Feature Request: Internal IP to hostname lookup table (was Re: [syslog-ng]1.9.3 bug proposal : resolving $HOSTS in destination)

Kevin syslog-ng@lists.balabit.hu
Tue, 1 Mar 2005 13:57:13 -0600


On Mon, 28 Feb 2005 06:29:38 -0800, Nate Campi <nate@campin.net> wrote:
> You haven't said what would you have it do when there's no hostname in
> the incoming message (as is the case here). Would you have it fall back
> to using the IP of the remote system? Maybe that's not a bad idea.
> 
> Anyways, the FAQ states that creating files based on hostnames in syslog
> messages is bad:
> 
> http://www.campin.net/syslog-ng/faq.html#bad_filenames
> 
> ...and I happen to agree with it (oh wait - I wrote that! ;).

On the subject of log destination filenames by hostname or IP address,
I would like to see an internal IP lookup table in syslog-ng, used to
substitute for the IP address.

Currently I use DNS lookups against a local (tinydns) nameserver,
one which does not know about the internet, is only populated with
my local log source names and IP reverse DNS.  In my opinion it'd 
be considerably more secure and efficient to keep the IP->name lookup
table internally to syslog-ng.

Perhaps adding macros for $SRCIP and $SRCHOST expanding to the IP
from which the packet was received by syslog-ng, and the hostname
from an internal lookup table?


Kevin Kadow