[syslog-ng]$HOST gives IP address instead of hostname

[William Yodlowsky]

Balazs Scheidler <bazsi@balabit.hu> wrote:

> On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
> > William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
> > 
> > > Hello,
> > >
> > > I have syslog-ng configured with create_dirs(yes) and $HOST in several 
> > > places, and I find that occasionally during a restart (HUP or 
> > > stop/start) it will create some directories with the IP address of the
> > > machine instead of the resolved hostname.  I have these options in use:
> > >
> > > options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
> > >
> > > All systems that are sending logs to this machine have an entry in the
> > > /etc/hosts file locally, yet some end up with a logfile with this in it:
> > >
> > > Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down
> > > Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting
> > > Aug 12 17:29:00 a.b.c.d syslog-ng version 1.5.13 going down
> > > Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting
> > >
> > > a.b.c.d is in private address space.
> > >
> > > I should note that this happened with 1.5.10 as well.
>
> if use_dns() is set to no, syslog-ng will _never_ resolve hostnames, not
> even from /etc/hosts. (as gethostbyname() immediately goes to DNS if not
> found in /etc/hosts)
>
> The reason you have hostnames in your files is that you have keep_hostname()
> set to yes, which makes syslog-ng to accept any hostname it receives. If
> hostname was not specified by the sender, syslog-ng inserts one on its own,
> and as use_dns is off, it inserts an IP address.
>
> If you are sure syslog-ng may not receive messages from hosts that are not
> resolvable, simply turn use_dns() on. This will make syslog-ng to resolve
> those IPs.
>
> Note that syslog-ng blocks on DNS queries, thus it might be an easy DoS.

Wonderfully simple answer.  Thanks very much!