[syslog-ng] syslog-ng 1.6.8 and dns cache issue
Ketan Vankawala
kvankawala at perimeterusa.com
Thu Sep 22 01:58:13 CEST 2005
I have currently installed Syslog-ng ver 1.6.8. Here is a snippet of my
syslog-ng config file:
destination hostslocal {
file("/var/log/HOSTS/$HOST/$YEAR-$MONTH-$DAY.log"
owner(root) group(xxx) perm(0740) dir_perm(0740) create_dirs(yes)
template("$R_DATE $FULLHOST $MONTH $S_DAY $S_YEAR
$S_HOUR:$S_MIN:$S_SEC: $MESSAGE\n") template-escape(no));
};
log {
source(src);
destination(hostslocal);
};
So accordingly when a syslog message comes in, depending on the ip
address, it does a lookup in /etc/hosts, creates an appropriate host
name folder and forwards the message there. If the hostname does not
exists, it creates a folder named with the ip address. Here is my question:
1) How often does syslog-ng refreshes its dns /hosts cache? Because I
have run into issues that even after the /etc/hosts file is updated
syslog still keeps logging to the folder created with the ip address.
If I restart syslog-ng service it immediately starts forwarding the
messages correctly to hostname folder.
2) How can I reduce the dns cache timeout, so it checks /etc/hosts more
frequently for any changes?
Any help will be highly appreciated.
thx.
Ketan
More information about the syslog-ng
mailing list