The problem seems to be related to filters. Here's what I found so far:<BR> <BR>1- The following filter causes syslog-ng to restart constantly:<BR>filter f_pix_filter { message("-6-30201[3-6]") or message("-6-30202[0-1]") or message("-6-305011") or message("-6-60900[1-2]") or message("-7-710007"); };<BR><BR>2- I tried using the following filter, which doesn't cause syslog-ng to fail, but doesn't match anything:<BR>filter f_pix_filter { match("-30201[3-6]|-30202[0-1]|-305011|-60900[1-2]|-710007" value("$MSG")); };<BR> <BR>3- The match() doesn't seem to work with any macro (by using value("$MACRO").<BR> <BR>4- The same filter as mentioned in #2 works without the "value" parameter, but causes syslog-ng to fail. I know it works partially because syslog-ng filters the messages correctly every time its restarted.<BR> <BR> <BR>Steve<BR><BR>----- Message d'origine -----<BR>De: "ILLES, Marton" <illes.marton@balabit.hu><BR>Date: Jeudi, 26 Mars 2009, 20:09<BR>Objet: Re: [syslog-ng] Constant syslog-ng startup message<BR>À: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><BR><BR>> On Fri, 2009-03-27 at 09:42 +1300, chris packham wrote:<BR>> > On Thu, 2009-03-26 at 15:56 -0400, srainville@videotron.ca wrote:<BR>> > > syslog-ng keeps logging the following message. I installed <BR>> it using<BR>> > > the HEAD RPM for Linux RHEL4. Is there a problem with the <BR>> startup, or<BR>> > > just a message that can be ignored?<BR>> > > <BR>> > > Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > > Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng <BR>> starting up;<BR>> > > version='3.0.1+binpkg4'<BR>> > <BR>> > That looks like either multiple instances of syslog-ng are <BR>> being started<BR>> > or its being stopped and started multiple times ('ps | grep <BR>> syslog-ng'<BR>> > should tell you which). <BR>> > <BR>> > Either way it's probably not good. At best its adding <BR>> unnecessary system<BR>> > load, at worst its losing messages.<BR>> > <BR>> > Does RHEL4 use upstart or some other special init system that <BR>> tries to<BR>> > keep things running if they exit? You may see this kind of <BR>> thing if<BR>> > there was an error in your config file which would cause <BR>> syslog-ng to<BR>> > exit only to be re-started by init.<BR>> > <BR>> <BR>> Maybe it is started than it dies and the superviser restarts it. <BR>> Can you<BR>> start it using strace?<BR>> <BR>> M<BR>> -- <BR>> Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D<BR>> <BR>> <BR>> ______________________________________________________________________________<BR>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR>> Documentation: <BR>> http://www.balabit.com/support/documentation/?product=syslog-ng<BR>> FAQ: http://www.campin.net/syslog-ng/faq.html<BR>>