[syslog-ng] Problem with hostnames!
Kevin
kkadow at gmail.com
Thu Jul 14 02:19:06 CEST 2005
On 7/13/05, Edward Brookhouse <ebroo at healthydirections.com> wrote:
> -Hmm.. I think syslog ng internal calls DNS but doesn't look at the hosts
> file
That is my experience.
I work around this "feature" by configuring a local authoritative name server
on the machine running syslog-ng, and put "nameserver 127.0.0.1" as the first
line of the local /etc/resolv.conf.
When syslog-ng sees a packet from 192.168.77.1, it makes a DNS query
for 1.77.168.192.in-addr.arpa. If your local server is authoritative for
the zone "168.192.in-addr.arpa", you can return any name you like, and that
is what syslog-ng will record in the log file.
Feature request:
It'd be great if you could include a DNS override section in your syslog-ng.conf
listing IP addresses and hostnames, which would be consulted before (or instead
of DNS if use_dns is disabled) for translating source IP addresses to names.
One trivial hack to solve this might be to pre-populate the dns_cache with
non-expiring entries.
Kevin Kadow
More information about the syslog-ng
mailing list