[syslog-ng] strange thing

Balazs Scheidler bazsi@balabit.hu
Sun, 30 Apr 2000 18:57:14 +0200


> > An strace dump or something could really help here. As it seems syslog-ng
> > blocked on something (a DNS request maybe?), thus couldn't accept
> > connections on /dev/log.
> 
> Ok, yesterday the same thing happend again while one of colleques restarted the
> nameserver on the same host. This seems to proove your explaination with the
> block on resolving hostnames on the one hand but brings me I a very nasty
> situation on the other hand because I cannot igonre that problem any longer. I
> need name resolution and I need a stable system, of course. So I see three
> posibility's
> 
> 1.) As you suggested:
> > Newer libc's allow using unix-dgram /dev/log, try using that, client
> > programs will never block then.

RedHat patched their libc to send messages via dgram /dev/log. The patch
IIRC was transparent, so one could use both unix-dgram and unix-stream as
they choose to. Note that if you choose to use unix-dgram, the services will
continue to run even if syslog-ng blocks, but logging will be shut down.

> Only problem: what is a "newer libc"? Do you talk about glibc?

IIRC the one included in RedHat 6.1 was patched, so 6.2 should be ok. I
don't know whether this patch was accepted upstream though.

> 
> 2.) Running two syslog-ng processes, on with name resolution on (receiving all
> that network-data) and one with name resolution off (reading /dev/log) which
> should solve my problem, too.

that should work.

> 
> 3.) Firewall port syslog at host level and putting all hosts allowed to get
> through in the hosts file. Will syslog-ng use the hosts file (by using the
> standart resolver library) or will it bypass it and only do ns lookups?

syslog-ng uses gethostbyaddr(), so a private nsswitch.conf file should be
ok.

> I'd really like to hear your opinion about these possibilities. Of course I'd
> prefer 1.) since I like things wich work by design an not because of some
> "dirty tricks".

I don't like 1), because it may lead to lost messages without notice. I like
#2 or #3, but I don't know how to use a private nsswitch.conf file, however
I know that this is possible, since sendmail uses one.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt