[syslog-ng]remote logging and logfile naming

Chad C. Walstrom chewie@wookimus.net
Tue, 5 Mar 2002 12:46:09 -0600


--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 05, 2002 at 09:10:48AM -0800, Brian Thomas wrote:
> I'm inclined to agree with the lurker. :)

Thanks. ;-)  It's nice to feel supported.

> Isn't this what nscd is designed to do anyway? Wouldn't it make more
> sense to recommend the use of nscd-or-equivalent if using hostname
> lookups?

Yes.  nscd is a GNU Lib C specific daemon that works in conjunction with
the Name Service Switch to cache passwd, group, and host lookups.  These
C library function calls (getpwent(3), getgrent(3), and
gethostbyname(3)) are configured via the /etc/nsswitch.conf file to
query different sources for the requested information.  nscd caches
these queries.

As with any caching scheme, there are inherent security risks to
consider.  nscd does not run as a network daemon, so you do not need to
worry about open network sockets.   Unsynchronized passwords could be a
problem, but if you shut off or reduce the TTL for passwd caching, you
minimize that potential problem.  In the case of NIS workstations, we
turn down the TTL to 1 minute.  passwd file lookups for uid then doesn't
have to hit the NIS server for each call, but passwords are sync'd
relatively quickly.  In the case of servers, we shut it off completely.
One can always force the dumping of cache tables at any time through the
nscd commandline interface.

We do use the host name caching and default it to about 6 minutes, but
we're also doing some network rearranging.  I think it'd be reasonable
to cache a host name for fifteen minutes to an hour.

It's quite interesting to see the statistics on the number of hits to
each table in cache.  'nscd -g'

--=20
Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Get my public key, ICQ#, etc. $(mailx -s 'get info' chewie@wookimus.net)

--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8hRJwDMcLGCBsWv0RAmYKAJ9mvm474KROR+oR8azcQFcjXMaarQCgjp3h
R3p3MCWlCgs9qpzMEmdxQeQ=
=E1Xu
-----END PGP SIGNATURE-----

--bp/iNruPH9dso1Pn--