reverse DNS not working on hostname property

General discussions here

Moderator: rgerhards

Google Ads


reverse DNS not working on hostname property

Postby zekicker » Wed Jun 07, 2017 12:30 pm

Hi,

I'm collecting logs from a freebsd server via a rsyslog relay. The logs don't contain hostname but the IP address.
On my collector, hostname property contains IP address from the bsd server and not its real hostname but the collector can resolve (dig -x and host command work) the origin server. The IP address + hostname are in the /etc/hosts

Any idea ?

Thanks.
zekicker
New
 
Posts: 2
Joined: Wed Jun 07, 2017 12:26 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: reverse DNS not working on hostname property

Postby dlang » Wed Jun 07, 2017 9:49 pm

per the syslog spec, HOSTNAME is whatever the sender puts in that field, no DNS lookups involved.

On the first system that receives the message, you can look at fromhost-ip and fromhost to get the sending IP and the result of a name lookup on that IP address.
dlang
Frequent Poster
 
Posts: 1001
Joined: Mon Sep 15, 2008 7:44 am

Re: reverse DNS not working on hostname property

Postby zekicker » Thu Jun 08, 2017 3:51 pm

Hi,

On the relay, $fromhost-ip and $fromhost contain the IP address of the source. No reverse DNS is involved despite the /etc/hosts.
zekicker
New
 
Posts: 2
Joined: Wed Jun 07, 2017 12:26 pm

Google Ads



Return to General

Who is online

Users browsing this forum: No registered users and 2 guests

cron