[syslog-ng] DNS hostnames vs. /etc/hosts?

micah milano micaho at gmail.com
Mon Mar 13 15:05:10 CET 2006


Hi,

I'm doing remote logging from one client, whose actual hostname is
"ibis", however the logs are being sent through an openVPN tunnel so
the receiving log server has this in /etc/hosts:

127.0.0.1      localhost       emu
10.8.0.5        ibis-vpn

What I cannot figure out is why a log directory is created for both
"ibis" and "ibis-vpn", I want all the logs from that host to appear in
one directory.

On the client I have:

destination server { tcp("10.8.0.1" port(514)); };


On the server I have:

options {
  long_hostnames(off);
  sync(1);
  stats(0);
  log_fifo_size(2048);
  dns_cache(yes);
  keep_hostname(yes);
  bad_hostname("gconfd");
  create_dirs(yes);
};


source tcp_src { tcp(max-connections(1000)
                           tcp-keep-alive(yes)); };

destination remote_servers { file("/whopper/logs/$HOST/$FACILITY.log"
                                              owner(root)
                                              group(adm)
                                              perm(0640)
                                              dir_perm(0755)
                                              create_dirs(yes)); };
log {
        source(tcp_src);
        destination(remote_servers);
        flags(final);
};


More information about the syslog-ng mailing list