An strace dump or something could really help here. As it seems syslog-ng blocked on something (a DNS request maybe?), thus couldn't accept connections on /dev/log.
Ok, yesterday the same thing happend again while one of colleques restarted the nameserver on the same host. This seems to proove your explaination with the block on resolving hostnames on the one hand but brings me I a very nasty situation on the other hand because I cannot igonre that problem any longer. I need name resolution and I need a stable system, of course. So I see three posibility's
1.) As you suggested:
Newer libc's allow using unix-dgram /dev/log, try using that, client programs will never block then.
RedHat patched their libc to send messages via dgram /dev/log. The patch IIRC was transparent, so one could use both unix-dgram and unix-stream as they choose to. Note that if you choose to use unix-dgram, the services will continue to run even if syslog-ng blocks, but logging will be shut down.
Only problem: what is a "newer libc"? Do you talk about glibc?
IIRC the one included in RedHat 6.1 was patched, so 6.2 should be ok. I don't know whether this patch was accepted upstream though.
2.) Running two syslog-ng processes, on with name resolution on (receiving all that network-data) and one with name resolution off (reading /dev/log) which should solve my problem, too.
that should work.
3.) Firewall port syslog at host level and putting all hosts allowed to get through in the hosts file. Will syslog-ng use the hosts file (by using the standart resolver library) or will it bypass it and only do ns lookups?
syslog-ng uses gethostbyaddr(), so a private nsswitch.conf file should be ok.
I'd really like to hear your opinion about these possibilities. Of course I'd prefer 1.) since I like things wich work by design an not because of some "dirty tricks".
I don't like 1), because it may lead to lost messages without notice. I like #2 or #3, but I don't know how to use a private nsswitch.conf file, however I know that this is possible, since sendmail uses one. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt