Hi,
Why does syslog-ng do a PTR lookup for EVERY message?
Just as you describe below, I think caching DNS results belongs to libc. syslog-ng rewrites hostnames by default, and for this it needs a DNS lookup. You have several options: 1) disable hostname rewriting by using the keep_hostname(yes) option 2) disable dns usage by use_dns(no) 3) do not accept remote messages :) Installing nscd and a caching bind seems to be a good solution.
If I were to set use_dns to `no' this would probably make the problem go away. Is there any reason not to do this? Would I then get IPs for $HOST instead of names?
yes
Incidentally, the assert fix definitely got rid of the crashing, and the string free definitely fixed some memory leakage. But I have only been running it for one day and it's up to 6 meg VSZ so far (would have been 30 by now before the fix) ...hopefully this is just some data structures which will plateau out once it's been running for some time (xinetd does this in a big way ;)
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt