[syslog-ng] DNS

Nate Campi nate at campin.net
Thu Dec 8 19:21:00 CET 2005


On Fri, Dec 02, 2005 at 03:04:25PM +0000, Kumaran Babu wrote:
> 
> Basically, I look at logging close to 40 Network devices which can
> potentially log as much 10Gigs or more of data. I want to use the DNS
> hostnames to be displayed when viewed in php-syslog-ng interface so I
> enabled DNS on syslog-ng conf file. I've changed the nsswitch.conf to look
> at hosts file and then dns server so that I can populate the individual
> device details into the hosts file so this server doesnt have to query the
> DNS server for the host details everytime it receives a log entry.
> 
> Am I doing the right thing or is there a better way of accomplishing this?

This is good, speed up lookups using /etc/hosts, I'd also enable DNS
caching in syslog-ng to help performance there (or run a local caching
nameserver that's only listening on a loopback interface).
 
> Also, planning to archive all of the logs onto files and not to simple files
> so that I can rotate the old logs DB every month. Again, am I doing the
> right thing or is there an alternate way to do this?

I don't know what you mean by this. What kind of log files are you
using?
-- 
Nate

A distributed system is one in which the failure of a computer you
didn't even know existed can render your own computer unusable. 



More information about the syslog-ng mailing list