[syslog-ng] Re: newbie question on dns_cache in syslog2.x

[Matt Zagrabelny]

> What do other folks do with large numbers of machines?
> 
> Do you not resolve names and log with IP addresses only?

that is correct:
use_dns(no);

in /etc/syslog-ng/syslog-ng.conf i have:

source s_remote {
        udp();
};

destination df_catch_all {
        file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY"
                owner(root) group(root) perm(0644) dir_perm(0755)
create_dirs(yes)
        );
};

log {
        source(s_remote);
        destination(df_catch_all);
};

out of cron (once an hour) i run:

#!/usr/bin/perl

use strict;
use Socket;

my $syslog_input_directory = '/storage/syslog/hosts/';
my $syslog_output_directory = '/storage/syslog/hosts_by_name/';

my @all_hosts = glob "$syslog_input_directory*";

my @all_destination_hosts = glob "$syslog_output_directory*";
for (@all_destination_hosts) {
        unlink $_;
}

for (@all_hosts) {
        # take off the leading part
        s/^$syslog_input_directory//;
	my $inet_aton_addr = inet_aton($ip);
	my $name = gethostbyaddr($inet_aton_addr, AF_INET);
        if ($name ne '') {
                symlink("$syslog_input_directory$_",
"$syslog_output_directory$name");
        }
}

-- 
Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 1024D/84E22DA2 2005-11-07
Fingerprint: 78F9 18B3 EF58 56F5 FC85  C5CA 53E7 887F 84E2 2DA2

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20061219/b91577d8/attachment.pgp