Use this documentation with care! It describes the heavily outdated version 5, which was actively developed around 2010 and is considered dead by the rsyslog team for many years now.

This documentation reflects the latest update of the previously existing (now removed) v5-stable branch. It describes the 5.10.2 version, which was never released. As such, it contains some content that does not apply to any released version.

To obtain the doc that properly matches your installed v5 version, obtain the doc set from your distro. Each version of rsyslog contained the version that exactly matches it.

As general advise, it is strongly suggested to upgrade to the current version supported by the rsyslog project. The current version can always be found on the right-hand side info box on the rsyslog web site.

Note that there is no rsyslog community support available for this heavily outdated version. If you need to stick with it, please ask your distribution for support.

back

$DropMsgsWithMaliciousDnsPTRRecords

Type: global configuration directive

Default: off

Description:

Rsyslog contains code to detect malicious DNS PTR records (reverse name resolution). An attacker might use specially-crafted DNS entries to make you think that a message might have originated on another IP address. Rsyslog can detect those cases. It will log an error message in any case. If this option here is set to “on”, the malicious message will be completely dropped from your logs. If the option is set to “off”, the message will be logged, but the original IP will be used instead of the DNS name.

Sample:

$DropMsgsWithMaliciousDnsPTRRecords on

[rsyslog.conf overview] [manual index] [rsyslog site]

This documentation is part of the rsyslog project. Copyright © 2007 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 2 or higher.

Previous topic

$AllowedSender

Next topic

$ControlCharacterEscapePrefix

This Page