[syslog-ng] strange thing

Stefan Seufert seuf@ccsw.de
Sun, 30 Apr 2000 18:28:08 +0200


[...]
> > them about a dialup connection, so I modified the log statement to "log
> > (source(net); destination(home); destination(all); };" where all was
> > "destination all { file("/var/log/allmessages"); };". From that moment on
> > (i.e. after the HUP) the whole system went to sleep. Every process
> > trying to use syslog blocked. Within a few seconds I had some
> > hundred pop3d and sendmail tasks running, my own ssh was blocked
> > since I tried to issued a logger command. I was not able
> > to telnet or ssh to this host since both
> > daemon tried to log when I connected. Luckily enough someone else at my
> > company still had an open telnet. I called him and advised him to
> > remove the malicious lines from the config and send syslog-ng
> > a SIGHUP. No Effect. Only a SIGKILL was able to help
> > us out of this strange situation. Within seconds
> > all the daemons went back to work again.
> >
[...]
>
> An strace dump or something could really help here. As it seems syslog-ng
> blocked on something (a DNS request maybe?), thus couldn't accept
> connections on /dev/log.

Ok, yesterday the same thing happend again while one of colleques restarted the
nameserver on the same host. This seems to proove your explaination with the
block on resolving hostnames on the one hand but brings me I a very nasty
situation on the other hand because I cannot igonre that problem any longer. I
need name resolution and I need a stable system, of course. So I see three
posibility's

1.) As you suggested:
> Newer libc's allow using unix-dgram /dev/log, try using that, client
> programs will never block then.

Only problem: what is a "newer libc"? Do you talk about glibc?

2.) Running two syslog-ng processes, on with name resolution on (receiving all
that network-data) and one with name resolution off (reading /dev/log) which
should solve my problem, too.

3.) Firewall port syslog at host level and putting all hosts allowed to get
through in the hosts file. Will syslog-ng use the hosts file (by using the
standart resolver library) or will it bypass it and only do ns lookups?

I'd really like to hear your opinion about these possibilities. Of course I'd
prefer 1.) since I like things wich work by design an not because of some
"dirty tricks".

thank you in advance

Stefan