[syslog-ng]some questions

Balazs Scheidler bazsi@balabit.hu
Wed, 21 Aug 2002 14:05:59 +0200

On Thu, Aug 15, 2002 at 04:01:33PM +0000, Joerg Sommer wrote:
> Hi,
> * What's the difference between long_hostnames() and use_fqdn()?

long_hostnames() is a deprecated name for chain_hostnames(), it uses a
hostname format that makes it easy to track the syslog path, as every hop
inserts its hostname to each message.

fqdn means, that resolved hostnames will be inserted as FQDNs, otherwise
names after the first dot are truncated.

> * How get I names instead of ips in the logs? With use_dns()? How
>   dangerouse is use of use_dns()?

the way syslog-ng calculates hostnames is as follows:

if (keep_hostname && hostname present)
	use the hostname in the message
	/* ip is the address the message was received from  */
	if (use_dns)
		resolve ip and insert that (taking chain_hostnames into account)
		insert ip address (taking chain_hostnames into account)

the interesting function is sources.c:do_add_source_name()

> * Can I write a hostname instead of a ip in tcp()?

the same applies to tcp() as any other source.

> * I miss the default values of the options in the docu. What's default
>   for use_dns(), stats(),...?

the docu is somewhat out of date, and missing some parts.

> * When will encryption and authentication come?

in syslog-ng 2

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1