Back to your Adiscon Loganalyzer instanceNo reverse DNS resolution, why?
Moderator: rgerhards
4 posts
• Page 1 of 1
Google Ads
No reverse DNS resolution, why?
by purplep » Thu Oct 22, 2009 8:07 pm
I have looked through the docs, and searched this forum and have not found an answer. So, here goes:
My rsyslog 4.5.4 logs as expected, with one exception: hostnames do not appear in the logfiles, only IP addresses. Further, I have the logs going into different directories based on hostname with $template HostFile,"/jupiter1/logs/%fromhost%/%$MONTH%-%$YEAR%.log" and
the "logs" directory contains IP addresses as well instead of hostnames.
The box can resolve and reverse-resolve names/IP's at the command line.
This is RHEL5.
What configuration option did I miss that would allow me to use hostnames?
My rsyslog 4.5.4 logs as expected, with one exception: hostnames do not appear in the logfiles, only IP addresses. Further, I have the logs going into different directories based on hostname with $template HostFile,"/jupiter1/logs/%fromhost%/%$MONTH%-%$YEAR%.log" and
the "logs" directory contains IP addresses as well instead of hostnames.
The box can resolve and reverse-resolve names/IP's at the command line.
This is RHEL5.
What configuration option did I miss that would allow me to use hostnames?
- purplep
- New
- Posts: 2
- Joined: Thu Oct 22, 2009 8:03 pm
Re: No reverse DNS resolution, why?
by purplep » Thu Oct 22, 2009 8:32 pm
Forgot to mention rsyslogd is called with the -c4 and -i flags in addition to the -f to specify the config file.
My config file contains:
$ModLoad imudp
$ModLoad imtcp
$ModLoad imklog
$ModLoad ommail
$UDPServerAddress 10.41.7.95
$UDPServerRun 514
$UDPServerAddress 10.41.7.95
$InputTCPServerRun 514
$RepeatedMsgReduction on
$PreserveFQDN on
$template HostFile,"/jupiter1/logs/%fromhost%/%$MONTH%-%$YEAR%.log"
$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%\n"
$template precise,"%syslogpriority% %syslogfacility% %timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$template singlehost,"%timereported% %pri-text% %fromhost% %programname% %msg%\n"
*.* -?HostFile;singlehost
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console,HostFile;singlehost
# Log anything (except mail) of level info or higher.
mail.none;authpriv.none;cron.none HostFile;singlehost
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
*.info HostFile;singlehost
local0.* HostFile;singlehost
local1.* HostFile;singlehost
local2.* HostFile;singlehost
local3.* HostFile;singlehost
local4.* HostFile;singlehost
local5.* HostFile;singlehost
local6.* HostFile;singlehost
local7.* HostFile;singlehost
My config file contains:
$ModLoad imudp
$ModLoad imtcp
$ModLoad imklog
$ModLoad ommail
$UDPServerAddress 10.41.7.95
$UDPServerRun 514
$UDPServerAddress 10.41.7.95
$InputTCPServerRun 514
$RepeatedMsgReduction on
$PreserveFQDN on
$template HostFile,"/jupiter1/logs/%fromhost%/%$MONTH%-%$YEAR%.log"
$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%\n"
$template precise,"%syslogpriority% %syslogfacility% %timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$template singlehost,"%timereported% %pri-text% %fromhost% %programname% %msg%\n"
*.* -?HostFile;singlehost
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console,HostFile;singlehost
# Log anything (except mail) of level info or higher.
mail.none;authpriv.none;cron.none HostFile;singlehost
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
*.info HostFile;singlehost
local0.* HostFile;singlehost
local1.* HostFile;singlehost
local2.* HostFile;singlehost
local3.* HostFile;singlehost
local4.* HostFile;singlehost
local5.* HostFile;singlehost
local6.* HostFile;singlehost
local7.* HostFile;singlehost
- purplep
- New
- Posts: 2
- Joined: Thu Oct 22, 2009 8:03 pm
Re: No reverse DNS resolution, why?
by incase » Tue Nov 03, 2009 3:50 pm
Just wanted to add that I have the very same problem. On CentOS5 (which is binary-compatible with RHEL5). rsyslog version 4.2.0 (own package, based on the EPEL ones).
Debug log shows this:
But normal (reverse) DNS resolution of that IP works flawlessly with "host 10.6.40.5" as well as with "dig -x 10.6.40.5".
Debug log shows this:
- Code: Select all
9700.542785000:imrelp.c: new connect on RELP socket #5
9700.542796000:imrelp.c: getnameinfo returns 0
9700.542813000:imrelp.c: remote host is '10.6.40.5', ip '10.6.40.5'
9700.542817000:imrelp.c: relp session accepted with state 0
9700.542819000:imrelp.c: relp accept session returns, iRet 0
But normal (reverse) DNS resolution of that IP works flawlessly with "host 10.6.40.5" as well as with "dig -x 10.6.40.5".
- incase
- New
- Posts: 2
- Joined: Tue Nov 03, 2009 3:45 pm
Re: No reverse DNS resolution, why?
by belainex » Tue Nov 10, 2009 8:33 am
How do i use multiple routers on the same network, every time i try my DNS is invalid? Every time i try my DNS is invalid. some help maybe?
- belainex
- New
- Posts: 1
- Joined: Fri Nov 06, 2009 11:39 am
Google Ads
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google Adsense [Bot] and 0 guests
