On Mon, 22 Sep 2008 11:28:02 +0200 (MEST) Rikard Stemland Skjelsvik rskjels@pogostick.net wrote:
I have discovered that by putting the ip-address in the /etc/host file Syslog Analyzer will eventually use the hostname. Which it would not do before, even though i could do a reverse lookup on the ip address on the server.
As far as I can tell, logengine and the syslog analyzer does not perform any DNS lookups whatsoever. It uses the raw origin string from the syslog file.
As I said, whether your syslog daemon cares to do a reverse DNS lookup on the source IP addresses of the received log messages depends on your syslog configuration. You can easily inspect the log file to see whether syslogd fills it with IP addresses or DNS names.
It might be that your syslog daemon is configured to not take the time to perform reverse DNS lookups (this is probably the default because of latency issues with DNS lookups), but it could be that it willingly looks at the local /etc/hosts file, which has no network latency :)