[syslog-ng]Can some servers only be allowed to chained?

Jason Haar syslog-ng@lists.balabit.hu
Tue, 13 May 2003 19:33:54 +1200

Nate Campi wrote:
> On Fri, May 02, 2003 at 09:51:48AM +1200, Jason Haar wrote:
> Jason,
> You might have worked out a solution by now, but could you try to
> explain what you're trying to do here in different language?

No I haven't - so I'm more than happy to re-phrase :-)

I have an environment whereby there is a hierarchy of syslog servers. 
Clients in each subnet  feed to a "central subnet" syslog server, then 
those subnet servers feed to the Central Syslog Server (CSS). The 
reasoning is complex - but firewalls and ACL management of those 
firewalls is part of the reason behind this "layering".

What I want is that each "subnet server" is talked to by it's subnet's 
standard syslog clients via UDP, and that its template is such that it 
ignores the hostname the client claims to be, and instead resolves that 

However, the "subnet servers" talk to the CSS over TCP, and it has to 
trust the hostnames given by the "subnet servers"- otherwise that would 
break those "proxied" records.

The above I can do fine. The problem is that the CSS is *also* the 
"subnet server" for the LAN it's on - so it needs to support UDP,etc.

So my question is: can it "trust" the hostname provided by TCP-based 
syslog servers, and do a PTR lookup on the ones provided via UDP. From 
what I can see in syslog-ng - it can't.