[Bug 19] New: syslog-ng 2.0. x can not follow a change of IP at target syslog server
https://bugzilla.balabit.com/show_bug.cgi?id=19 Summary: syslog-ng 2.0.x can not follow a change of IP at target syslog server Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: erempel@uvic.ca Type of the Report: enhancement Estimated Hours: 0.0 If the IP address of the destination for syslogging is changed, then all sending syslog-ng servers must be reloaded to figure out that the address has changed, even if the IP name has not changed. We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address. The "reopen" logic should be changed to resolve the IP address of the hostname provided in the configuration file. Hopefully the reopen process should be relatively rare, and no significant load will be placed on the DNS servers during normal operation. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
I don't realy see how this is a syslog-ng issue Quite simply the only way to fix this is to have syslog-ng resolve the host name to an ip address for every message. This is an impractical method to handle a rare occurence. This kind of change woul add a lot fo needless overhaed to every message. Frankly if i change the ip address of my syslog server i expect that I will have to restart syslog on all of my hosts that relay to it. On Sat, 23 Feb 2008 1:11 am, bugzilla@bugzilla.balabit.com wrote:
https://bugzilla.balabit.com/show_bug.cgi?id=19
Summary: syslog-ng 2.0.x can not follow a change of IP at target syslog server Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: erempel@uvic.ca Type of the Report: enhancement Estimated Hours: 0.0
If the IP address of the destination for syslogging is changed, then all sending syslog-ng servers must be reloaded to figure out that the address has changed, even if the IP name has not changed.
We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address.
The "reopen" logic should be changed to resolve the IP address of the hostname provided in the configuration file. Hopefully the reopen process should be relatively rare, and no significant load will be placed on the DNS servers during normal operation.
-- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
The average person does a lot of work in the name of laziness! Save youre self the effort by doing it right the first time. Do it with free speech software.
This does NOT need to be done for every message, only when a TCP connection is opened. Under normal operation, the TCP connection stays open and messages flow without any hostname resolution. When the connection is dropped, the hostname is resolved again and a new connection attempt is made. If you leave the hostname resolution to the open socket call, rather than resolving the hostname within syslog-ng, this would automatically happen as the AS system call to open the socket would resolve the name again. Evan. Paul Robert Marino wrote:
I don't realy see how this is a syslog-ng issue Quite simply the only way to fix this is to have syslog-ng resolve the host name to an ip address for every message. This is an impractical method to handle a rare occurence. This kind of change woul add a lot fo needless overhaed to every message. Frankly if i change the ip address of my syslog server i expect that I will have to restart syslog on all of my hosts that relay to it. On Sat, 23 Feb 2008 1:11 am, bugzilla@bugzilla.balabit.com wrote:
https://bugzilla.balabit.com/show_bug.cgi?id=19
Summary: syslog-ng 2.0.x can not follow a change of IP at target syslog server Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: erempel@uvic.ca Type of the Report: enhancement Estimated Hours: 0.0
If the IP address of the destination for syslogging is changed, then all sending syslog-ng servers must be reloaded to figure out that the address has changed, even if the IP name has not changed.
We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address.
The "reopen" logic should be changed to resolve the IP address of the hostname provided in the configuration file. Hopefully the reopen process should be relatively rare, and no significant load will be placed on the DNS servers during normal operation.
-- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
___________________________________________ The average person does a lot of work in the name of laziness! Save youre self the effort by doing it right the first time. Do it with free speech software. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address.
Standard procedure here is to setup the old machine to forward to the new machine (netfilter rules, etc). Then you can go around restarting your other servers at your leisure. Works the same for any service - smtp, web, etc, etc Ed
On Sun, 24 Feb 2008, Ed Wildgoose wrote:
Date: Sun, 24 Feb 2008 00:04:27 +0000 From: Ed Wildgoose <lists@wildgooses.com> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] [Bug 19] New: syslog-ng 2.0. x can not follow a change of IP at target syslog server
We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address.
Standard procedure here is to setup the old machine to forward to the new machine (netfilter rules, etc). Then you can go around restarting your other servers at your leisure.
Works the same for any service - smtp, web, etc, etc
That's great but what if you have 4,000 or more machines? If the product can handle this move easily, then I would classify it amoung the few "enterprize" applications that exist. Products that we use that handle this gracefully are - our enterprise backup solution - Corporate database applications - Identity management - Web clustering I would like to have log collecting in the enterprise class. Evan.
On Sun, 2008-02-24 at 00:04 +0000, Ed Wildgoose wrote:
We recently moved one of our centralized syslog servers to a different building, resulting in a different network address. We took great pains (it was actually easy, but required planning) to maintain the IP name of the syslog server, but all of the sending hosts required a syslog-ng reload to resolve the IP name in the configuration file to the new IP address.
Standard procedure here is to setup the old machine to forward to the new machine (netfilter rules, etc). Then you can go around restarting your other servers at your leisure.
Works the same for any service - smtp, web, etc, etc
This sounds useful, so I'm going to implement it. -- Bazsi
https://bugzilla.balabit.com/show_bug.cgi?id=19 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|2.0.x |2.1.x Status|NEW |RESOLVED Resolution| |FIXED Target Milestone|--- |2.1.1 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2008-04-12 20:19:12 --- I've fixed this issue in syslog-ng OSE 2.1 branch: Author: Balazs Scheidler <bazsi@balabit.hu> 2008-04-12 19:27:51 Committer: Balazs Scheidler <bazsi@balabit.hu> 2008-04-12 19:27:51 Parent: 476a72e1d927d3404e22866bd9310c6013938d1b (made LinkSys timestamp parsing stricter) Branch: master Follows: v2.1alpha1 Precedes: do not fail startup if connection to the server fails Do not fail startup if connection to the TCP server fails for any reason, like DNS resolution errors or any other TCP problem. Also, DNS names are automatically re-resolved for further connection attempts. Fixes public bugzilla #19. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (5)
-
Balazs Scheidler
-
bugzilla@bugzilla.balabit.com
-
Ed Wildgoose
-
Evan Rempel
-
Paul Robert Marino