[syslog-ng] [Bug 171] Unwanted IP adress Folder

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Sat Mar 31 22:27:47 CEST 2012


https://bugzilla.balabit.com/show_bug.cgi?id=171





--- Comment #1 from Balazs Scheidler <bazsi at balabit.hu>  2012-03-31 22:27:47 ---
well, to diagnose hostname related issues, it's important to know that:

1) a syslog message contains a hostname, which may or may not be used. 
   this hostname is _sent_ by the client
2) if the server is configured with keep-hostnames(yes), then the hostname 
   sent by the client is used
3) if the server is configured with keep-hostnames(no), then the hostname 
   sent by the client is _ignored_ and replaced by the result of the 
   reverse-DNS lookup of the sending IP address.
4) if syslog-ng replaces a hostname (because keep-hostname() is set to no),
   it'd only use dns if use-dns(yes) is enabled (which is the default).

I'd suggest to create a test environment, run syslog-ng in debug mode, and check 
the "Incoming message" line as it receives the message which is wrong. That line
in the debug output should show you what hostname the client sends. (the word right after the timestamp).

Then the configuration on the server should make it straightforward
to diagnose the issue.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list