[syslog-ng] "Error resolving hostname" for UDP Destination

Sat Aug 22 19:29:09 CEST 2015

Syslog-ng doesn't use an asynchronous dns resolver, but rather it uses the
libc one as it wants to keep the ordering of messages.

However it uses an inprocess DNS cache, that should mitigate most dns
latency issues as hosts that generate logs should already be in the cache
anyway.

If you can't trust that the dns will work, just disable dns resolution eg
use-dns(no) or use persist-only dns caching and populate /etc/hosts with
those you want to see with names.

https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-local-dns.html

With regards to dns stalling all sources, no its not as long as syslog-ng
is running in threaded mode. Only the affected worker is stalled the others
will continue.
On Aug 22, 2015 5:37 PM, "David Hauck" <davidh at netacquire.com> wrote:

> On yslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler,,
> syslog-ng-bounces at lists.balabit.hu wrote:
> > Earlier syslog-ng immediately exited at startup, now it is considering
> > dns resolution errors just like connection failures so time-reopen
> applies.
>
> OK, thx.
>
> BTW, I was reading about the DNS resolver blocking the logger (during
> resolutions, which, in situations where the lookup fails, could result in
> significant time). What does this mean exactly? Are all
> destinations/sources blocked during this time?
>
> > Time-reopen defaults to 60 seconds as I remember as well and I can't
> remember any patch that would have changed it.
>
> Thx also - I did locate my configuration setting for this and see that the
> distribution I'm using resets this default to 10s (so everything's working
> fine here).
>
> > On Aug 22, 2015 1:01 AM, "David Hauck" <davidh at netacquire.com> wrote:
> >
> >
> >       Hi Fabien,
> >
> >       On Monday, June 15, 2015 7:08 AM, I wrote:      > On Monday, June
> 15, 2015
> > 12:50 AM Fabien Wernli wrote:         >> Hi David,    >>      >> On Fri,
> Jun 12, 2015
> > at 05:09:03PM +0000, David Hauck wrote:       >>> Starting syslog-ng:
> Error
> > resolving hostname;   >>> host='test.nacc.netacquire.dom' Error
> > initializing message pipeline;        >>>     >>> Unfortunately, this
> results in
> > the entire process failing to start.  >>      >> This looks a hell lot
> like
> > a resolved issue [1] on github        >>      >> [1]
> > https://github.com/balabit/syslog-ng/issues/318       >       > Yes,
> indeed! And
> > this looks to have been included in v3.6.3 - I'll give this a try.
> >
> >       I've finally had a chance to test this and see that it indeed fixes
> > outright error. However, I now see the following messages appear every
> 10s:
> >
> >       20150821 15:54:37.994 err syslog(syslog-ng):Error resolving
> hostname; host='tester'
> >       20150821 15:54:37.994 err syslog(syslog-ng):Initiating connection
> failed, reconnecting; time_reopen='10'
> >
> >       Is there a way to change the timeout? Is this the time-reopen
> global
> > option? Besides DNS lookup retries, what other operations are subject
> > to this timeout? Finally, the default (3.7) OSE documentation indicates
> the time-reopen default is 60s (not 10s like I'm seeing).
> >
> >       Thanks,
> >       -David
> >
> > ______________________________________________________________________
> > __ ______     Member info:
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng   Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
>  FAQ:
> > http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150822/e44d2096/attachment.htm 