[syslog-ng]DNS Problem?

Nicholas Bernstein syslog-ng@lists.balabit.hu
10 Jun 2003 15:46:30 -0700 

First off, what hosts are they failing to resolve? If they are hosts
from somewhere out on the internet, they might not have an in-addr.arpa
address associated with the ip, and may not be reverse lookup-able. Have
you tried to verify that the systems can look up the ip? E.G. 
'host a.b.c.d '?


On Tue, 2003-06-10 at 15:40, Glasser, Rob wrote:
> I'm having some name lookup weirdness and not sure of the cause.
> Thought I'd post the scenario to the group before I start tweaking my
> configuration to see if it can be fixed.
> 
> First off, I'm running syslog-ng 1.6.0rc3, and on the systems I'm
> having problems, they are Sun Netra systems, dual procs, 2GB of
> memory, running Solaris 8.  My options look like this:
> 
> log_fifo_size(2048); 
> time_reopen(10); 
> use_fqdn(yes);
> keep_hostname(no);
> use_dns(yes);
> dns_cache(yes);
> long_hostnames(off);
> 
> I have 2 servers with this configuration acting as centralized
> loghosts for a datacenter.  They are identical boxes, running
> identical syslog-ng configurations, on the same VLAN as the DNS
> servers they point to. 
> 
> Both of these boxes will periodically fail to lookup a name? and log
> an entry under it's IP address instead of it's fully qualified host
> name. There appears to be no pattern what so ever to it, and the log
> entries that get logged by IP are different on each syslog-ng server. 
> The load on these systems is pretty minimal.   The number of messages
> logged by IP address is averaging about 10 a day out of about 13000
> messages being logged.
> 
> To make things even more interesting, I have a similar setup in
> another datacenter, but they are older smaller systems, only Ultra
> 1's, single proc, with only 128 MB of memory, running Solaris 2.6,
> acting as centralized servers for about 3 times the number of
> servers.  The syslog-ng version and configuration is identical.  On
> these systems I can not find any entries logged by IP address,
> everything appears to be working fine.
> 
> Any ideas what might be causing this?  My gut reaction is to blame it
> on the DNS boxes since the problem is only happening in one data
> center and not another, but wanted to see if anyone else has already
> been down this road first.
> 
> Thanks
> 
> Rob Glasser
> AT&T Wireless
> UNIX Systems Administrator
> 
-- 
+---------------------------------------------------------------+
| Nicholas Bernstein            | nick@docmagic.com             |
| UNIX Systems Administrator    | http://www.docmagic.com       |
| Document Systems Inc.         |  				|
| gpg: F706 8C4E 78FA DDDD 53A0 019F D983 FE28 2002 D1F3	|
+---------------------------------------------------------------+