[syslog-ng] Problem with hostnames!

mrgenius mrgenius420 at gmail.com
Fri Aug 5 13:55:37 CEST 2005 

phewww.. Its been over a month i am trying different things ..but its not 
giving me desired result... i have even switched my os from mandrake to RHEL 
4 .. still no sucess.
 i am again explaining my issue.. 
 i've syslog-ng-1.6.8-1 running on RHEL 4 AS. This Server is on public IP 
202.163.x.x . And Its receving Logs from Different Devices on network. 
(basically i run own isp). In Order to give friendly name to IPs of devices 
what i have done is to enter hostnames against IPs in /etc/hosts file.
So as a result of it.. All logs i get gets name of my desire.
 however Problem arises when i enabled syslog on certain devices which have 
Prive IP of 192.168.x.x 
 I entered hostnames in /etc/hosts for these private Ips as i did in case of 
public iP hosts .. but what i am getting in database is not the names of 
these Hosts.. instead i am getting PRIVATE IPs.
 I tried running local DNS on machine and make even reserve zones.. still 
result remained same.. then i entered these hosts names in my ISP's DNS .. 
but even then same result..
 Can Some one tell me Why this is happening?? why in the world syslog-ng is 
not giving hostnames to PRIVATE IPs.
 Please help me out :(

 On 7/15/05, Edward Brookhouse <ebroo at healthydirections.com> wrote: 
> 
>  About the last thing I can think of would be to run syslog-ng in a debug 
> window (or attach to it with gdb) and see exactly which system calls are 
> made when an entry arrives. This will tell you which function is being used 
> to do name resolution – 
> 
>  So just to make sure I understand whats happening – no matter how hosts 
> file or use_dns is set you have hosts that are not being resolved? 
> 
> 
> Oh – did you check reverse dns ?
> 
>   ------------------------------
>  
> *From:* mrgenius [mailto:mrgenius420 at gmail.com] 
> *Sent:* Friday, July 15, 2005 3:01 AM
> *To:* Edward Brookhouse 
> *Cc:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Problem with hostnames!
> 
>   Well if set use_dns(off) then it stops reading /etc/hosts file and start 
> storing hosts as IP addresses. 
>  
>  I am using Mandrake 10.1 Official......
>  
>  In nsswitch.conf i have tried by giving DNS, file and file,dns both 
> combination.. but it doesn't make any difference... its still neither 
> picking private Ips from /etc/hosts nor from local cache dns server.
>  
>    
> 
>  On 7/14/05, *Edward Brookhouse* <*ebroo at healthydirections.com*<ebroo at healthydirections.com>> 
> wrote: 
>  
> What happens if you set use_dns (off); does your hosts file get read then? 
> What OS is this? How is the system nsswitch.conf setup for resolution?
> 
> Also maybe double check your resolv.conf what is the domain listing and 
> search order listed in there? 
> 
>    ------------------------------
>  
> *From:* *syslog-ng-bounces at lists.balabit.hu*<syslog-ng-bounces at lists.balabit.hu>[mailto:
> *syslog-ng-bounces at lists.balabit.hu* <syslog-ng-bounces at lists.balabit.hu>] 
> *On Behalf Of *mrgenius
> *Sent:* Thursday, July 14, 2005 12:53 AM
> *To:* Ken Garland
> *Cc:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Problem with hostnames!
>  
>  Yes here is the portion of my syslog-ng.cong
>  
>  #####################################
>  
> options { sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (yes);
> use_dns (yes);
> use_fqdn (yes);
> create_dirs (no);
> keep_hostname (no); 
> };
> 
> source sys { unix-stream ("/dev/log"); internal(); };
> source net { 
> udp(ip(* 0.0.0.0* <http://0.0.0.0/>) port(514) );
> };
> 
> 
> destination d_mysql {
> pipe("/tmp/mysql.pipe"
> template("INSERT INTO logs
> (host, facility, priority, level, tag, datetime, program, msg) 
> VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', 
> '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', 
> '$PROGRAM', '$MSG' );\n") template-escape(yes));
> };
> log { source(net); destination(d_mysql); 
>  
> ##############################################
>  
>    But if you say that syslog-ng first queries DNS Server ... then why it 
> is resolving names for all public Ips which i defined in /etc/hosts and 
> those public Ips have no entries in my defined DNS Servers. 
>  
>  i am quite confused how this thing is actually working??
>  
>  Regards,
>  
>  -Geni
>  
>    
> 
>  On 7/14/05, *Ken Garland* <* ken.garland at rotech.com*<ken.garland at rotech.com>> 
> wrote: 
> 
> paste the relevant parts of your .conf file.
> 
> mrgenius wrote:
> 
> >
> > Hi All!
> >
> > I am using Syslog-ng with php-syslog-ng. to give names of my choices 
> > to different hosts IP what i did was to define hostnames against each
> > IP of host in /etc/hosts file.
> >
> > It was working fine with Public IP adresses.. But I have some hosts on 
> > local network too with 192.168 IPs . The pRoblem i am now facing is
> > that its not storing logs with HOSTNAMES of private IPs. Where as its
> > working fine and giving names of Public IPs.
> >
> > For example In My /etc/hosts file i have these 2 entries 
> >
> > *202.164.1.1* <http://202.164.1.1/> <* http://202.164.1.1*<http://202.164.1.1/>> 
> broadband-router
> > *192.168.77.1* <http://192.168.77.1/> <* http://192.168.77.1*<http://192.168.77.1/>> 
> primary-router
> >
> > For 1st entry Logs in database will come with name broadband-router,
> > which is what i want
> > For 2nd Entry Logs in database will come with name *192.168.77.1*<http://192.168.77.1/>
> > <* http://192.168.77.1* <http://192.168.77.1/>>, which is what i Don't 
> want
> >
> >
> > Any body has any idea?? any thing to do in configuration of syslog-ng?? 
> >
> > Regards,
> >
> > -Geni
> >
> >------------------------------------------------------------------------ 
> >
> >_______________________________________________
> >syslog-ng maillist - *syslog-ng at lists.balabit.hu*<syslog-ng at lists.balabit.hu>
> *** *
> >*https://lists.balabit.hu/mailman/listinfo/syslog-ng*<https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> >Frequently asked questions at *http://www.campin.net/syslog-ng/faq.html*<http://www.campin.net/syslog-ng/faq.html>
> >
> >
> >
> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050805/f20087a9/attachment.htm

More information about the syslog-ng mailing list