diff options
| -rw-r--r-- | doc/rsyslog_conf.html | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 262738a0..2171ec40 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -132,6 +132,15 @@ most</b></code></p> <p>Numbers are always in decimal. Leading zeros should be avoided (in some later version, they may be mis-interpreted as being octal). Multiple directives may be given. They are applied to selector lines based on order of appearance.</p> +<h2>DropMsgsWithMaliciousDnsPTRRecords</h2> +<p>Rsyslog contains code to detect malicious DNS PTR records (reverse name +resolution). An attacker might use specially-crafted DNS entries to make you +think that a message might have originated on another IP address. Rsyslog can +detect those cases. It will log an error message in any case. It this option +here is set to "on", the malicious message will be completely dropped from your +logs. If the option is set to "off", the message will be logged, but the +original IP will be used instead of the DNS name.</p> +<p><code><b>$DropMsgsWithMaliciousDnsPTRRecords on</b></code></p> <h2>Templates</h2> <p>Templates are a key feature of rsyslog. They allow to specify any format a user might want. They are also used for dynamic file name generation. Every output in rsyslog uses templates - this holds true for files, |