Date: Thu, 17 Aug 2000 08:32:00 -0700 (PDT) From: Todd Backman <todd@flyingcroc.net> To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: syslogd poll state Message-ID: <Pine.BSF.4.21.0008170828500.12741-100000@security1.noc.flyingcroc.net> In-Reply-To: <20000816224105.D28027@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
No, I am not using -a for syslogd. I have blocked 514 at the borders and did not want to add any more overhead to this server. I am thinking that it might be a DNS issue and not a syslogd issue. Thanks. - Todd On Wed, 16 Aug 2000, Crist J . Clark wrote: > On Wed, Aug 16, 2000 at 02:08:55PM -0700, Todd Backman wrote: > > > > I tried on -questions and didn't get any bites. Any ideas here?: > > > > (updated info: I increased my udp.recvspace via sysctl to overcome any > > possible overloads due to +250 servers spewing syslog data to it. That was > > not the problem and the poll state continues to occur. > > > > One thing I noticed is that when syslogd is in the "poll" state the > > following is listed in the output of sockstat: > > > > machinename# sockstat > > > > root syslogd 83 4 udp4 *.514 *.* > > root syslogd 83 6 udp4 x.x.x.x.271 x.x.x.x.53 > > ^^^^^^^ ^^^^^^^ > > machine IP nameserver IP > > > > I am wondering why syslogd would be attempting to do any type of lookups? > > Probably has something to do with this, > > -a allowed_peer > Allow allowed_peer to log to this syslogd using UDP datagrams. > Multiple -a options may be specified. > > Allowed_peer can be any of the following: > . > . > . > domainname[:service] Accept datagrams where the reverse > address lookup yields domainname for > the sender address. The meaning of > service is as explained above. > > Are you using the -a option? > -- > Crist J. Clark cjclark@alum.mit.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008170828500.12741-100000>