syslog server is not getting the source hostname

http://www.campin.net/syslog-ng/expanded-syslog-ng.conf

HOST               The name of the source host where the message
#                       is originated from. If the message traverses
#                       several hosts, and chain_hostnames() is on,
#                       the first one is used.

destination std {
        file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY"
                owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
        );
};


when i used $HOST i am getting IP address of the host and not the hostname

why?
linuxpersonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MarkCommented:
Did you try $HOSTNAME instead of $HOST?
0
savoneCommented:
Does the machine have access to a DNS server to resolve the IP to a host (PTR) record?
0
gheistCommented:
If you resolve reverse DNS it will add 1/1000-15s delay before log message hits the disk. You can resolve IPs offline if you really need it later.
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

savoneCommented:
@gheist, if your DNS takes 15 seconds to answer you have more problems than syslog.

You can also add all the hostname to the host file on the syslog server if you do not want to send a bunch or queries to your DNS server.
0
gheistCommented:
DNS timeout to understand that there is no record is 5..45s depending on age of system. Like 90% of internet has no reverse delegation... Thats why suggestion to use best practice of not doing DNS lookups during log capture.
0
savoneCommented:
Wouldn't the best practice be to add the necessary DNS records?
0
linuxpersonAuthor Commented:
it was a DNS issue. i fixed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
linuxpersonAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for linuxperson's comment #a40689985
Assisted answer: 250 points for gheist's comment #a40677412
Assisted answer: 250 points for savone's comment #a40677851

for the following reason:

found solution myself
0
savoneCommented:
I have to object, I mentioned DNS issues several times. My first comment was questioning about DNS.
0
gheistCommented:
We both can be right in a good solution - no more inline lookup and DNS fixed - a clear win-win...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.