[syslog-ng]DNS Problem?
Glasser, Rob
syslog-ng@lists.balabit.hu
Tue, 2 Sep 2003 15:45:46 -0700
Wow, old thread of mine.=20
It appears to be disk/load related on the syslog server itself. These =
messages only appear in the middle of the night when a find job runs on =
the directories and files syslog-ng writes to and deletes old files =
(syslog-ng writes to files with a datestamp in the filename). When I =
don't run this script I don't have any problems. Funny thing is this =
happens on my boxes that are Netra 1125's, dual 400Mhz procs, 18GB 10000 =
RPM disks, but doesn't happen on my boxes that are Ultra 1's, single =
84Mhz prco, 9GB 7200 RPM disks. Go figure. We're moving this stuff =
onto new hardware on a SAN so hopefully the problems will go away then.
Rob Glasser
-----Original Message-----
From: Unger, Christian [mailto:C.unger@st-ag.de]=20
Sent: Tuesday, June 10, 2003 11:33 PM
To: syslog-ng@lists.balabit.hu
Subject: AW: [syslog-ng]DNS Problem?
May you using, Windows 2000 ADS integraded DNS Servers. Then you should =
look into you logfiles of the Windows box. The 2000 DNS Server dies some =
time on havy load. MS knows that problem and so the DNS kommt with a =
autorestart funktion.
But you can get a dns time out during the restart.=20
Or your ADS is in combination with Exchange 2000, so the DNS (DC Server) =
has some time havy load during the LDAP querys from Exchange. The DNS =
Respons now needs extremly long. If you have this you should need 3 DS =
in the primary Exchange 2000 Site and split the Exchange querys over the =
tree global catalog Server.
Thas my 2000 knowlage ;) I hope it helps someone.
-----Urspr=FCngliche Nachricht-----
Von: Glasser, Rob [mailto:rob.glasser@attws.com]
Gesendet: Mittwoch, 11. Juni 2003 00:50
An: syslog-ng@lists.balabit.hu
Betreff: RE: [syslog-ng]DNS Problem?
These are internal systems located in the same datacenter although not
necessarily on the same network. reverse lookups work, in fact for any
system that has a problem, it's usually only one message out of hundreds
for the day that has the problem, all other messages from those systems
resolve fine.
Rob Glasser
desk (425)288-2562; cell (206)915-4327=20
rob.glasser@attws.com / 2069154327@mobile.att.net=20
-----Original Message-----
From: Nicholas Bernstein [mailto:nick@docmagic.com]=20
Sent: Tuesday, June 10, 2003 3:47 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]DNS Problem?
First off, what hosts are they failing to resolve? If they are hosts
from somewhere out on the internet, they might not have an in-addr.arpa
address associated with the ip, and may not be reverse lookup-able. Have
you tried to verify that the systems can look up the ip? E.G.=20
'host a.b.c.d '?
On Tue, 2003-06-10 at 15:40, Glasser, Rob wrote:
> I'm having some name lookup weirdness and not sure of the cause.
> Thought I'd post the scenario to the group before I start tweaking my
> configuration to see if it can be fixed.
>=20
> First off, I'm running syslog-ng 1.6.0rc3, and on the systems I'm
> having problems, they are Sun Netra systems, dual procs, 2GB of
> memory, running Solaris 8. My options look like this:
>=20
> log_fifo_size(2048);=20
> time_reopen(10);=20
> use_fqdn(yes);
> keep_hostname(no);
> use_dns(yes);
> dns_cache(yes);
> long_hostnames(off);
>=20
> I have 2 servers with this configuration acting as centralized
> loghosts for a datacenter. They are identical boxes, running
> identical syslog-ng configurations, on the same VLAN as the DNS
> servers they point to.=20
>=20
> Both of these boxes will periodically fail to lookup a name? and log
> an entry under it's IP address instead of it's fully qualified host
> name. There appears to be no pattern what so ever to it, and the log
> entries that get logged by IP are different on each syslog-ng server.=20
> The load on these systems is pretty minimal. The number of messages
> logged by IP address is averaging about 10 a day out of about 13000
> messages being logged.
>=20
> To make things even more interesting, I have a similar setup in
> another datacenter, but they are older smaller systems, only Ultra
> 1's, single proc, with only 128 MB of memory, running Solaris 2.6,
> acting as centralized servers for about 3 times the number of
> servers. The syslog-ng version and configuration is identical. On
> these systems I can not find any entries logged by IP address,
> everything appears to be working fine.
>=20
> Any ideas what might be causing this? My gut reaction is to blame it
> on the DNS boxes since the problem is only happening in one data
> center and not another, but wanted to see if anyone else has already
> been down this road first.
>=20
> Thanks
>=20
> Rob Glasser
> AT&T Wireless
> UNIX Systems Administrator
>=20
--=20
+---------------------------------------------------------------+
| Nicholas Bernstein | nick@docmagic.com |
| UNIX Systems Administrator | http://www.docmagic.com |
| Document Systems Inc. | |
| gpg: F706 8C4E 78FA DDDD 53A0 019F D983 FE28 2002 D1F3 |
+---------------------------------------------------------------+
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html