[syslog-ng] DNS and hosts

Evan Rempel erempel at uvic.ca
Thu Sep 28 17:41:52 CEST 2006 

First, we have two DNS servers, so one can be down without any change in service.

Second, I just run the name service caching deamon (nscd) and configure it for whatever
cache name timeout that I want. This does not help with syslog messages that come from
a host that does not have an entry in the name cache such as a new host, but it
works for me.

Evan.

Hari Sekhon wrote:
> I have a logserver with a mysql back-end and php-syslog-ng front-end.
> 
> I was doing some work on DNS (migration to another machine, another 
> version) yesterday and it was down for a little while. I noticed today 
> that in the logserver interface I have loads of ip addresses instead of 
> hostnames.
> 
> So I had to go through and change the fields for all those hosts 
> manually, which was quite annoying. In order to stop this from happening 
> again I was wondering what steps I could take.
> 
> My logserver conf options section is as follows:
> 
> options {
>    chain_hostnames(off);
>    sync(10);
>    stats(43200);
>    keep_hostname(no);
>    use_dns(yes);
>    dns_cache(yes);
>    create_dirs(yes);
>    log_fifo_size(5000);
> };
> 
> If I change keep_hostname() to yes will I still get validation via dns 
> or not? I think not judging from the docs. I was wondering if perhaps it 
> would use dns and if unavailable it would use the name from the logs. 
> Wishful thinking?
> 
> 
> On a DNS front, I was wondering if I could just copy a hosts file with 
> all the dns names in it to the /etc/hosts of the linux system running 
> the logserver. Would this work? Would syslog-ng obey the nsswitch of the 
> linux system and use the hosts file first? Or does it have to do a dns 
> request when use_dns(yes) is the options{}; ?
> 
> This way, I'll never have this problem again if I need to fiddle the DNS 
> server. I already have a hosts file generated when I update my dns 
> server records so this is ready to go if it will work...
> 
> 
> All feedback welcome.
> 
> -h
> 


-- 
Evan Rempel                erempel at uvic.ca
Senior Programmer Analyst        250.721.7691
Computing Services
University of Victoria

More information about the syslog-ng mailing list