The syslog-ng 3.0 Administrator GuideDocument version: Tenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Tenth
|
|
The syslog-ng application can resolve the hostnames of the clients and include them in the log messages. However, the performance of syslog-ng is severely degraded if the domain name server is unaccessible or slow. Therefore, it is not recommended to resolve hostnames in syslog-ng. If you must use name resolution from syslog-ng, consider the following:
Use DNS caching. Verify that the DNS cache is large enough to store all
important hostnames. (By default, the syslog-ng DNS cache stores
1007 entries.)
options { dns_cache(2000); };
If the IP addresses of the clients change only rarely, set the expiry of the DNS cache large.
options { dns_cache_expire(87600); };
If possible, resolve the hostnames locally. See Section 7.4.1, “Resolving hostnames locally ” for details.
![[Note]](./note.png) |
Note |
|---|---|
Domain name resolution is important mainly in relay and server mode. |
Resolving hostnames locally enables you to display hostnames in the log files for frequently used hosts, without having to rely on a DNS server. The known IP address – hostname pairs are stored locally in a file. In the log messages, syslog-ng will replace the IP addresses of known hosts with their hostnames. To configure local name resolution, complete the following steps:
Procedure 7.1. Resolving hostnames locally
Add the hostnames and the respective IP addresses to the file used for
local name resolution. On Linux and UNIX systems, this is the
/etc/hosts file. Consult the documentation of your
operating system for details.
Instruct syslog-ng to resolve hostnames locally. Set the
use_dns() option of syslog-ng to
persist_only.
Set the dns_cache_hosts() option to point to the
file storing the hostnames.
options {
use_dns(persist_only);
dns_cache_hosts(/etc/hosts); };
© 2007-2008 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com