[syslog-ng] Advice on keeping hostnames/using dns

[Hari Sekhon]

By the time you have to query dns you may as well just re-write the 
hostname, though.

If storing things by IP, it's not as friendly and doesn't come out very 
well if using any interface since you then have to become a dns server 
yourself and query to match host and ip before you can get any useful 
information out of it.

The advantage of your method is that you can inspect it the machines are 
sending the wrong hostname.


-h

Hari Sekhon



Nathan Campi wrote:
> I think I put an example in the faq on how to store logs in files/dirs 
> according to the source IP or DNS hostname but store the log entries 
> with the hostname the client sent.
>
> Something like that is a good balance between the two, don't trust the 
> client but still have record of what was sent.
> -- 
> Nate Campi
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>