[syslog-ng]dns caching

[Balazs Scheidler]

On Tue, Jul 09, 2002 at 01:28:35PM +0200, Michael Renner wrote:
> At 12:16 09.07.2002 +0200, you wrote:
> 
> >i've been using syslog-ng for a while, and now that i've setup dnscache
> >(from djb) to use syslog instead of his own loggin method (multilog), i've
> >found a funny thing that fulls my log files. (dnscache pc and syslog-ng
> >hosting pc are different machines, i log through network).
> >
> >1- when a dnscache-request is made, dnscache issues a message to syslog-ng.
> >2- syslog-ng writes down to the syslog file the new entry, but it does a 
> >dns
> >lookup (because the log entry is coming from a machine on the network).
> >3- loop forever :)
> >
> >i don't want to use the use_dns(off) option of syslog-ng, because i wan't
> >ips translated. Is there a way that syslog-ng could cache the dns querys, 
> >so
> >id doesn't do one dns lookup for each line?
> 
> This was discussed previously on this list; dns caching shouldn't be the 
> job of syslog-ng and would need much "unnecessary" code in syslog-ng; there 
> are other programs which are more capable of doing this (dnscache from 
> djb). I would suggest that you stick with multilog because dnscache is 
> quite verbose and logging these rather unnecessary messages via syslog-ng 
> would waste lots of cpu cycles (you don't log your apache access-logs via 
> syslog, do you?)

A simple DNS cache is built into syslog-ng. It can be enabled by issuing a
dns_cache(yes) in your global options. 

.. hm it is enabled by default. which version are you using?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1