CAP_CACHE
(Integrated Name-Cache for Syslogd2)
The Syslogd2 integrated cache is one of several features that mark Syslogd2 as a
network-management data collector as opposed to 'just' a multi-threaded host logging tool.
Not only do host-logging tools generally have little-to-no need of integrated name-cache capabilities (since they are not
generally expected to receive traffic that was not generated on the local host), but they generally have little to no need
for the high throughput that comes with networked syslog hosts that Syslogd2 was exressly designed to handle.
The more you consider the traditional role of 'syslog collector', the more you start to realize that the term was never
meant to apply to networks. If it had been, syslog service daemons would look a LOT different than they do today -- they would look a lot more like Syslogd2.
Syslogd2 supports two variables that can be specified in the cache file. These are '$me' and '$dhcp'.
These variables are intended to work in conjunction with input spcifications that use '$h' and '$d' (for 'hostname' and 'domainname' respectively).
By using the '$h' and '$d' names in input specifications, network-deploying admins can create standardized configuration files that still have some amount of autonomy when deployed to either staic- or dhcp- addressed hosts.
The cache-file '$me' replaces the canonical name (it cannot be used as an alias) in a cache file and allows either static or '$dhcp' to be used with a hostname that is initialized from the individual host that Syslogd2 is running on.
Furthermore, should admins choose to use the 'hostname' option of Syslogd2's input specifications, the '$h' and '$d' options can be used in conjuction with application names or information to 'create' pseudo-hosts for logging purposes with names such as 'mariadb.$h.$d', where '$h' is the local hostname and '$d;' is the local hostname's domainanme.
The cache-variables extend this ability into the name-cache and hostname resolution domains.
The '$me' variable will be replaced by the FQDN (Fully Qualified Domain Name) formed from the two gglobal variables 'hostname' and 'domainname' which are initailized on startup to the same local hhostname and domain returned by the 'hostname' command.
The '$dhcp'' variable causes Syslogd2 to assign all local addresses found during a port-scan that were not found in the /etc/hosts file to which ever host-line the '$dhcp' variable was found on.
By creatingg a line such as $me $dhcp, the administrator effectively binds all dynamically-assigned IP addresses to thhe local host's name for log reporting or Syslogd2 configuration purposes.
The cacue-file follows just a few simple rules.
It does not support soft-comments because it has no need to.
# To merge multiple hostnames into one, start wth the 'official' name of the combined host,
# then add the 'official-names of sub-hosts as aliases.
# Do this before defining the sub-hosts. (Reminder: Cavhe-file is read before /etc/hosts).
dummyhost.example.com 10.1.8.2 fec0:2::babe:be:2:bad 171.15.84.32 dummyhost_alias
# The following line will transform all traffic received from 'localhost' interfaces to appear as if it came from the named-host ($me)
# This format (with $me and 'localhost' on the same line) is not compatible with the two lines below that combine two 'localhost' entries from /etc/hosts.
# Those lines create a single 'localhost' entry from two separate hosts. This line causes 'localhost' to appear as if the traffic originated on an external interface.
# $me $dhcp localhost.localdomain ip6-localhost.localdomain ed.localdomain
# The first line below allows the use of 'localhost' as an input host-name to fill in both IPv4 and IPv6 loopback addresses or to specify either address-family for output.
# The 2nd line allows locally-configured addresses (dynamically assigned to this hostname) to be individually specified as inputs using the $h.$d variables.
localhost.localdomain ip6-localhost.localdomain ed.localdomain
$me $dhcp
# The next lines are more conventional 'static' entries.
# Note that the canonical name is 'cachehost...'. This is a 'new' name (not found in DNS or /etc/hosts) that will be reported as the 'official name' of these hosts.
# These entries would be similar to a router or host where the desired log-name is not in DNS or is misspelled in /etc/hosts or by other input sources.
cachehost51.localdomain 192.168.2.51 fec0:2::91 host51 host51.localdomain host61 host71
cachehost52.localdomain 192.168.2.52 fec0:2::92 host52 host52
# The next block of lines define a relationship between hostnames, and (if DNS is enabled) will cause Syslogd2 to query DNS for the addresses at startup.
# If DNS is not enabled, and the addresses are in /etc/hosts, these hosts will be considered as 'unresolved' due to lack of addresses.
cachehost51.localdomain host51.localdomain host6.localdomain host71.localdomain
cachehost52.localdomain host52.localdomain
cachehost53.localdomain host53.localdomain host63.localdomain host73.localdomain