On Sun, 2004-01-25 at 18:01, julius wrote:
i used the example Debian GNU/Linux config and added these options on the log host(192.168.0.1):
source s_tcp { tcp(ip(0.0.0.0) port(514) max-connections(10)); }; log { source(s_tcp); destination(messages); };
and on the "source host" (192.168.0.3):
destination d_tcp { tcp(192.168.0.1); }; log { source(src); filter(f_messages); destination(d_tcp); };
now i get name queries from my bind thats running on the source host, but syslog queries the bind without stopping, the name server uses nearly 100% from the 133mhz... whats wrong?
syslog-ng reverse lookups the sender of each message. you can lower the DNS load by enabling the internal dns cache: options { dns_cache(yes); }; or by disabling DNS completely: options { use_dns(no); }; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1