.
----------------------------------------------------------------------------
   __o		Bradley Arlt	  Email: arlt@cpsc.ucalgary.ca         o__
 _ \<_				    WWW: www.acs.ucalgary.ca/~bdarlt   _>/ _
(_)/(_)  -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)