[syslog-ng]syslog and -HUP
Balazs Scheidler
syslog-ng@lists.balabit.hu
Sat, 16 Apr 2005 14:55:21 +0200
Hi,
On Fri, 2005-04-15 at 17:36 +0300, Andy wrote:
> On Fri, Apr 15, 2005 at 03:12:00PM +0200, Balazs Scheidler wrote:
> > On Fri, 2005-04-15 at 13:14 +0300, Andy wrote:
> >
> > Can you post a longer strace and maybe an lsof output of syslog-ng to
> > see the problem?
>
> of course.
>
> do
> # echo test|logger -p daemon.debug -t test
>
> get /var/log/messages:
> Apr 15 16:58:06 vpn test: test
>
>
> do
> # mv /var/log/messages /var/log/messages.0
> # echo test|logger -p daemon.debug -t test
>
> get /var/log/messages.0:
>
> Apr 15 17:00:53 vpn test: test
>
> OK. Daemon not know about logrotate.
>
> do
> # ps ax|grep syslog
> 13466 ? S 0:00 /sbin/syslog-ng
> # kill -HUP 13466
> # echo test|logger -p daemon.debug -t test
>
> get /var/log/messages.0:
> nothing!!!
> get /var/log/messages:
> nothing too!!!
What is "get" in the commands quoted above? I assume it is the
equivalent of cat, or maybe grep.
>
> in this time in strace I get:
>
> .........
> poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1
> accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9
[snip[
> ..............
As I see your test message was written to fd 8 while all kernel messages
are written to fd 6. You'll need to check out what those fds are in
reality.
>
> and (I think it very strange!!!) only _kernel_ message are normally writted:
>
> ....
> Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error
> Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error
> Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error
> Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error
> .....
>
>
> my syslog-ng.conf:
>
> =cut
>
> options { sync (0);
[snip]
> =end
I've tried running syslog-ng with your exact configuration and it
continued to log fine.
--
Bazsi