Date: Wed, 16 Aug 2000 22:41:05 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Todd Backman <todd@flyingcroc.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: syslogd poll state Message-ID: <20000816224105.D28027@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.21.0008161356000.6276-100000@security1.noc.flyingcroc.net>; from todd@flyingcroc.net on Wed, Aug 16, 2000 at 02:08:55PM -0700 References: <Pine.BSF.4.21.0008151635580.4625-100000@security1.noc.flyingcroc.net> <Pine.BSF.4.21.0008161356000.6276-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 16, 2000 at 02:08:55PM -0700, Todd Backman wrote:
>
> I tried on -questions and didn't get any bites. Any ideas here?:
>
> (updated info: I increased my udp.recvspace via sysctl to overcome any
> possible overloads due to +250 servers spewing syslog data to it. That was
> not the problem and the poll state continues to occur.
>
> One thing I noticed is that when syslogd is in the "poll" state the
> following is listed in the output of sockstat:
>
> machinename# sockstat
>
> root syslogd 83 4 udp4 *.514 *.*
> root syslogd 83 6 udp4 x.x.x.x.271 x.x.x.x.53
> ^^^^^^^ ^^^^^^^
> machine IP nameserver IP
>
> I am wondering why syslogd would be attempting to do any type of lookups?
Probably has something to do with this,
-a allowed_peer
Allow allowed_peer to log to this syslogd using UDP datagrams.
Multiple -a options may be specified.
Allowed_peer can be any of the following:
.
.
.
domainname[:service] Accept datagrams where the reverse
address lookup yields domainname for
the sender address. The meaning of
service is as explained above.
Are you using the -a option?
--
Crist J. Clark cjclark@alum.mit.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000816224105.D28027>