I have to admit that I skipped that option when I was looking at syslog’s configuration and didn’t even think DNS can affect syslog’s decisions on whether to log a message or not.

thanks again!

There’s an issue that can stop syslog messages appearing: reverse DNS lookups.

Example 1: You specify “+10.0.0.1″. RDNS resolves to “cisco.example.org”. Messages from 10.0.0.1 are not logged.

Example 2: You specify “+cisco.example.org”, which resolves to 10.0.0.1. But the RDNS for 10.0.0.1 is “gw.example.org”. Messages from 10.0.0.1 are not logged.

I guess it’s hard for syslog to get it right. If it resolved all the hostnames in its config at boot time, they would get stale. If it resolved them all each time a message came in, that could get expensive.

If you add the syslogd option: “-n : Disable dns query for every request.” then you can safely use IP addresses in /etc/syslog.conf regardless of any reverse DNS entries that might exist.

Regards,

- Martin