[rsyslog] Hostname matching with DNS
Scott Baker
bakers at web-ster.com
Mon Dec 24 21:06:48 CET 2007
Rainer Gerhards wrote:
> Scott,
>
> So now a bit more in-depth: the HOSTNAME is taken form the syslog message, while FROMHOST is the last hope. There is only a difference in relay scenarios - or, like here, based on DNS resolution. This is why you see different values. The point is to match against the same one that is used in the catchall rule.
>
> However, I think the most appropriate thing to do is add a FROMHOST-IP property, which always has the IP address of the sender, no matter if the -x option is given or not.
>
> Would that help?
Ya I think a FROMHOST-IP property would be great. It'd make setting
up my rules easier. Tell me more about hosts resolution vs DNS
resolution?
I have some FROMHOST rules that work just fine, but as soon as I add
a hosts entry it stops logging. So somewhere it's using the host
entry but I can't figure out how/where or what precedence that has
over DNS.
--
Scott Baker - Canby Telcom
RHCE - System Administrator - 503.266.8253
More information about the rsyslog
mailing list