[syslog-ng] Reverse DNS

Jesper Markenstam Jesper.Markenstam at reuters.com
Wed Mar 1 12:55:57 CET 2006 

Hello,
 
I am sure this topic has been beaten to death, but I cannot find answers
anywhere. Apologies if I have missed something - here we go:
 
I run syslog-ng 1.6.4 on Sol 9 Sparc (sunfreeware distribution). It
works fine, except I want syslog-ng to resolve IP's to hostnames, and
create directories using the resolved name rather than IP (long term, I
will look at MySQL, but I would still have to get either DNS or
keep_hostname to work). I installed bind 9.2.3 on the log server and
setup a reverse zone authoritative for in-addr.arpa., but it still
doesn't work. At this time, I prefer to use reverse DNS rather than
hostname. I was not able to create_dirs based on keep_hostname(yes)
either.
 
dig works, and returns NOERROR when I run dig -x 1.2.3.4 @127.0.0.1 for
example. The reverse zone is fully populated with all hosts that will be
logging syslog-ng.
 
nsswitch.conf:
hosts:      dns files
ipnodes:    dns files
everything else is files only.
 
resolv.conf:
nameserver 127.0.0.1
 
syslog-ng.conf:
# Options
options {
          use_fqdn(no);
          use_dns(yes);
          dns_cache(yes);
          sync(5);
          keep_hostname(no);
          chain_hostnames(no);
          create_dirs(yes); # bad!
          perm(0644);
          dir_perm(0755);
          use_time_recvd(yes);
        };
 
# Sources
source s_udp     { udp(); };
 
# logging to console
destination l_console  { file ("/dev/console");       };

# logging of cisco's via udp to individual files and to one file
destination r_cisco { file( "/remote/$HOST/$HOST-$YEAR$MONTH.LOG" );
file( "/r
emote/all/alldevices.log" ); };
 
# Remote sources
log { source (s_udp);  destination (r_cisco); };

 
Kind regards
Jesper
 
 
 

Jesper Markenstam

IS&T Systems Analyst


REUTERS.KNOW.NOW.
www.reuters.com <http://www.reuters.com/> 

 


To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060301/1a8cb374/attachment.html

More information about the syslog-ng mailing list