blob: 81562ef193f8d117b48701c77f359bf71a2049ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
$DropMsgsWithMaliciousDnsPTRRecords
-----------------------------------
**Type:** global configuration parameter
**Default:** off
**Description:**
Rsyslog contains code to detect malicious DNS PTR records (reverse name
resolution). An attacker might use specially-crafted DNS entries to make
you think that a message might have originated on another IP address.
Rsyslog can detect those cases. It will log an error message in any
case. If this option here is set to "on", the malicious message will be
completely dropped from your logs. If the option is set to "off", the
message will be logged, but the original IP will be used instead of the
DNS name.
**Sample:**
``$DropMsgsWithMaliciousDnsPTRRecords on``
|
