Bug ID 913849: Syslog-ng periodically logs nothing for 20 seconds

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1

Fixed In:
16.1.0, 16.0.1.2, 15.1.4, 14.1.4.2

Opened: Jun 03, 2020

Severity: 3-Major

Symptoms

Once per minute, syslog-ng logs nothing for 20 seconds.

Impact

When using DNS names to specify remote syslog destinations and DNS is unreachable, syslog-ng re-attempts to resolve the name every 60 seconds. This resolution has a 20 seconds timeout, and blocks the syslog process from writing logs to disk during that time. Note that the logs are buffered, not lost, and will still be written to disk (with the correct timestamps) once the DNS query times out.

Conditions

-- A remote syslog server is specified by hostname, forcing syslog-ng to resolve it. -- the DNS resolution times out (for example, if the DNS server is unreachable)

Workaround

None.

Fix Information

F5 patched syslog-ng to use a lower 1-second, 0-retries timeout back in 13.0.0, but this patch was made ineffective by the upgrade to centos 7 in 14.1.0. This fixes the patch so that it works again.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips