[syslog-ng]I don't understand chain_hostnames option & why it fixes this problem...

Jim Mozley syslog-ng@lists.balabit.hu
Fri, 24 Oct 2003 08:45:33 +0100



> There was a question in FAQ titled:
>
>  What is with all the "hostname" options?
>
> Is that the one you were referring to?
>
> I copied the explanation below.  It does not explain why
> the source alias is part of the hostname and why
> these options add or remove them.
>
> Chris
>
>
>
>
> When syslog-ng receives a message it tries to rewrite the hostname it
contains
> unless keep_hostname is true. If the hostname is to be rewritten
> (e.g. keep_hostname is false), it checks whether chain_hostnames (or
> long_hostname which is an alias for chain_hostnames) is true. If
chain_hostnames
> is true, the name of the host syslog-ng received the message from is
appended to
> the hostname, otherwise it's replaced.
>
> So if you have a message which has hostname "server", and which resolves
to
> "server2", the following happens:
>
>                       keep_hostname(yes) keep_hostname(no)
> chain_hostname(yes)               server    server/server2
> chain_hostname(no)                server           server2
>
> I hope this makes things clear.

I see what you mean. I read it as it (chain_hostname) keeps the original
name as well as the one it resolves to. I had problems with keep_hostname so
turned if off and just resolved the IP to a hostname. I don't have
chain_hostname in my configuration (I suspect the default is no) so haven't
tried it.

Jim