[syslog-ng]$HOST gives IP address instead of hostname
_/CaT\_
cat_roger22@hotmail.com
Thu, 22 Aug 2002 14:14:19 +0200
HI *,
I have to get events from _Enterasys_ machines and I need to resolve IP
address with /etc/hosts.
When I set on Keep_hostname() I receive logs bad formatted, an example:
Before:
2002 Aug 22 10:42:20 10.1.163.3 local7.err unknown or ambiguous facility
\'e\'
After:
2002 Aug 22 10:42:20 %CLI-E-FACUNKNWN, local7.err unknown or ambiguous
facility \'e\'
And more when I try to set Gethostname() on or yes ,in the configuration
file I received an error.:
..
The active options are:
options {
long_hostnames(off);keep_hostname(no);sync(0);stats(3600);use_dns(no);
# gethostbyname(yes);
use_fqdn(no);dns_cache(no);log_fifo_size(1000);gc_idle_threshold(100);gc
_busy_threshold(3000);};
This is a new bug or a mistake of mine ?
Thanks
_/CaT\_
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of William Yodlowsky
Sent: Wednesday, August 21, 2002 3:16 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]$HOST gives IP address instead of hostname
Balazs Scheidler <bazsi@balabit.hu> wrote:
> On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
> > William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
> >
> > > Hello,
> > >
> > > I have syslog-ng configured with create_dirs(yes) and $HOST in
> > > several
> > > places, and I find that occasionally during a restart (HUP or
> > > stop/start) it will create some directories with the IP address of
the
> > > machine instead of the resolved hostname. I have these options in
use:
> > >
> > > options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
> > >
> > > All systems that are sending logs to this machine have an entry in
> > > the /etc/hosts file locally, yet some end up with a logfile with
> > > this in it:
> > >
> > > Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12
> > > 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00
> > > a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03
> > > a.b.c.d syslog-ng version 1.5.13 starting
> > >
> > > a.b.c.d is in private address space.
> > >
> > > I should note that this happened with 1.5.10 as well.
>
> if use_dns() is set to no, syslog-ng will _never_ resolve hostnames,
> not even from /etc/hosts. (as gethostbyname() immediately goes to DNS
> if not found in /etc/hosts)
>
> The reason you have hostnames in your files is that you have
> keep_hostname() set to yes, which makes syslog-ng to accept any
> hostname it receives. If hostname was not specified by the sender,
> syslog-ng inserts one on its own, and as use_dns is off, it inserts an
> IP address.
>
> If you are sure syslog-ng may not receive messages from hosts that are
> not resolvable, simply turn use_dns() on. This will make syslog-ng to
> resolve those IPs.
>
> Note that syslog-ng blocks on DNS queries, thus it might be an easy
> DoS.
Wonderfully simple answer. Thanks very much!
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html