[ednog] DNS server monitoring
michael at rancid.berkeley.edu
Tue Nov 29 13:28:38 EST 2005
On Tue, 29 Nov 2005, Julian Y. Koh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> At 17:11 -0800 11/28/2005, Mark Boolootian wrote:
>> The one caveat to this is that dedicated syslog servers that don't run
>> any traffic-generating applications end up having their MAC address aged
>> out of the forwarding tables of the L2 gear, and your syslog traffic ends
>> up flooded to everyone in the same broadcast domain.
> Yeah, we saw this as well. The solution is to keep your L2 CAM tables in
> sync with your L3 ARP tables as far as expire time is concerned. Another
> workaround is to regularly ping the receiving interface of the syslog server
> from a monitoring station.
That's a good suggestion. I had also thought about running an NTP daemon
(or some such NTP process) that would be configured to poll NTP server(s)
no less than every 128 seconds, since most CAM tables I have seen age out
at 300 seconds. It would solve the CAM table issue and help ensure that
the syslog server's clock stays in sync.
More information about the ednog