[syslog-ng] Reason why syslog-ng service dies frequently

Scheidler, Balázs balazs.scheidler at balabit.com
Mon Jan 5 11:06:19 CET 2015 

Hi,

Also, a backtrace would be nice. So ensure that syslog-ng drops core (by
setting the ulimit -c unlimited) and checking the backtrace via gdb.



-- 
Bazsi

On Sun, Jan 4, 2015 at 6:57 PM, Andrey Smetanin <Andrey.Smetanin at commerx.ca>
wrote:

> Hi Nguyễn
>
> In no way I can be considered as a syslog-ng specialist, but in my opinion
> you need to gather more statistic on your issue. Try to turn on verbose
> debugging and setup a small script to monitor syslog-ng process and note
> exact time when it dies. "Some hours" seems very vague , something should
> happen at the time when syslog-ng process dies. You need to know what
> happens, looking into the system logs at that time
>
>
>
> Andrey Smetanin
>
>
>
>
> From: syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] On Behalf Of Nguyen Trung Hieu
> Sent: January-02-15 9:51 PM
> To: syslog-ng
> Subject: Re: [syslog-ng] Reason why syslog-ng service dies frequently
>
> Hi all
> Just a reminder if you guys neglect this email because I sent on New Year
> day.
>
> --
> Best regards!
> ------
> Nguyễn Trung Hiếu
> Mobile: +84904031032
>
> On Thu, Jan 1, 2015 at 9:41 AM, Nguyen Trung Hieu <trunghieubcvt at gmail.com>
> wrote:
> Dear team
> I have instaled syslog-ng version 3.5.4.1 on Centos 6.5 32 bit for 4
> months, recently it dies very frequently, after I restart service it only
> work for some hours then die again. I have checked but still don't know
> why. Can anyone help me on this. Thank you.
> Below is log from my Centos box, I also attached my syslog-ng config file.
>
> [root at centos65-x86 ~]# syslog-ng -V
> syslog-ng 3.5.4.1
> Installer-Version: 3.5.4.1
> Revision: ssh+git://algernon@git.balabit
> /var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#4090ee62163780ae68a0c83cfdc23998c904fe97
> Compile-Date: Aug  6 2014 11:49:42
> Available-Modules:
> syslogformat,linux-kmsg-format,affile,csvparser,confgen,afamqp,system-source,afsql,dbparser,afstomp,afsocket,afsocket-notls,afmongodb,cryptofuncs,afprog,afuser,basicfuncs
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: off
> Enable-Pcre: off
>
> [root at centos65-x86 ~]# cat /etc/issue
> CentOS release 6.5 (Final)
> Kernel \r on an \m
>
> [root at centos65-x86 ~]# service syslog-ng status
> syslog-ng dead but subsys locked
> [root at centos65-x86 ~]#
> [root at centos65-x86 ~]#
> [root at centos65-x86 ~]# ll /var/lock/subsys/syslog-ng
> -rw------- 1 root root 0 Dec 31 15:06 /var/lock/subsys/syslog-ng
> [root at centos65-x86 ~]#
> [root at centos65-x86 ~]#
> [root at centos65-x86 ~]# ps -ef | grep syslog-ng
> root     15347 15312  0 09:23 pts/0    00:00:00 grep syslog-ng
>
> [root at centos65-x86 ~]# date
> Thu Jan  1 09:23:49 ICT 2015
> [root at centos65-x86 ~]# tail -1 /var/log/messages
> Dec 31 18:06:47 centos65-x86 syslog-ng[5457]: Log statistics;
> processed='src.internal(s_local#2)=18',
> stamp='src.internal(s_local#2)=1420023407',
> processed='source(s_network)=0', processed='source(s_local)=18',
> dropped='dst.sql(d_sql_syslog_temp_table#0,oracle,,,PTUD_SYSLOG,SLG_LOG_TEMP)=76155',
> stored='dst.sql(d_sql_syslog_temp_table#0,oracle,,,PTUD_SYSLOG,SLG_LOG_TEMP)=91',
> processed='src.none()=0', stamp='src.none()=0',
> processed='source(s_snmptrapd)=0',
> processed='global(payload_reallocs)=20575',
> processed='global(msg_clones)=0',
> processed='destination(d_sql_snmp_temp_table)=7697',
> processed='destination(d_sql_syslog_temp_table)=1420079',
> dropped='dst.sql(d_sql_snmp_temp_table#0,oracle,,,PTUD_SYSLOG,SLG_LOGS_SNMPTRAP_TEMP)=0',
> stored='dst.sql(d_sql_snmp_temp_table#0,oracle,,,PTUD_SYSLOG,SLG_LOGS_SNMPTRAP_TEMP)=0',
> processed='center(queued)=1435491', processed='destination(d_local)=18',
> processed='global(sdata_updates)=55857', processed='center(received)=18',
> processed='destination(d_snmptrap)=7697'
>
> [root at centos65-x86 ~]# sestatus
> SELinux status:                 disabled
>
> [root at centos65-x86 ~]# cat /etc/sysconfig/selinux
>
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #     enforcing - SELinux security policy is enforced.
> #     permissive - SELinux prints warnings instead of enforcing.
> #     disabled - No SELinux policy is loaded.
> SELINUX=disabled
> # SELINUXTYPE= can take one of these two values:
> #     targeted - Targeted processes are protected,
> #     mls - Multi Level Security protection.
> SELINUXTYPE=targeted
>
> [root at centos65-x86 ~]# service iptables status
> iptables: Firewall is not running.
>
>
> --
> Best regards!
> ------
> Nguyen Trung Hieu
> Mobile: +84904031032
>
> --
> This message has been scanned for viruses and dangerous content by
> Commerx Computer Systems Inc., and is believed to be clean.
> Click here to report this message as spam.
>
>
> --
> This message has been scanned by Commerx Computer Systems Inc. and is
> believed to be clean.
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150105/b40b1a8d/attachment.htm

More information about the syslog-ng mailing list