Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Aug 2000 08:32:00 -0700 (PDT)
From:      Todd Backman <todd@flyingcroc.net>
To:        cjclark@alum.mit.edu
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: syslogd poll state
Message-ID:  <Pine.BSF.4.21.0008170828500.12741-100000@security1.noc.flyingcroc.net>
In-Reply-To: <20000816224105.D28027@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

No, I am not using -a for syslogd. I have blocked 514 at the borders and
did not want to add any more overhead to this server. I am thinking that
it might be a DNS issue and not a syslogd issue.

Thanks.

- Todd

On Wed, 16 Aug 2000, Crist J . Clark wrote:

> On Wed, Aug 16, 2000 at 02:08:55PM -0700, Todd Backman wrote:
> > 
> > I tried on -questions and didn't get any bites. Any ideas here?:
> > 
> > (updated info: I increased my udp.recvspace via sysctl to overcome any
> > possible overloads due to +250 servers spewing syslog data to it. That was
> > not the problem and the poll state continues to occur. 
> > 
> > One thing I noticed is that when syslogd is in the "poll" state the
> > following is listed in the output of sockstat:
> > 
> > machinename# sockstat
> > 
> > root     syslogd     83    4 udp4   *.514                 *.*
> > root     syslogd     83    6 udp4   x.x.x.x.271		  x.x.x.x.53
> > 				    ^^^^^^^		  ^^^^^^^
> > 				    machine IP		  nameserver IP
> > 
> > I am wondering why syslogd would be attempting to do any type of lookups?
> 
> Probably has something to do with this,
> 
>      -a allowed_peer
>              Allow allowed_peer to log to this syslogd using UDP datagrams.
>              Multiple -a options may be specified.
> 
>              Allowed_peer can be any of the following:
>              .
>              .
>              .
>              domainname[:service]        Accept datagrams where the reverse
>                                          address lookup yields domainname for
>                                          the sender address.  The meaning of
>                                          service is as explained above.
> 
> Are you using the -a option?
> -- 
> Crist J. Clark                           cjclark@alum.mit.com
> 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008170828500.12741-100000>