[syslog-ng] syslog-ng 1.6.8 and dns cache issue
Ketan Vankawala
kvankawala at perimeterusa.com
Sun Oct 2 01:27:41 CEST 2005
I appreciate your response. Here is a snippet from /etc/nsswitch.conf.
As I said in my previous email, as soon as I make the change in
/etc/hosts file and after that when I do a tcpdump it shows me the
/etc/hosts change has taken place. I see the ips getting translated into
the new corrected hostname but for some reason syslog-ng keeps logging
under the old hostname. Sometimes I have to wait for almost an hour
until it recognizes the hostname change. If I restart the syslog-ng
daemon, it immediately recognizes the hostname change but restarting the
service is not always a practical solution.
Any help will be highly appreciated.
Ketan
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
*hosts: files dns*
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
Valdis.Kletnieks at vt.edu wrote:
>On Fri, 30 Sep 2005 15:33:27 EDT, Ketan Vankawala said:
>
>
>>I have currently installed Syslog-ng ver 1.6.8. Here is a snippet of my
>>syslog-ng config file.So accordingly when a syslog message comes in,
>>depending on the ip address, it does a lookup in /etc/hosts, creates an
>>appropriate host name folder and forwards the message there. If the
>>hostname does not exists, it creates a folder named with the ip address.
>>
>>
>
>Updating /etc/hosts *should* provide fast response. I'm wondering if your
>/etc/nsswitch.conf specifies 'hosts: NIS files dns', and the NIS query functions
>are being too clever about caching..
>
>
More information about the syslog-ng
mailing list