[syslog-ng] how rewrite the HOST macro?

K K kkadow at gmail.com
Sun Aug 12 21:57:17 CEST 2007


On 8/12/07, mobidyc <mobidyc at gmail.com> wrote:
> K K wrote:
> >
> > Why not just make sure that all of the servers have good reverse DNS
> > entries for the IP from which they would source syslog packets, and
> > let  "keep_hostname(no); use_dns(yes);" populate $HOST with the DNS
> > lookup results?
> >
> because it's impossible to change the way the reverse
> dns are done.
>
> the names server0e0 and server0e1 are here because
> there is multpile networks for the same machine, i can't
> ask the network team for change the way they use for
> a software i want to use.

There is one way -- you can override them locally on the server
runnign syslog-ng, so your log server believes the reverse DNS for all
those aliases all actually resolve to "server0".

You can do this with /etc/hosts if your resolver will check /etc/hosts
for reverse DNS (e.g. with a flag in /etc/resolv.conf, but the exact
mechanism is OS-dependent).


> i think i need to find another way for dispatch the messages
> in the good destinations, maybe dynamically create
> symlinks before the message pass through the log statment
> but i must be careful with the cpu consumption in this case.

Sounds like it would be easier to hack the syslog-ng source code to
find where it translates IP addresses to names, and just add code to
check if the last two characters are 'e' followed by a number, and if
so, truncate.

Not that anybody here would endorse making your own unique
unsupportable fork, but it would solve your problem.

Kevin


More information about the syslog-ng mailing list