[syslog-ng]$HOST gives IP address instead of hostname

_/CaT\_ cat_roger22@hotmail.com
Thu, 22 Aug 2002 14:14:19 +0200


HI *,
I have to get events from _Enterasys_ machines and I need to resolve IP
address with /etc/hosts.
When I set on Keep_hostname() I receive logs bad formatted, an example:

Before:
2002 Aug 22 10:42:20 10.1.163.3 local7.err unknown or ambiguous facility
\'e\'

After:
2002 Aug 22 10:42:20 %CLI-E-FACUNKNWN, local7.err unknown or ambiguous
facility \'e\'

And more when I try to set Gethostname() on or yes ,in the configuration
file I received an error.:

 ..

The active options are:
options {
  long_hostnames(off);keep_hostname(no);sync(0);stats(3600);use_dns(no);
#  gethostbyname(yes);
 
use_fqdn(no);dns_cache(no);log_fifo_size(1000);gc_idle_threshold(100);gc
_busy_threshold(3000);};


This is a new bug or a mistake of mine ?
Thanks
_/CaT\_

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of William Yodlowsky
Sent: Wednesday, August 21, 2002 3:16 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]$HOST gives IP address instead of hostname


Balazs Scheidler <bazsi@balabit.hu> wrote:

> On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
> > William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
> > 
> > > Hello,
> > >
> > > I have syslog-ng configured with create_dirs(yes) and $HOST in 
> > > several
> > > places, and I find that occasionally during a restart (HUP or 
> > > stop/start) it will create some directories with the IP address of
the
> > > machine instead of the resolved hostname.  I have these options in
use:
> > >
> > > options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
> > >
> > > All systems that are sending logs to this machine have an entry in

> > > the /etc/hosts file locally, yet some end up with a logfile with 
> > > this in it:
> > >
> > > Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12

> > > 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00

> > > a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 
> > > a.b.c.d syslog-ng version 1.5.13 starting
> > >
> > > a.b.c.d is in private address space.
> > >
> > > I should note that this happened with 1.5.10 as well.
>
> if use_dns() is set to no, syslog-ng will _never_ resolve hostnames, 
> not even from /etc/hosts. (as gethostbyname() immediately goes to DNS 
> if not found in /etc/hosts)
>
> The reason you have hostnames in your files is that you have 
> keep_hostname() set to yes, which makes syslog-ng to accept any 
> hostname it receives. If hostname was not specified by the sender, 
> syslog-ng inserts one on its own, and as use_dns is off, it inserts an

> IP address.
>
> If you are sure syslog-ng may not receive messages from hosts that are

> not resolvable, simply turn use_dns() on. This will make syslog-ng to 
> resolve those IPs.
>
> Note that syslog-ng blocks on DNS queries, thus it might be an easy 
> DoS.

Wonderfully simple answer.  Thanks very much!


_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html