In general, I'd advise against such approach. In this particular case it
could work but in general, if you're at the end of a long chain of
forwards, you might have completely different infrastructure (together
with IP addressing schemes and DNS setup) on the receiving end than on
the sending end so resolving the hostnames on the target could prove to
be misleading. I'd rather go for attaching the metadata to the message
(I dunno, maybe wrapping the original message in json along with the
original %FROMHOST%) and sending it to be parsed on the receiving end.
Does this make sense to you?
Mariusz Kruk
Ekspert ds. Bezpieczeństwa IT
COMP S.A.
Pion Cyberbezpieczeństwa i Zarządzania Ryzykiem
e-mail: [email protected]
e-mail: [email protected]
tel: +48 608 623 299
On 20.08.2020 17:17, Jacob Steinberger via rsyslog wrote:
Old question I thought was addressed a decade ago, but I can't find
the solution in the documentation anywhere.
If we're the last leg of a long chain of forwards, can rsyslog perform
DNS resolution on the %HOSTNAME%? %FROMHOST% is no-go, since this is a
chain, the originator is far removed from the %FROMHOST% property data.
Thanks in advance for any insight,
Jacob
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
