[syslog-ng] syslog-ng 1.6.8 and dns cache issue
Ketan Vankawala
kvankawala at perimeterusa.com
Fri Sep 30 21:33:27 CEST 2005
I have currently installed Syslog-ng ver 1.6.8. Here is a snippet of my
syslog-ng config file.So accordingly when a syslog message comes in,
depending on the ip address, it does a lookup in /etc/hosts, creates an
appropriate host name folder and forwards the message there. If the
hostname does not exists, it creates a folder named with the ip address.
Here is my question:
1) How often does syslog-ng refreshes its dns /hosts cache? Because I
have run into issues that even after the /etc/hosts file is updated
syslog still keeps logging to the folder created with the ip address.
If I restart syslog-ng service it immediately starts forwarding the
messages correctly to hostname folder.
2) How can I reduce the dns cache timeout, so it checks /etc/hosts more
frequently for any changes?
Thanks in advance.
Ketan
destination hostslocal {
file("/var/log/HOSTS/$HOST/$YEAR-$MONTH-$DAY.log"
owner(root) group(xxx) perm(0740) dir_perm(0740) create_dirs(yes)
template("$R_DATE $FULLHOST $MONTH $S_DAY $S_YEAR
$S_HOUR:$S_MIN:$S_SEC: $MESSAGE\n") template-escape(no));
};
log {
source(src);
destination(hostslocal);
};
More information about the syslog-ng
mailing list