[syslog-ng] DNS and hosts

Dukes Clayton Clayton.Dukes at HCAhealthcare.com
Thu Sep 28 17:30:30 CEST 2006 

Hari,
This may help:

########################################################################
###################
# My config below
########################################################################
###################
options {
        long_hostnames(off);

        # doesn't actually help on Solaris, log(3) truncates at 1024
chars
        log_msg_size(8192);

        # buffer just a little for performance
        sync(1);

        # memory is cheap, buffer messages unable to write (like to
loghost)
        log_fifo_size(16384);

        # Hosts we don't want syslog from
        #bad_hostname("^(ctld.|cmd|tmd|last)$");

        # The time to wait before a dead connection is reestablished
(seconds)
        time_reopen(10);

        #Use DNS so that our good names are used, not hostnames
        use_dns(yes);
        dns_cache(yes);

        #Use the whole DNS name
        use_fqdn(no);

        keep_hostname(no);
        chain_hostnames(yes);

        #Read permission for everyone
        perm(0644);

        # The default action of syslog-ng 1.6.0 is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a
while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats(43200);
};
 

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Hari Sekhon
Sent: Thursday, September 28, 2006 10:20 AM
To: Syslog-ng users' and developers' mailing list
Subject: [syslog-ng] DNS and hosts

I have a logserver with a mysql back-end and php-syslog-ng front-end.

I was doing some work on DNS (migration to another machine, another
version) yesterday and it was down for a little while. I noticed today
that in the logserver interface I have loads of ip addresses instead of
hostnames.

So I had to go through and change the fields for all those hosts
manually, which was quite annoying. In order to stop this from happening
again I was wondering what steps I could take.

My logserver conf options section is as follows:

options {
    chain_hostnames(off);
    sync(10);
    stats(43200);
    keep_hostname(no);
    use_dns(yes);
    dns_cache(yes);
    create_dirs(yes);
    log_fifo_size(5000);
};

If I change keep_hostname() to yes will I still get validation via dns
or not? I think not judging from the docs. I was wondering if perhaps it
would use dns and if unavailable it would use the name from the logs. 
Wishful thinking?


On a DNS front, I was wondering if I could just copy a hosts file with
all the dns names in it to the /etc/hosts of the linux system running
the logserver. Would this work? Would syslog-ng obey the nsswitch of the
linux system and use the hosts file first? Or does it have to do a dns
request when use_dns(yes) is the options{}; ?

This way, I'll never have this problem again if I need to fiddle the DNS
server. I already have a hosts file generated when I update my dns
server records so this is ready to go if it will work...


All feedback welcome.

-h

--
Hari Sekhon

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list