On Wed, 2009-08-05 at 16:56 +0200, Sandor Geller wrote:
Hi,
On Wed, Aug 5, 2009 at 3:48 PM, Markus Stalder<ms2@lightupnet.de> wrote:
Hello list,
my first post to the list, so hello everybody! :-) I'm on Ubuntu 8.04.2 amd64 and trying to upgrade from syslog-ng 2.0.9-1ubuntu1 to syslog-ng 3.0.3. I've both tried the on balabit.com provided amd64 .deb package and also created an own amd64 .deb with the default settings in /debian using dpkg buildpackage.
I have the following two sources in my config:
source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
source src { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
You're referencing exactly the same sources (like /dev/log, /proc/kmsg)? This config is horribly broken. I can't imagine how was syslog-ng 2.0.9 working with such a config. You should eliminate all duplicated sources. You can add as many log {} sections using the same source definition as you wish.
the configuration is indeed broken, you basically tell syslog-ng to open /dev/log _twice_, what's worse: in a different mode (stream vs. dgram). Also the linux kernel does not like when there are multiple /proc/kmsg readers, syslog-ng might deadlock in this scenario. I'm not sure syslog-ng hangs or simply the applications trying to send messages cease to do so, you could find that out using strace (either the application or syslog-ng, or both) -- Bazsi