[syslog-ng] Advice on keeping hostnames/using dns

Hari Sekhon hpsekhon at googlemail.com
Mon Nov 13 13:37:57 CET 2006


I'd like some advice on what I should do on my logserver regarding 

I've currently got


in order to get accurate and consistent hostnames but I'd like to 
consider just skipping the whole dns check rewriting thing and use


The only issue I can see from this is that the hostname gets logged 
according to the packet. I'm reasonably confident that most machines 
will report the right name in their logs to the logserver but I also 
think that it makes it all too possible to screw up the logserver 
maliciously since any old junk that is sent to the port is put into the 
logs so you could hammer the integrity of the logs just by sending loads 
of bogus logs from a machine with the name set to that of any other 
machine on the network.

Got any views on this?

All opinions welcome.



Hari Sekhon

More information about the syslog-ng mailing list