On Mar 21, 2007, at 11:19 AM, Chris Waltham wrote:
Okay, so I've tried this a little more and I'm still having issues.
This is the message that I see in splunk:
Mar 21 11:15:36 172.16.1.172 cwaltham: [ID 702911 user.notice]
pphtestad1
172.16.1.172 is, of course, the source address (in this case, a
Solaris box) of a machine sending its syslog messages to an OS X
10.4.9 box (regular, not Server). And yet:
[root@osx log]# host 172.16.1.172
172.1.16.172.in-addr.arpa domain name pointer
pphtestad1.pressherald.com.
[root@osx log]# host pphtestad1.pressherald.com
pphtestad1.pressherald.com has address 172.16.1.172
See what I mean? It maketh no senseth :-\ This is with and without
an entry in /etc/hosts.
"Whether to do a reverse DNS lookup on the IP address of any
connecting client in order to set the host::parameter of events. The
default is true. If false, the module will set host:: to the IP
address."
...but then says:
"By default, this module will set the value of host:: to be the IP
address of the host that transmitted the event.
If useDNSForHost is set to True, the module will perform a reverse
DNS lookup on the IP address. If the address resolves to a hostname,
it will set that value instead."
I haven't used Splunk (yet - am checking it out) so I don't know
which is correct - but it seems to be a contradiction...
Fred
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
