The problem seems to be related to filters. Here's what I found so far:
1- The following filter causes syslog-ng to restart constantly:
filter f_pix_filter { message("-6-30201[3-6]") or message("-6-30202[0-1]") or message("-6-305011") or message("-6-60900[1-2]") or message("-7-710007"); };
2- I tried using the following filter, which doesn't cause syslog-ng to fail, but doesn't match anything:
filter f_pix_filter { match("-30201[3-6]|-30202[0-1]|-305011|-60900[1-2]|-710007" value("$MSG")); };
3- The match() doesn't seem to work with any macro (by using value("$MACRO").
4- The same filter as mentioned in #2 works without the "value" parameter, but causes syslog-ng to fail. I know it works partially because syslog-ng filters the messages correctly every time its restarted.
Steve
----- Message d'origine -----
De: "ILLES, Marton" <illes.marton@balabit.hu>
Date: Jeudi, 26 Mars 2009, 20:09
Objet: Re: [syslog-ng] Constant syslog-ng startup message
À: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
> On Fri, 2009-03-27 at 09:42 +1300, chris packham wrote:
> > On Thu, 2009-03-26 at 15:56 -0400, srainville@videotron.ca wrote:
> > > syslog-ng keeps logging the following message. I installed
> it using
> > > the HEAD RPM for Linux RHEL4. Is there a problem with the
> startup, or
> > > just a message that can be ignored?
> > >
> > > Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> > > Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng
> starting up;
> > > version='3.0.1+binpkg4'
> >
> > That looks like either multiple instances of syslog-ng are
> being started
> > or its being stopped and started multiple times ('ps | grep
> syslog-ng'
> > should tell you which).
> >
> > Either way it's probably not good. At best its adding
> unnecessary system
> > load, at worst its losing messages.
> >
> > Does RHEL4 use upstart or some other special init system that
> tries to
> > keep things running if they exit? You may see this kind of
> thing if
> > there was an error in your config file which would cause
> syslog-ng to
> > exit only to be re-started by init.
> >
>
> Maybe it is started than it dies and the superviser restarts it.
> Can you
> start it using strace?
>
> M
> --
> Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>