Syslog-ng how to get domain names instead of IP address

syslog domain-name syslog-ng hostname

6,533

If you have these options set (as you should), then it means that there is no reverse dns lookup available for the incoming IP. In this case, you will need to manually add the hosts to your /etc/hosts file and ensure that your nsswitch.conf file is set to use:

hosts:          files dns

6,533

Jien Wai

Updated on September 18, 2022

Comments

Jien Wai over 1 year
How can syslog-ng get the domain names instead of IP address that I received? I'm able to get those information but in IP address, I would like to get the DST/HOST to domain names instead of getting IP address.

http://imageshack.com/a/img33/685/4aui.png

Also I did enable use_dns, use_fqdn and keep_hostname but I'm still unable to get the domain name.
```
options {
    use_dns (yes);
    use_fqdn (yes);
    keep_hostname (yes);
};
```
- SpacemanSpiff over 10 years
  
  Do reverse DNS records exist for the IP addresses you are receiving syslog data from?
- Jien Wai over 10 years
  
  @SpacemanSpiff I'm receiving syslog data from DD-WRT router.
- voretaq7 over 10 years
  
  @JienWai Syslog-NG can't (or at least shouldn't) molest the input data - It should log exactly what your device sends it. If you want IP addresses write a script to post-process the log. The options you're setting are only for syslog-ng's internal functionality (when it records who it got the data from)...
- Naveed Abbas over 8 years
  
  Related serverfault.com/questions/26430/…
Clayton Dukes over 10 years

You would add the following to your /etc/hosts file: 123.456.789.123 myhost.domain.com
Jien Wai over 10 years

Except insert the IP instead of domain name manually, is there anyway that can covert IP to domain name automatically? There is a huge IP with different domain, I can expect I know each of them.
Clayton Dukes over 10 years

@JienWai, yes, that is what DNS is for :)