linuxperson
asked on
syslog server is not getting the source hostname
http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
destination std {
file ("/var/log/HOSTS/$YEAR-$MO NTH/$HOST/ $FACILITY- $YEAR-$MON TH-$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};
when i used $HOST i am getting IP address of the host and not the hostname
why?
HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
destination std {
file ("/var/log/HOSTS/$YEAR-$MO
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};
when i used $HOST i am getting IP address of the host and not the hostname
why?
Did you try $HOSTNAME instead of $HOST?
Does the machine have access to a DNS server to resolve the IP to a host (PTR) record?
If you resolve reverse DNS it will add 1/1000-15s delay before log message hits the disk. You can resolve IPs offline if you really need it later.
@gheist, if your DNS takes 15 seconds to answer you have more problems than syslog.
You can also add all the hostname to the host file on the syslog server if you do not want to send a bunch or queries to your DNS server.
You can also add all the hostname to the host file on the syslog server if you do not want to send a bunch or queries to your DNS server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not really e.g.
https://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups
https://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for linuxperson's comment #a40689985
Assisted answer: 250 points for gheist's comment #a40677412
Assisted answer: 250 points for savone's comment #a40677851
for the following reason:
found solution myself
Accepted answer: 0 points for linuxperson's comment #a40689985
Assisted answer: 250 points for gheist's comment #a40677412
Assisted answer: 250 points for savone's comment #a40677851
for the following reason:
found solution myself
I have to object, I mentioned DNS issues several times. My first comment was questioning about DNS.
We both can be right in a good solution - no more inline lookup and DNS fixed - a clear win-win...