[syslog-ng] syslog-ng 3.3.7 DNS resolving Problem

Daniel Neubacher daniel.neubacher at xing.com
Wed Jan 2 15:49:56 CET 2013 

To reproduce the problem I tried to generate a massive amount of logs with one client to a server with my live configuration but it didn't work. I guess the problem doesn't lie in the log amount but the hosts. And that's hard to test.

After that I did some more live testing. My first test was if this actually happens without dns resolving and it didn't. After that I've disabled threading and it seemed to work. My problem is that I need threading because syslog is now running on 100% :P
It was a quick test but after enabling threading again the problem appeared instantly.  Now I've disabled it and test it for at least a day. But it seems like threading has one more problem :(


-----Ursprüngliche Nachricht-----
Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Daniel Neubacher
Gesendet: Mittwoch, 2. Januar 2013 14:26
An: Syslog-ng users' and developers' mailing list
Betreff: Re: [syslog-ng] syslog-ng 3.3.7 DNS resolving Problem

Yes but the the servers fqdn is used in my case.

What I know is that syslog-ng is ignoring the cache while it happens. In the same second where I can find a wrong log the server sorted another  line from the same client into the right folder. One of my first guesses where failed dns requests but my caching time of 10 seconds for negative answers don't match the time of the log messages.

Guess I will debug some more if there are others which have this problem too. I thought I'm alone with this :)

-----Ursprüngliche Nachricht-----
Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Gergely Nagy
Gesendet: Mittwoch, 2. Januar 2013 14:01
An: Syslog-ng users' and developers' mailing list
Betreff: Re: [syslog-ng] syslog-ng 3.3.7 DNS resolving Problem

Daniel Neubacher <daniel.neubacher at xing.com> writes:

> Many times a day messages are sorted into a folder with the DNS name 
> of my syslog-ng server instead of the real host where the log is 
> coming from.  The log line still has the right host in the text and 
> most of the time it is working but I could not find any way to 
> reproduce the problem on demand yet. For debugging I've disabled any 
> logging for the server itself but it still happens.

This is not the first time I hear about this problem, but so far I have not been able to reproduce it locally :(

Is it always the server address that gets used instead of the originating host's name?

-- 
|8]

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

More information about the syslog-ng mailing list