This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Using name resolution in syslog-ng

The AxoSyslog application can resolve the hostnames of the clients and include them in the log messages. However, the performance of AxoSyslog is severely degraded if the domain name server is unaccessible or slow. Therefore, it is not recommended to resolve hostnames in syslog-ng. If you must use name resolution from syslog-ng, consider the following:

  • Use DNS caching. Verify that the DNS cache is large enough to store all important hostnames. (By default, the AxoSyslog DNS cache stores 1007 entries.)

        options { dns-cache-size(2000); };
    
  • If the IP addresses of the clients change only rarely, set the expiry of the DNS cache large.

        options { dns-cache-expire(87600); };
    
  • If possible, resolve the hostnames locally. For details, see Resolving hostnames locally.

1 - Resolving hostnames locally

Purpose:

Resolving hostnames locally enables you to display hostnames in the log files for frequently used hosts, without having to rely on a DNS server. The known IP address - hostname pairs are stored locally in a file. In the log messages, AxoSyslog will replace the IP addresses of known hosts with their hostnames. To configure local name resolution, complete the following steps:

Steps:

  1. Add the hostnames and the respective IP addresses to the file used for local name resolution. On Linux and UNIX systems, this is the /etc/hosts file. Consult the documentation of your operating system for details.

  2. Instruct AxoSyslog to resolve hostnames locally. Set the use-dns() option to persist_only.

  3. Set the dns-cache-hosts() option to point to the file storing the hostnames.

        options {
            use-dns(persist_only);
            dns-cache-hosts(/etc/hosts);
        };