[syslog-ng] DNS and hosts
Hari Sekhon
hpsekhon at googlemail.com
Thu Sep 28 17:19:31 CEST 2006
I have a logserver with a mysql back-end and php-syslog-ng front-end.
I was doing some work on DNS (migration to another machine, another
version) yesterday and it was down for a little while. I noticed today
that in the logserver interface I have loads of ip addresses instead of
hostnames.
So I had to go through and change the fields for all those hosts
manually, which was quite annoying. In order to stop this from happening
again I was wondering what steps I could take.
My logserver conf options section is as follows:
options {
chain_hostnames(off);
sync(10);
stats(43200);
keep_hostname(no);
use_dns(yes);
dns_cache(yes);
create_dirs(yes);
log_fifo_size(5000);
};
If I change keep_hostname() to yes will I still get validation via dns
or not? I think not judging from the docs. I was wondering if perhaps it
would use dns and if unavailable it would use the name from the logs.
Wishful thinking?
On a DNS front, I was wondering if I could just copy a hosts file with
all the dns names in it to the /etc/hosts of the linux system running
the logserver. Would this work? Would syslog-ng obey the nsswitch of the
linux system and use the hosts file first? Or does it have to do a dns
request when use_dns(yes) is the options{}; ?
This way, I'll never have this problem again if I need to fiddle the DNS
server. I already have a hosts file generated when I update my dns
server records so this is ready to go if it will work...
All feedback welcome.
-h
--
Hari Sekhon
More information about the syslog-ng
mailing list