[syslog-ng] Advice on keeping hostnames/using dns

[Hari Sekhon]

Hi,

I'd like some advice on what I should do on my logserver regarding 
hostnames.

I've currently got

keep_hostnames(no)
use_dns(yes)

in order to get accurate and consistent hostnames but I'd like to 
consider just skipping the whole dns check rewriting thing and use

keep_hostnames(yes)
use_dns(no)

The only issue I can see from this is that the hostname gets logged 
according to the packet. I'm reasonably confident that most machines 
will report the right name in their logs to the logserver but I also 
think that it makes it all too possible to screw up the logserver 
maliciously since any old junk that is sent to the port is put into the 
logs so you could hammer the integrity of the logs just by sending loads 
of bogus logs from a machine with the name set to that of any other 
machine on the network.


Got any views on this?

All opinions welcome.

Thanks

Hari


-- 
Hari Sekhon