Date: Wed, 16 Aug 2000 22:41:05 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Todd Backman <todd@flyingcroc.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: syslogd poll state Message-ID: <20000816224105.D28027@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.21.0008161356000.6276-100000@security1.noc.flyingcroc.net>; from todd@flyingcroc.net on Wed, Aug 16, 2000 at 02:08:55PM -0700 References: <Pine.BSF.4.21.0008151635580.4625-100000@security1.noc.flyingcroc.net> <Pine.BSF.4.21.0008161356000.6276-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 16, 2000 at 02:08:55PM -0700, Todd Backman wrote: > > I tried on -questions and didn't get any bites. Any ideas here?: > > (updated info: I increased my udp.recvspace via sysctl to overcome any > possible overloads due to +250 servers spewing syslog data to it. That was > not the problem and the poll state continues to occur. > > One thing I noticed is that when syslogd is in the "poll" state the > following is listed in the output of sockstat: > > machinename# sockstat > > root syslogd 83 4 udp4 *.514 *.* > root syslogd 83 6 udp4 x.x.x.x.271 x.x.x.x.53 > ^^^^^^^ ^^^^^^^ > machine IP nameserver IP > > I am wondering why syslogd would be attempting to do any type of lookups? Probably has something to do with this, -a allowed_peer Allow allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified. Allowed_peer can be any of the following: . . . domainname[:service] Accept datagrams where the reverse address lookup yields domainname for the sender address. The meaning of service is as explained above. Are you using the -a option? -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000816224105.D28027>