[syslog-ng] syslog-ng does not start when a destination hostname is unresolvable
Heiko Gerstung
heiko at am-anger-1.de
Mon Oct 17 15:26:25 CEST 2011
Hi!
I am using syslog-ng for my network appliance and came across a problem with unresolved destination hosts. But first of all
I have to say that from all the syslog daemons I looked at, syslog-ng really stands out as the most versatile and flexible
solution. So, thank you for this great piece of software!
In my configuration it is possible to specify a number of remote syslog servers, to which my device forwards all log entries
via TCP or UDP/514 in addition to logging everything to local files (/var/log/messages etc.). Now, when a customer enters an
unresolvable hostname, syslog-ng does not start at all and therefore the whole system is without a syslog daemon.
My current workaround is to try and resolve the configured hostnames myself and only write them to the generated
syslog-ng.conf file when this succeeds, but I wonder if there is no configuration option or commandline switch that prevents
syslog-ng from completely stopping to work when it cannot resolve a hostname.
And, is this really the intended default behavior? On my system (and on almost every other system I assume), syslog-ng
starts long before network connectivity is available in order to provide logging services during the boot sequence. I would
have expected that, if one of the destinations cannot be resolved, syslog-ng starts without it and periodically tries to
resolve it later.
I did not find anything about this in the documentation (manpages of syslog-ng and syslog-ng.conf) or in the FAQ, the only
thing I found was a bug in bugzilla (https://bugzilla.balabit.com/show_bug.cgi?id=63), which has been filed in 11/2009 and
reports that --syntax-only does not catch unresolved _sources_ although this is considered a critical error and prevents
syslog-ng from starting. I would assume that this is the same for unresolved destinations.
Any comments on this? I know that ntpd tries to resolve configured servers in a separate thread which retries resolving them
every once in a while and starts using such a host as soon as it could be resolved.
Best Regards,
Heiko
More information about the syslog-ng
mailing list