After installing a clean Nav on Debian with the Debian packages, i have discoverd that the table with origins only display ip-adresses and not the hostname. This is purly cosmetic, but NAV both IP Info Center and IP Device Info (beta) recoqnizes both the ip-adress and the hostname. I even tried to add an entry in the /etc/hostfile and that did not help.
-- Rikard
On Sat, 20 Sep 2008 16:39:29 +0200 (MEST) Rikard Stemland Skjelsvik rskjels@pogostick.net wrote:
After installing a clean Nav on Debian with the Debian packages, i have discoverd that the table with origins only display ip-adresses and not the hostname. This is purly cosmetic, but NAV both IP Info Center and IP Device Info (beta) recoqnizes both the ip-adress and the hostname. I even tried to add an entry in the /etc/hostfile and that did not help.
The syslog analyzer will only use the id provided in the syslog file, it will not do any DNS related lookups. If your syslog only provides IP addresses, then that is what will be inserted into NAV.
The syslog daemon can usually be configured to do reverse DNS lookups and add DNS names instead of IP addresses to the log output.
That being said, we have discussed DNS lookups in NAV's logengine, and also proper references to IP Devices registered in NAV if the logged IP addresses match. Can't say much yet about how we would prioritize such a feature, but you're welcome to add a blueprint to Launchpad :)
I have discovered that by putting the ip-address in the /etc/host file Syslog Analyzer will eventually use the hostname. Which it would not do before, even though i could do a reverse lookup on the ip address on the server.
-- Rikard
On Mon, 22 Sep 2008, Morten Brekkevold wrote:
On Sat, 20 Sep 2008 16:39:29 +0200 (MEST) Rikard Stemland Skjelsvik rskjels@pogostick.net wrote:
After installing a clean Nav on Debian with the Debian packages, i have discoverd that the table with origins only display ip-adresses and not the hostname. This is purly cosmetic, but NAV both IP Info Center and IP Device Info (beta) recoqnizes both the ip-adress and the hostname. I even tried to add an entry in the /etc/hostfile and that did not help.
The syslog analyzer will only use the id provided in the syslog file, it will not do any DNS related lookups. If your syslog only provides IP addresses, then that is what will be inserted into NAV.
The syslog daemon can usually be configured to do reverse DNS lookups and add DNS names instead of IP addresses to the log output.
That being said, we have discussed DNS lookups in NAV's logengine, and also proper references to IP Devices registered in NAV if the logged IP addresses match. Can't say much yet about how we would prioritize such a feature, but you're welcome to add a blueprint to Launchpad :)
-- mvh Morten Brekkevold UNINETT
On Mon, 22 Sep 2008 11:28:02 +0200 (MEST) Rikard Stemland Skjelsvik rskjels@pogostick.net wrote:
I have discovered that by putting the ip-address in the /etc/host file Syslog Analyzer will eventually use the hostname. Which it would not do before, even though i could do a reverse lookup on the ip address on the server.
As far as I can tell, logengine and the syslog analyzer does not perform any DNS lookups whatsoever. It uses the raw origin string from the syslog file.
As I said, whether your syslog daemon cares to do a reverse DNS lookup on the source IP addresses of the received log messages depends on your syslog configuration. You can easily inspect the log file to see whether syslogd fills it with IP addresses or DNS names.
It might be that your syslog daemon is configured to not take the time to perform reverse DNS lookups (this is probably the default because of latency issues with DNS lookups), but it could be that it willingly looks at the local /etc/hosts file, which has no network latency :)
-
Morten Brekkevold -
Rikard Stemland Skjelsvik