[syslog-ng]DNS fun
Glen Williams
gwilliam@uu.net
Thu, 29 Mar 2001 16:54:35 +1000
I'm playing with a syslog server that will have quite a number clients. I'm
running syslog-ng-1.4.11 on Solaris 8. I've been testing with both use_dns
on and off with little success. My destination is
destination messages { file("/var/log/$HOST/$FACILITY.$YEAR$MONTH$DAY.$HOUR"
create_dirs(yes) ); };
With it on, I get messages in both
/var/log/<hostname>/local0..... and
/var/log/<IP address>/local0.....
The number of messages I get in the IP address directory is small, less than
1%. I just assume that syslog-ng gives up on the dns query and writes $HOST
as the IP rather than the hostname. This occurs less when a dns cache is
installed, but it's still not great having two log files. It doesn't really
seem to be blocking on the lookup failures, as I'm not noticing a timeout
happening.
To overcome this, I turned use_dns off. I have clients using nsyslog-ng
using tcp as the transfer protocol. Now these nsyslog-ng clients are logging
to
/var/log/<hostname>/local0 and NEVER in
/var/log/<IP address>/local0
I want both nsyslog-ng and standard syslog clients to log to the same
directory format. I'll settle for the $HOST variable being the IP. What am I
missing for nsyslog-ng clients using tcp to do this?
Thanks,
Glen