Mailing List Archive

Hostname DNS Resolution
Old question I thought was addressed a decade ago, but I can't find the
solution in the documentation anywhere.

If we're the last leg of a long chain of forwards, can rsyslog perform
DNS resolution on the %HOSTNAME%? %FROMHOST% is no-go, since this is a
chain, the originator is far removed from the %FROMHOST% property data.

Thanks in advance for any insight,

Jacob

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Hostname DNS Resolution [ In reply to ]
In general, I'd advise against such approach. In this particular case it
could work but in general, if you're at the end of a long chain of
forwards, you might have completely different infrastructure (together
with IP addressing schemes and DNS setup) on the receiving end than on
the sending end so resolving the hostnames on the target could prove to
be misleading. I'd rather go for attaching the metadata to the message
(I dunno, maybe wrapping the original message in json along with the
original %FROMHOST%) and sending it to be parsed on the receiving end.

Does this make sense to you?

Mariusz Kruk
Ekspert ds. Bezpiecze?stwa IT
COMP S.A.
Pion Cyberbezpiecze?stwa i Zarz?dzania Ryzykiem
e-mail: mariusz.kruk@comp.com.pl
e-mail: mariusz.kruk@safecomp.com
tel: +48 608 623 299

On 20.08.2020 17:17, Jacob Steinberger via rsyslog wrote:
> Old question I thought was addressed a decade ago, but I can't find
> the solution in the documentation anywhere.
>
> If we're the last leg of a long chain of forwards, can rsyslog perform
> DNS resolution on the %HOSTNAME%? %FROMHOST% is no-go, since this is a
> chain, the originator is far removed from the %FROMHOST% property data.
>
> Thanks in advance for any insight,
>
> Jacob
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.