summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2007-07-16 13:41:24 +0000
committerRainer Gerhards <rgerhards@adiscon.com>2007-07-16 13:41:24 +0000
commit111ed295ead15226f0601a37c930ad52992056a5 (patch)
tree1304148b46d0de46ad190b4f5e0733656ee294d2
parentd16264098402ef33e1e5441eb6884e7359ee8add (diff)
downloadrsyslog-111ed295ead15226f0601a37c930ad52992056a5.tar.gz
rsyslog-111ed295ead15226f0601a37c930ad52992056a5.tar.xz
rsyslog-111ed295ead15226f0601a37c930ad52992056a5.zip
added $DropMsgsWithMaliciousDnsPTRRecords option
-rw-r--r--doc/rsyslog_conf.html9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html
index 262738a0..2171ec40 100644
--- a/doc/rsyslog_conf.html
+++ b/doc/rsyslog_conf.html
@@ -132,6 +132,15 @@ most</b></code></p>
<p>Numbers are always in decimal. Leading zeros should be avoided (in some later
version, they may be mis-interpreted as being octal). Multiple directives may be
given. They are applied to selector lines based on order of appearance.</p>
+<h2>DropMsgsWithMaliciousDnsPTRRecords</h2>
+<p>Rsyslog contains code to detect malicious DNS PTR records (reverse name
+resolution). An attacker might use specially-crafted DNS entries to make you
+think that a message might have originated on another IP address. Rsyslog can
+detect those cases. It will log an error message in any case. It this option
+here is set to &quot;on&quot;, the malicious message will be completely dropped from your
+logs. If the option is set to &quot;off&quot;, the message will be logged, but the
+original IP will be used instead of the DNS name.</p>
+<p><code><b>$DropMsgsWithMaliciousDnsPTRRecords on</b></code></p>
<h2>Templates</h2>
<p>Templates are a key feature of rsyslog. They allow to specify any format a user
might want. They are also used for dynamic file name generation. Every output in rsyslog uses templates - this holds true for files,