On Fri, 2011-03-11 at 19:28 +0100, Len Conrad wrote:
uname -a FreeBSD 7.0-RELEASE
syslog-ng --version syslog-ng 2.0.10
change date on syslog-ng.conf is "Apr 20 2009"
been running untouched for at least that long.
about 00:20 today Friday, all syslogging to syslog-ng stopped.
chkrootkit shows nothing wrong
stop syslog-ng
then pkg_delete, and then
cd /usr/ports/sysutils/syslog-ng2
make && make install
start it,
no change
I rebooted the syslog server. no change
trafshow -i bce0 -n
then filter 514
shows 100KBs arriving from our syslog clients.
df shows plenty of disk space for /var
suggestions?
Well, it seems generic troubleshooting task. Check, that: 1) netstat shows syslog-ng is listening 2) check that your pf rules don't drop this traffic 3) check that syslog-ng is actually receiving the traffic (using truss or ktrace) If the above confirms that syslog-ng is indeed receiving messages and then not doing anything with them, that might be a sign of syslog-ng trouble. -- Bazsi