7
禁掉Rsyslog的dns解析
source link: https://bajie.dev/posts/20240121-rsyslog_dns/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
禁掉Rsyslog的dns解析
2024-01-21
1 分钟阅读
网管检查流量图的时候发现,udp的流量很多
看了看日志:
Jun 28 00:39:28 172.16.0.1 %ASA-6-305011: Built dynamic UDP translation from inside:172.16.36.2/2160 to outside:124.243.230.6/2160
Jun 28 00:39:28 172.16.0.1 %ASA-6-302015: Built outbound UDP connection 1369422617 for outside:223.5.5.5/53 (223.5.5.5/53) to inside:172.1...
发现一大堆是查询dns 53的
杀了无关进程,继续,还有是那么多的udp 53 dns查询
查了半天才发现,是rsyslog记录日志的时候反查ip的域名导致的,由于是内网域名都不对,所以ip查不到,就不停的往公网dns发查询,导致udp流量激增。
知道原因就知道如何解决了
Centos下,rsyslog增加-x -Q禁止解析的参数:
vi /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 5 -x -Q"
Ubuntu下,方法一样,文件不一样
vi /etc/defaults/rsyslog
RSYSLOGD_OPTIONS="-x -Q"
然后重启就可以了。
</div
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK