Apologies in advance for the the newbie question. I did search the archives, the FAQ and look at the source before posting. I am configuring a fedora core 5 system with syslog-ng-2.0rc4 and have not had any success with dns_cache(yes) actually doing anything. I setup tcpdump to watch the DNS traffic and am generating logs toward the box. No matter whether I have dns_cache enabled or not I see dns lookups for each inbound message. When I look at the source code, I find the resolve_hostname() function in misc.c and I don't see any caching code. What I do see is: /* FIXME: add nscache support here */ Am I missing something? How does dns_cache(yes) actually work? I do want to use hostnames in the logging directories, but I do not want each syslog message to trigger a DNS query. Should I just use nscd on the server and not worry about it :-) Thanks again! Jim
Sorry for the repost. What do other folks do with large numbers of machines? Do you not resolve names and log with IP addresses only? Do you run nscd for local caching? Just curious. Jim ----- Original Message ----- From: <jrhendri@maine.rr.com> Date: Tuesday, December 12, 2006 4:32 pm Subject: newbie question on dns_cache in syslog2.x To: syslog-ng@lists.balabit.hu
Apologies in advance for the the newbie question. I did search the archives, the FAQ and look at the source before posting.
I am configuring a fedora core 5 system with syslog-ng-2.0rc4 and have not had any success with dns_cache(yes) actually doing anything.
I setup tcpdump to watch the DNS traffic and am generating logs toward the box. No matter whether I have dns_cache enabled or not I see dns lookups for each inbound message. When I look at the source code, I findthe resolve_hostname() function in misc.c and I don't see any cachingcode. What I do see is:
/* FIXME: add nscache support here */
Am I missing something? How does dns_cache(yes) actually work?
I do want to use hostnames in the logging directories, but I do not wanteach syslog message to trigger a DNS query. Should I just use nscd on the server and not worry about it :-)
Thanks again!
Jim
What do other folks do with large numbers of machines?
Do you not resolve names and log with IP addresses only?
that is correct: use_dns(no); in /etc/syslog-ng/syslog-ng.conf i have: source s_remote { udp(); }; destination df_catch_all { file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes) ); }; log { source(s_remote); destination(df_catch_all); }; out of cron (once an hour) i run: #!/usr/bin/perl use strict; use Socket; my $syslog_input_directory = '/storage/syslog/hosts/'; my $syslog_output_directory = '/storage/syslog/hosts_by_name/'; my @all_hosts = glob "$syslog_input_directory*"; my @all_destination_hosts = glob "$syslog_output_directory*"; for (@all_destination_hosts) { unlink $_; } for (@all_hosts) { # take off the leading part s/^$syslog_input_directory//; my $inet_aton_addr = inet_aton($ip); my $name = gethostbyaddr($inet_aton_addr, AF_INET); if ($name ne '') { symlink("$syslog_input_directory$_", "$syslog_output_directory$name"); } } -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
On Tue, 2006-12-12 at 16:32 -0500, jrhendri@maine.rr.com wrote:
Apologies in advance for the the newbie question. I did search the archives, the FAQ and look at the source before posting.
I am configuring a fedora core 5 system with syslog-ng-2.0rc4 and have not had any success with dns_cache(yes) actually doing anything.
I have implemented dns_cache() in the meanwhile, it is available in the latest snapshots (it was added after 2.0.0 was released) -- Bazsi
participants (3)
-
Balazs Scheidler
-
jrhendri@maine.rr.com
-
Matt Zagrabelny