0

How can syslog-ng get the domain names instead of IP address that I received? I'm able to get those information but in IP address, I would like to get the DST/HOST to domain names instead of getting IP address.

http://imageshack.com/a/img33/685/4aui.png

Also I did enable use_dns, use_fqdn and keep_hostname but I'm still unable to get the domain name. 

options {
    use_dns (yes);
    use_fqdn (yes);
    keep_hostname (yes);
};
Jien Wai
  • 1
  • 1
  • 2
  • Do reverse DNS records exist for the IP addresses you are receiving syslog data from? – SpacemanSpiff Nov 20 '13 at 05:31
  • @SpacemanSpiff I'm receiving syslog data from DD-WRT router. – Jien Wai Nov 20 '13 at 05:35
  • @JienWai Syslog-NG can't (or at least *shouldn't*) molest the input data - It should log exactly what your device sends it. If you want IP addresses write a script to post-process the log. The options you're setting are only for syslog-ng's internal functionality (when it records who it got the data from)... – voretaq7 Nov 20 '13 at 16:54
  • Related http://serverfault.com/questions/26430/fqdns-during-migration-from-syslogd-to-syslog-ng – kubanczyk Nov 21 '15 at 00:10

1 Answers1

1

If you have these options set (as you should), then it means that there is no reverse dns lookup available for the incoming IP. In this case, you will need to manually add the hosts to your /etc/hosts file and ensure that your nsswitch.conf file is set to use:

hosts:          files dns
Clayton Dukes
  • 444
  • 2
  • 9
  • How am I going to setting? It look exactly the same what you state here. For an example if I get the host address is `123.456.789.123` how am I going to display it original domain name like `google.com` – Jien Wai Nov 21 '13 at 03:13
  • You would add the following to your /etc/hosts file: 123.456.789.123 myhost.domain.com – Clayton Dukes Nov 21 '13 at 05:11
  • Except insert the IP instead of domain name manually, is there anyway that can covert IP to domain name automatically? There is a huge IP with different domain, I can expect I know each of them. – Jien Wai Nov 21 '13 at 07:03
  • 1
    @JienWai, yes, that is what DNS is for :) – Clayton Dukes Dec 05 '13 at 23:29