[syslog-ng] Hosts before DNS

Clayton Dukes cdukes at logzilla.net
Tue Aug 14 14:12:48 UTC 2018 

Sorry for asking the basic, "have you turned it off and on again" question, but have you checked /etc/nsswitch.conf to make sure it's set to use hosts first?



[cid:image001.png at 01D3FCD9.6DFA7670]First they'll say it's impossible, then they'll say it was inevitable

Clayton Dukes

CEO

LogZilla Corp

m:

936-4NetOps (463-8677)

a:

2900 N. Quinlan Park Rd, B240-341
Austin, TX 78732

w:

logzilla.net<https://www.logzilla.net/>  e: cdukes at logzilla.net<mailto:cdukes at logzilla.net>

[http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/twitter_sig.png]<https://twitter.com/logzilla>  [http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/linkedin_sig.png] <https://www.linkedin.com/in/lzcdukes/>






[cid:image004.png at 01D41528.4B573AB0]

The LogZilla platform provides unpreceded scale, data enrichment and automation for NetOps and SecOps teams freeing up millions in IT’s budget.






From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Jim Hendrick <james.r.hendrick at gmail.com>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Monday, August 13, 2018 at 2:37 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Hosts before DNS

I have used HOST_FROM to get the IP of the sending server. Might help and it saves a name lookup.
Jim

On Mon, Aug 13, 2018, 2:24 PM Oleg <olegr06 at gmail.com<mailto:olegr06 at gmail.com>> wrote:
I am using the latest version of ose ng, and have an issue I am trying to resolve.  We have hosts that resolve to multiple names via round robin dns.  So ng is capturing logs from all of those, depending on how it was resolved during during the connection.  For those types of hosts, I would like to configure ng to use hosts first, and fall back to dns resolution.   Tried different combinations of configs, but it does not work this way.  It either uses the hosts, or it does dns lookup.  Thanks in advance for any tips on resolving this.

Example:
10.0.0.1 resolve to www, app1, ftp
I want to call it webserver in /etc/hosts, and if the entry matches, ng would just use that name.
right now it creates 3 separate log files for the same host based on the name it's able to resolve at lookup.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Ccdukes%40logzilla.net%7Cad4b9ebad2614f3f83ea08d6014be142%7C17fac5c255634489bef45cda2e65588f%7C0%7C0%7C636697822756913887&sdata=1bkTAz4ZQ6SbP%2BcUw5UroOpcYYcQMomTwXnGK2sJlQ8%3D&reserved=0>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Ccdukes%40logzilla.net%7Cad4b9ebad2614f3f83ea08d6014be142%7C17fac5c255634489bef45cda2e65588f%7C0%7C0%7C636697822756923891&sdata=Un30FT8qROGeS5tJbCa78lZ1xuzQ5bte46%2F9x7RsSug%3D&reserved=0>
FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Ccdukes%40logzilla.net%7Cad4b9ebad2614f3f83ea08d6014be142%7C17fac5c255634489bef45cda2e65588f%7C0%7C0%7C636697822756923891&sdata=bhvIMm77dtLVu6ZFqNJ3%2BT26%2BoddijiScnyKBoi8afQ%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/2b0d0ea2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 145744 bytes
Desc: image001.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/2b0d0ea2/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 437 bytes
Desc: image002.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/2b0d0ea2/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 390 bytes
Desc: image003.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/2b0d0ea2/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2540 bytes
Desc: image004.png
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/2b0d0ea2/attachment-0007.png>

More information about the syslog-ng mailing list