To reproduce the problem I tried to generate a massive amount of logs with one client to a server with my live configuration but it didn't work. I guess the problem doesn't lie in the log amount but the hosts. And that's hard to test. After that I did some more live testing. My first test was if this actually happens without dns resolving and it didn't. After that I've disabled threading and it seemed to work. My problem is that I need threading because syslog is now running on 100% :P It was a quick test but after enabling threading again the problem appeared instantly. Now I've disabled it and test it for at least a day. But it seems like threading has one more problem :( -----Ursprüngliche Nachricht----- Von: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] Im Auftrag von Daniel Neubacher Gesendet: Mittwoch, 2. Januar 2013 14:26 An: Syslog-ng users' and developers' mailing list Betreff: Re: [syslog-ng] syslog-ng 3.3.7 DNS resolving Problem Yes but the the servers fqdn is used in my case. What I know is that syslog-ng is ignoring the cache while it happens. In the same second where I can find a wrong log the server sorted another line from the same client into the right folder. One of my first guesses where failed dns requests but my caching time of 10 seconds for negative answers don't match the time of the log messages. Guess I will debug some more if there are others which have this problem too. I thought I'm alone with this :) -----Ursprüngliche Nachricht----- Von: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] Im Auftrag von Gergely Nagy Gesendet: Mittwoch, 2. Januar 2013 14:01 An: Syslog-ng users' and developers' mailing list Betreff: Re: [syslog-ng] syslog-ng 3.3.7 DNS resolving Problem Daniel Neubacher <daniel.neubacher@xing.com> writes:
Many times a day messages are sorted into a folder with the DNS name of my syslog-ng server instead of the real host where the log is coming from. The log line still has the right host in the text and most of the time it is working but I could not find any way to reproduce the problem on demand yet. For debugging I've disabled any logging for the server itself but it still happens.
This is not the first time I hear about this problem, but so far I have not been able to reproduce it locally :( Is it always the server address that gets used instead of the originating host's name? -- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq