Hi, I have here a big problem on one of my machine and it looks like that it is caused by syslog-ng. It has similar problems like already written here: http://lists.balabit.hu/pipermail/syslog-ng/2003-January/004432.html Machine: Red Hat Linux 7.3 with all updates Running kernel: currently 2.4.18-18.7.x extended with Openwall patch 128 MByte memory syslog-ng: 1.5.26 (but also happen with latest 1.4.x) pam is using a local running LDAP server.
From time to time (let say distance 2-3 weeks or even 8 hours) syslog suddenly stops logging like this evening:
Feb 11 19:10:44 gromit syslog-ng[17700]: STATS: dropped 0 Feb 11 19:20:44 gromit syslog-ng[17700]: STATS: dropped 0 Feb 11 19:30:45 gromit syslog-ng[17700]: STATS: dropped 0 <-- Feb 11 20:00:47 gromit syslog-ng[6771]: syslog-ng version 1.5.26 starting Feb 11 20:00:48 gromit syslog-ng: syslog-ng startup succeeded Feb 11 20:00:48 gromit syslog-ng: klogd startup succeeded Feb 11 20:00:53 gromit ldap: slapd startup succeeded I've detected this about 20 min later with following reproducable: System load increases over 1 (normally, machine has no load) "ps -ax" hangs after displaying some processes, "top" will sometimes start, sometimes hang Last times I saw also some CROND entries by "ps -ax", one with stat "D". syslog-ng configuration is nothing special, destinations are files (divided by yyyymm), sources are source s_local { internal(); unix-stream("/dev/log" keep-alive(yes) max-connections(100)); unix-stream("/var/spool/postfix/dev/log" keep-alive(yes) max-connections(100)); file("/proc/kmsg"); }; options { use_dns(no); use_fqdn(no); use_time_recvd(no); chain_hostnames(no); mark(0); sync(0); }; Last week I've disabled postfix's LDAP usage completly to check whether it's a LDAP problem here. In former cases (postfix with LDAP lookups) postfix will hang completly, a TCP connects, but no HELO string was displayed. So the big question: 1) is this a syslog-ng related problem? 2) is this a LDAP problem? I've already increased threads. I don't believe it's a DNS problem because on machine itself a caching DNS server is running. One note: machine is IPv6 enabled. I hope someone could point me to some solutions or proper debugging methods. Machine is semiproductive since end of September (with syslog-ng), but since the beginning such troubles occur. BTW: is this ok, that if syslog-ng restarts, crond don't log anymore until restarted? Thank you very very much, Peter -- Dr. Peter Bieringer http://www.bieringer.de/pb/ GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/