Feature - Resolve syslog IP against cacti Hosts

functions.php

@@ -1487,7 +1487,7 @@ function syslog_process_alert($alert, $sql, $params, $count, $hostname = '') {
 					/**
 					 * Open a ticket if this options have been selected.
 					 */
-					$command = read_config_option('syslog_ticket_command');
+					 $command = read_config_option('syslog_ticket_command');
 
 					if ($command != '') {
 						$command = trim($command);
@@ -1757,6 +1757,46 @@ function syslog_strip_incoming_domains($uniqueID) {
 	}
 }
 
+
+
+
+/**
+ * Check if the hostname is in the cacti hosts table
+ * Some devices only send IP addresses in syslog messages, and may not be in the DNS
+ * however they may be in the cacti hosts table as monitored devices.
+ * 
+ * @param  (string) The hostname to check
+ * @param  (int) The unique id for syslog_incoming messages to process
+ * 
+ * @return (bool) True if the host exists in the Cacti database, false otherwise
+ */
+
+function syslog_check_cacti_hosts($host, $uniqueID) {
+	global $syslogdb_default;
+
+	if (empty($host)) {
+		return false;
+	}
+
+	// Check if the host exists in cacti by hostname and get the description
+	$cacti_host = db_fetch_row_prepared('SELECT DISTINCT description
+		FROM host
+		WHERE hostname = ?
+		LIMIT 1',
+		array($host));
+
+	if (cacti_sizeof($cacti_host) && !empty($cacti_host['description'])) {
+		syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming`
+			SET host = ?
+			WHERE host = ?
+			AND `status` = ?',
+			array($cacti_host['description'], $host, $uniqueID));
+
+		return true;
+	}
+
+	return false;
+}
 /**
  * syslog_update_reference_tables - There are many values in the syslog plugin
  *   that for the purposes of reducing the size of the syslog table are normalized
@@ -1776,20 +1816,45 @@ function syslog_update_reference_tables($uniqueID) {
 	syslog_debug('-------------------------------------------------------------------------------------');
 	syslog_debug('Updating Reference Tables from New Syslog Records');
 
-	/* correct for invalid hosts */
-	if (read_config_option('syslog_validate_hostname') == 'on') {
-		$hosts = syslog_db_fetch_assoc('SELECT DISTINCT host
-			FROM `' . $syslogdb_default . '`.`syslog_incoming`');
-
-		foreach($hosts as $host) {
-			if ($host['host'] == gethostbyname($host['host'])) {
-				syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_incoming`
-					SET host = 'invalid_host'
-					WHERE host = ?",
-					array($host['host']));
-			}
-		}
-	}
+	/* Validate and resolve hostnames - check DNS first, then Cacti, then mark invalid */
+    if (read_config_option('syslog_resolve_hostname') == 'on') {
+        $hosts = syslog_db_fetch_assoc_prepared('SELECT DISTINCT host
+            FROM `' . $syslogdb_default . '`.`syslog_incoming`
+            WHERE `status` = ?',
+            array($uniqueID));
+
+        foreach($hosts as $host) {
+            if (!isset($host['host']) || empty($host['host'])) {
+                continue;
+            }
+
+            $resolved = false;
+
+            // Check if hostname resolves via DNS (only if DNS is enabled)
+            if (read_config_option('syslog_no_dns') != 'on') {
+                if ($host['host'] != gethostbyname($host['host'])) {
+                    // DNS resolved successfully
+                    $resolved = true;
+                }
+            }
+
+            // Check if hostname exists in Cacti hosts table (only if not already resolved via DNS)
+            if (!$resolved) {
+                $resolved = syslog_check_cacti_hosts($host['host'], $uniqueID);
+            }
+
+            // If not resolved via DNS or found in Cacti, prefix the hostname
+            if (!$resolved) {
+                $unresolved_host = 'unresolved-' . $host['host'];
+                cacti_log("SYSLOG WARNING: Hostname '" . $host['host'] . "' could not be resolved via DNS or found in Cacti hosts table, marking as '" . $unresolved_host . "'", false, 'SYSLOG');
+                syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_incoming`
+                    SET host = ?
+                    WHERE host = ?
+                    AND `status` = ?",
+                    array($unresolved_host, $host['host'], $uniqueID));
+            }
+        }
+    }
 
 	syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_programs`
 		(program, last_updated)

setup.php

@@ -1138,12 +1138,6 @@ function syslog_config_settings() {
 			'size' => 80,
 			'max_length' => 255,
 		),
-		'syslog_validate_hostname' => array(
-			'friendly_name' => __('Validate Hostnames', 'syslog'),
-			'description' => __('If this checkbox is set, all hostnames are validated.  If the hostname is not valid. All records are assigned to a special host called \'invalidhost\'.  This setting can impact syslog processing time on large systems.  Therefore, use of this setting should only be used when other means are not in place to prevent this from happening.', 'syslog'),
-			'method' => 'checkbox',
-			'default' => ''
-		),
 		'syslog_refresh' => array(
 			'friendly_name' => __('Refresh Interval', 'syslog'),
 			'description' => __('This is the time in seconds before the page refreshes.', 'syslog'),
@@ -1173,6 +1167,23 @@ function syslog_config_settings() {
 			'size' => 80
 		),
 		'syslog_html_header' => array(
+			'friendly_name' => __('Host Discovery Options', 'syslog'),
+			'method' => 'spacer',
+			'collapsible' => 'true'
+		),
+		'syslog_resolve_hostname' => array(
+			'friendly_name' => __('Enable Hostname Resolution', 'syslog'),
+			'description' => __('If this checkbox is set, all hostnames are resolved via DNS lookup first (If enabled). If the DNS lookup fails, the system will attempt to resolve the hostname against the Cacti host table and replace it with the Cacti host description. If both DNS and Cacti lookups fail, records are assigned a prefix \'unresolved-Original_hostname\'.', 'syslog'),
+			'method' => 'checkbox',
+			'default' => ''
+		),
+		'syslog_no_dns' => array(
+			'friendly_name' => __('Skip DNS Resolution for incoming hosts', 'syslog'),
+			'description' => __('If this checkbox is set, the system will not attempt to resolve hosts via DNS lookups.  This is useful for environments where DNS resolution is not possible or not desired.', 'syslog'),
+			'method' => 'checkbox',
+			'default' => ''
+		),
+		'syslog_html_notification_header' => array(
 			'friendly_name' => __('HTML Notification Settings', 'syslog'),
 			'method' => 'spacer',
 			'collapsible' => 'true'