[syslog-ng]syslog-ng 1.4.17 netzwerk logging
Balazs Scheidler
syslog-ng@lists.balabit.hu
Mon, 26 Jan 2004 13:15:25 +0100
On Sun, 2004-01-25 at 18:01, julius wrote:
> i used the example Debian GNU/Linux config and added these options on the log host(192.168.0.1):
>
> source s_tcp { tcp(ip(0.0.0.0) port(514) max-connections(10)); };
> log { source(s_tcp); destination(messages); };
>
>
> and on the "source host" (192.168.0.3):
>
> destination d_tcp { tcp(192.168.0.1); };
> log { source(src); filter(f_messages); destination(d_tcp); };
>
> now i get name queries from my bind thats running on the source host, but syslog queries the bind without stopping, the name server uses nearly 100% from the 133mhz...
> whats wrong?
syslog-ng reverse lookups the sender of each message. you can lower the
DNS load by enabling the internal dns cache:
options { dns_cache(yes); };
or by disabling DNS completely:
options { use_dns(no); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1