[syslog-ng] /dev/log causing system to hang?

[Geller, Sandor (IT)]

> We deploy syslog-ng-1.6.2-1,  the (non-destination) configuration is:

Way too old. I recommend upgrading to 2.0.4

> --------
> options { sync (0);
>         time_reopen (10);
>         log_fifo_size (1000);
>         long_hostnames (off);
>         use_dns (no); 
>         use_fqdn (no);
>         create_dirs (no);
>         keep_hostname (yes);
> };
> 
> source s_sys { 
>   pipe ("/proc/kmsg" log_prefix("kernel: ")); 

This is wrong. Use file() instead of pipe(), and stop klogd
before starting syslog-ng

>   unix-stream ("/dev/log"); 

Either raise max_connections() for unix-stream or switch to using
unix_dgram

>   internal(); 
> };
> --------
> 
> One of our support people reported:
> 
> --------
> 1. "EPROTOTYPE (Protocol wrong type for socket) ... pointing 
> to /dev/log ... /dev/log is a socket

You should change /dev/log to unix_dgram instead of unix_stream

> 2. List all the socket on the sever .... via netstat ... 
> found lot of socket still waiting to get connected .. 
> indicating .. it couldnot establish new connection ... hence 
> it ruled out the authentication issue 

Either raise max_connections or switch to unix-dgram. syslog-ng
logs when it refuses socket connections

> 3.  Tried to find out what was blocking the socket /dev/log 
> .... found that syslog-ng was the culprit ... i had bounced 
> syslog-ng and we were good thereafter
> --------

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.