Hi, --On Wednesday, February 12, 2003 12:03:17 AM +0100 Roberto Nibali <ratz@drugphish.ch> wrote:
Is it reproducable without OWL? Only test it if you can easily do it, if it's a productive machine, I suspect the downtime is too big to do heuristic tests.
Sorry, can't do that.
Thought so, well, proc-fs output, netstat, lsof and strace will reveil the problem if it is connected with OWL. BTW could you list (if it's not too big) all the OWL features you've enabled in your running kernel? Not that I suspect it to really have an influence on syslog-ng but safe is safe ;).
CONFIG_HARDEN_STACK=y CONFIG_HARDEN_STACK_SMART=y CONFIG_HARDEN_LINK=y CONFIG_HARDEN_FIFO=y CONFIG_HARDEN_PROC=y CONFIG_HARDEN_FD_0_1_2=y CONFIG_HARDEN_RLIMIT_NPROC=y CONFIG_HARDEN_SHM=y
start() { echo -n $"Starting system logger: " daemon syslog-ng $SYSLOGD_OPTIONS -f /etc/syslog-ng.conf RETVAL=$? echo echo -n $"Starting kernel logger: " daemon klogd $KLOGD_OPTIONS echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog-ng return $RETVAL }
Fine, just uncomment the three lines concerning klogd, you should still get kernel messages.
Done, indeed.
<OT> Another thing: Whoever wrote that script part for start() should seriously reconsider reading a good shell book or the advance bash programming guide. </OT>
Sure? Didn't look very strange to me. Other initscripts look very similar.
Does this mean that starting klogd isn't required?
Not really. In the config snipped you posted before you had a file("/proc/kmsg") defined as a source in s_local. I just hope you've got a d_local where you write those messages into.
Had defined destination d_kern { file("/var/log/kernel-$YEAR$MONTH"); }; which catches still kernel messages - ok.
I would say no but I'm not sure here, I would also suspect it depends on the version of cron deployed on your machine.
vixie-cron-3.0.1-64
The I suppose it should stop logging. How about if you send a SIGHUP to the cron? pkill -HUP cron.
Won't help. Is this a bug in syslog-ng or crond? Not nice that on every syslog-ng restart crond has to be restarted, too (in case of "not knowing about this issue").
Does a lsof | grep crond help? I see only some libs, pipes and sockets.
Yes, maybe you should also send along the output of:
lsof -c cron -c syslog-ng
Here the crond-after-syslog-restart-no-longer-logging case: # lsof -c crond -c syslog-ng COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME crond 19875 root cwd DIR 3,3 4096 2 /var/spool crond 19875 root rtd DIR 3,1 4096 2 / crond 19875 root txt REG 3,1 23048 82976 /usr/sbin/crond crond 19875 root mem REG 3,1 89547 64281 /lib/ld-2.2.5.so crond 19875 root mem REG 3,1 25572 65003 /lib/libsafe.so.2.0.16 crond 19875 root mem REG 3,1 12102 65975 /lib/libdl-2.2.5.so crond 19875 root mem REG 3,1 45415 64493 /lib/libnss_files-2.2.5.so crond 19875 root mem REG 3,1 1533837 64419 /lib/libnss_ldap-2.2.5.so crond 19875 root mem REG 3,1 68925 64356 /lib/libresolv-2.2.5.so crond 19875 root mem REG 3,1 1402035 64275 /lib/i686/libc-2.2.5.so crond 19875 root 0u CHR 136,0 2 /dev/pts/0 crond 19875 root 1w FIFO 0,4 20072062 pipe crond 19875 root 2w FIFO 0,4 20072063 pipe crond 19875 root 3u REG 3,1 6 177220 /var/run/crond.pid crond 19875 root 4u unix 0xc6341a40 20072069 socket syslog-ng 20308 root cwd DIR 3,1 4096 2 / syslog-ng 20308 root rtd DIR 3,1 4096 2 / syslog-ng 20308 root txt REG 3,1 81576 64714 /sbin/syslog-ng syslog-ng 20308 root mem REG 3,1 89547 64281 /lib/ld-2.2.5.so syslog-ng 20308 root mem REG 3,1 25572 65003 /lib/libsafe.so.2.0.16 syslog-ng 20308 root mem REG 3,1 68925 64356 /lib/libresolv-2.2.5.so syslog-ng 20308 root mem REG 3,1 89424 64328 /lib/libnsl-2.2.5.so syslog-ng 20308 root mem REG 3,1 12102 65975 /lib/libdl-2.2.5.so syslog-ng 20308 root mem REG 3,1 1402035 64275 /lib/i686/libc-2.2.5.so syslog-ng 20308 root 0u CHR 1,3 33972 /dev/null syslog-ng 20308 root 1u CHR 1,3 33972 /dev/null syslog-ng 20308 root 2w FIFO 0,4 20077147 pipe syslog-ng 20308 root 3u unix 0xc072c0a0 20077154 /dev/log syslog-ng 20308 root 5u unix 0xc09daa80 20077156 /var/spool/postfix/dev/log syslog-ng 20308 root 6r REG 0,6 0 4114 /proc/kmsg syslog-ng 20308 root 7u IPv4 20077158 UDP ******:39269->************:syslog syslog-ng 20308 root 8u unix 0xc2372540 20077174 /dev/log syslog-ng 20308 root 9u unix 0xc09da580 20077188 /dev/log syslog-ng 20308 root 10w REG 3,8 255123 42 /var/log/bootlog syslog-ng 20308 root 11w REG 3,8 8134413 72 /var/log/maillog-200302 syslog-ng 20308 root 12u unix 0xc13975a0 20077203 /dev/log syslog-ng 20308 root 13u unix 0xc1988a40 20077223 /dev/log syslog-ng 20308 root 14u unix 0xc1f165c0 20077249 /dev/log syslog-ng 20308 root 15u unix 0xc53c6580 20077269 /dev/log syslog-ng 20308 root 16u unix 0xc525cac0 20077296 /var/spool/postfix/dev/log syslog-ng 20308 root 17u unix 0xc53a1a60 20077301 /dev/log syslog-ng 20308 root 18u unix 0xc525c0c0 20077645 /dev/log Hope this helps! Thank you very much, Peter -- Dr. Peter Bieringer http://www.bieringer.de/pb/ GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/