[syslog-ng] DNS and hosts

Hari Sekhon hpsekhon at googlemail.com
Thu Sep 28 17:19:31 CEST 2006

I have a logserver with a mysql back-end and php-syslog-ng front-end.

I was doing some work on DNS (migration to another machine, another 
version) yesterday and it was down for a little while. I noticed today 
that in the logserver interface I have loads of ip addresses instead of 

So I had to go through and change the fields for all those hosts 
manually, which was quite annoying. In order to stop this from happening 
again I was wondering what steps I could take.

My logserver conf options section is as follows:

options {

If I change keep_hostname() to yes will I still get validation via dns 
or not? I think not judging from the docs. I was wondering if perhaps it 
would use dns and if unavailable it would use the name from the logs. 
Wishful thinking?

On a DNS front, I was wondering if I could just copy a hosts file with 
all the dns names in it to the /etc/hosts of the linux system running 
the logserver. Would this work? Would syslog-ng obey the nsswitch of the 
linux system and use the hosts file first? Or does it have to do a dns 
request when use_dns(yes) is the options{}; ?

This way, I'll never have this problem again if I need to fiddle the DNS 
server. I already have a hosts file generated when I update my dns 
server records so this is ready to go if it will work...

All feedback welcome.


Hari Sekhon

More information about the syslog-ng mailing list