Most servers are configured to log the remote hostname (as you are seeing) when reverse-DNS lookups are enabled and active. If reverse-DNS is not available, then the server will return the IP address when the remote hostname is queried. Therefore, on most servers, whether you see a hostname or an IP address in each log entry is determined by whether reverse-DNS lookups are enabled and have been invoked.

Examples of things that will invoke a reverse-DNS lookup are:

Using mod_access to enforce access restrictions based on hostname, e.g.

Deny from example.co.au

Using mod_access to enforce access restrictions based on double reverse-DNS (same as above but with HostnameLookups Double [httpd.apache.org] configured.

Using mod_rewrite to take action based upon hostname, e.g.

RewriteCond %{REMOTE_HOST} example\.co\.au
RewriteRule .* - [F]

So, if this behaviour started recently, it's possibly due to a change made to your configuration files (e.g. httpd.conf or .htaccess) that are now invoking reverse-DNS lookups. If you have made no such change, then contact your host to ask about this, because it is almost certain that *they* have made such a change.

If you have access to httpd.conf, then you can decalare a custom log-format string to force logging of the IP address irrespective of whether rDNS lookups are being done.

Jim

Thanks very much for the comprehensive response.