Hi John On Fri, May 29, 2020 at 3:09 AM John Chivian via rsyslog <[email protected]> wrote: > > rsyslog will leverage any DNS caching that the system does. check for > instances of nscd, and be aware that the dig utility does not consider > any such cache.
We don't use nscd, in this case its /etc/hosts > > it is also very important to understand that the DNS name is only used > once, when the connection to the remote system is established. if the > log stream is steady enough so that the connection never goes away, then > DNS could change any number of times behind the scenes and the open > connection would neither know or care. > > if the connection did time out and go away, then the next time a packet > came in and the connection to the remote host had to be re-established, > a DNS lookup would occur and the new value used. this is obviously the > same thing that happens when you restart. Does it apply for UDP sockets? I have roughly 10K syslog clients and need to redirect half of them to a new central syslog server. So the original one will keep running. If I don't restart the syslog clients, it would still contact the original one. > > hope that helps, > > > > > On 5/28/20 9:31 AM, Olivia Nelson via rsyslog wrote: > > Software version > > --------------- > > > > I'm testing this behavior on CentOS 6, if it's already fixed I can > > recompile and test a newer version: > > > > # rpm -qa | grep rsyslog > > rsyslog-5.8.10-10.el6_6.x86_64 > > > > Step to reproduce > > --------------- > > > > Configured rsyslogd to forward logs to log1.example.com > > > > *.* @log1.example.com:514 > > > > Create a test log with logger command > > > > logger -t test RANDOM_STRING > > > > And I confirm it's received on the remote host by grepping the files. > > > > Then I change the DNS A record of log1.example.com to another IP, wait > > for TTL to expire, and confirm the IP has changed with dig command. > > > > If I execute the logger command again, the log is still sent to the > > old IP address. > > > > Conclusion > > --------------- > > > > rsyslogd would never update the IP address, unless I manually restart > > the rsyslog daemon. Is it by design? > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
