[syslog-ng] fails if dns error resolvehostnamedestinationforwarding
JV
nycfresh at yahoo.com
Wed Nov 12 21:12:37 CET 2008
I don't expect syslog-ng to resolve a name when its not in dns or hosts but i expect syslog-ng to still start & run as it has other filter rules saying it needs to log to local files.
Use case is when a system reboots syslog-ng starts up before network is fully up on the host, syslog-ng won't start and no local logging takes place either.
We're talking UDP here , so no reason syslog-ng can't keep trying to resolve and send new lines when needed once network connectivity is working and name resolution is complete.
Isn't that how the OS native "syslog" works ?
--- On Wed, 11/12/08, Geller, Sandor (IT) <Sandor.Geller at morganstanley.com> wrote:
> From: Geller, Sandor (IT) <Sandor.Geller at morganstanley.com>
> Subject: RE: [syslog-ng] fails if dns error resolvehostnamedestinationforwarding
> To: nycfresh at yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng at lists.balabit.hu>, "Peck, Jonathan" <Jonathan.Peck at firstdata.com>
> Date: Wednesday, November 12, 2008, 12:12 AM
> Hello,
>
> Sorry, what you're after doesn't make any sense.
> When you
> explicitely turn off name resolution but despite of this
> you add a
> *destination* which refers to a hostname then how the hell
> could
> syslog-ng resolve the hostname at all?
>
> You should specify the IP address instead of the
> unresolvable name
> or remove the destination.
>
> Regards,
>
> Sandor
>
> > -----Original Message-----
> > From: syslog-ng-bounces at lists.balabit.hu
> > [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf
> Of JV
> > Sent: Tuesday, November 11, 2008 10:23 PM
> > To: Syslog-ng users' and developers' mailing
> list; Peck, Jonathan
> > Subject: Re: [syslog-ng] fails if dns error resolve
> > hostnamedestinationforwarding
> >
> > no, here's my options.
> >
> > options { sync (0);
> > time_reopen (10);
> > log_fifo_size (1000);
> > long_hostnames (off);
> > use_dns (no);
> > use_fqdn (no);
> > create_dirs (no);
> > keep_hostname (yes);
> > stats (0);
> > }
> >
> > PS: it doesn't seem to matter if the destination
> is a
> > "hostname" or "hostname.FQDN" if
> syslog-ng can't resolve it -
> > it won't run , so shouldn't be Redhat
> dependant either :)
> >
> > --- On Tue, 11/11/08, Peck, Jonathan
> > <Jonathan.Peck at firstdata.com> wrote:
> >
> > > From: Peck, Jonathan
> <Jonathan.Peck at firstdata.com>
> > > Subject: RE: [syslog-ng] fails if dns error
> resolve
> > hostnamedestinationforwarding
> > > To: nycfresh at yahoo.com, "Syslog-ng
> users' and developers'
> > mailing list" <syslog-ng at lists.balabit.hu>
> > > Date: Tuesday, November 11, 2008, 12:56 PM
> > > Well there's your problem, you are using
> RedHat, haha
> > > j/k :)
> > >
> > > Do you have any dns fqdn options set in your
> syslog.conf.in
> > > (or
> > > syslog.conf.RedHat) such:
> > >
> > > options { long_hostnames (on);
> > > use_dns (yes);
> > > use_fqdn (yes);
> > > keep_hostname (no);
> > > };
> > >
> > > ?
> > >
> > > -----Original Message-----
> > > From: syslog-ng-bounces at lists.balabit.hu
> > > [mailto:syslog-ng-bounces at lists.balabit.hu] On
> Behalf Of JV
> > > Sent: Tuesday, November 11, 2008 2:45 PM
> > > To: Syslog-ng users' and developers'
> mailing list;
> > > Peck, Jonathan
> > > Subject: Re: [syslog-ng] fails if dns error
> resolve
> > > hostnamedestinationforwarding
> > >
> > > thanks for the quick response.
> > >
> > > i'm using the default
> contrib/syslog-ng.conf.RedHat
> > >
> > > source s_sys { file ("/proc/kmsg"
> > > log_prefix("kernel: ")); unix-stream
> > > ("/dev/log"); internal(); };
> > >
> > > /usr/local/sbin/syslog-ng -d -v
> > > Error resolving hostname;
> host='sysremote'
> > > No destination address set;
> > >
> > >
> > >
> > > --- On Tue, 11/11/08, Peck, Jonathan
> > > <Jonathan.Peck at firstdata.com>
> > > wrote:
> > >
> > > > From: Peck, Jonathan
> > > <Jonathan.Peck at firstdata.com>
> > > > Subject: RE: [syslog-ng] fails if dns error
> resolve
> > > hostname
> > > destinationforwarding
> > > > To: nycfresh at yahoo.com, "Syslog-ng
> users' and
> > > developers' mailing
> > > list" <syslog-ng at lists.balabit.hu>
> > > > Date: Tuesday, November 11, 2008, 12:29 PM
> > > > How do you have your sources section
> configured?
> > > >
> > > > Have you run syslog-ng in debug mode
> (#syslog-ng -d
> > > -v) to
> > > > see if it is
> > > > vomiting back any addtl info when it trys to
> kick off?
> > >
> > > >
> > > > -----Original Message-----
> > > > From: syslog-ng-bounces at lists.balabit.hu
> > > > [mailto:syslog-ng-bounces at lists.balabit.hu]
> On Behalf
> > > Of
> > > > JV
> > > > Sent: Tuesday, November 11, 2008 2:23 PM
> > > > To: syslog-ng at lists.balabit.hu
> > > > Subject: [syslog-ng] fails if dns error
> resolve
> > > hostname
> > > > destinationforwarding
> > > >
> > > > Tried searching in google and the mailing
> archives...
> > > >
> > > > I'm on syslog-ng-2.0.9 and it refuses to
> start if
> > > i
> > > > have a filter like
> > > >
> > > > filter f_11 { level(info..emerg); };
> > > > destination d_8 {
> udp("sysremote"
> > > port(514));
> > > > };
> > > > log { source(s_sys); filter(f_11);
> destination(d_8);
> > > };
> > > >
> > > > and sysremote is not resolvable via my DNS
> or
> > > /etc/hosts
> > > >
> > > > You'd think syslog-ng-2.0.9 would
> continue to run
> > > and
> > > > do the other
> > > > filters which is to log locally instead of
> refusing to
> > > run
> > > > at all. Thats
> > > > how the builtin syslog works i believe.
> > > >
> > > > This limits our ability to swap out replace
> syslog
> > > with
> > > > syslog-ng since
> > > > local logging should not fail just because
> dns is
> > > > unreachable ?
> > > >
> > > > Am I missing something. Thanks in advance.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ______________________________________________________________
> > __________
> > > > ______
> > > > Member info:
> > > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:
> > > >
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ:
> http://www.campin.net/syslog-ng/faq.html
> > > >
> > > >
> > > > -----------------------------------------
> > > > The information in this message may be
> proprietary
> > > and/or
> > > > confidential, and protected from disclosure.
> If the
> > > reader
> > > > of this
> > > > message is not the intended recipient, or an
> employee
> > > or
> > > > agent
> > > > responsible for delivering this message to
> the
> > > intended
> > > > recipient,
> > > > you are hereby notified that any
> dissemination,
> > > > distribution or
> > > > copying of this communication is strictly
> prohibited.
> > > If
> > > > you have
> > > > received this communication in error, please
> notify
> > > First
> > > > Data
> > > > immediately by replying to this message and
> deleting
> > > it
> > > > from your
> > > > computer.
> > >
> > >
> > >
> > >
> >
> ______________________________________________________________
> > __________
> > > ______
> > > Member info:
> > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> >
> ______________________________________________________________
> > ________________
> > Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify
> sender. Sender does not intend to waive confidentiality or
> privilege. Use of this email is prohibited when received in
> error.
More information about the syslog-ng
mailing list