网管检查流量图的时候发现,udp的流量很多

看了看日志:

Jun 28 00:39:28 172.16.0.1 %ASA-6-305011: Built dynamic UDP translation from inside:172.16.36.2/2160 to outside:124.243.230.6/2160  
Jun 28 00:39:28 172.16.0.1 %ASA-6-302015: Built outbound UDP connection 1369422617 for outside:223.5.5.5/53 (223.5.5.5/53) to inside:172.1...  

发现一大堆是查询dns 53的

杀了无关进程,继续,还有是那么多的udp 53 dns查询

于是明白,是rsyslog记录日志的时候反查ip的域名导致的,由于是内网ip查不到,所以不停的往公网dns发查询,导致udp流量激增。

知道原因就知道如何解决了

Centos下,rsyslog增加-x -Q禁止解析的参数:

vi /etc/sysconfig/rsyslog  
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 5 -x -Q"  

Ubuntu下,方法一样,文件不一样

vi /etc/defaults/rsyslog  
RSYSLOGD_OPTIONS="-x -Q"  

然后重启就可以了。

comments powered by Disqus