syslog-ng 1.4.x troubles

31 Jul 2002

      Please CC me, I'm not subscribed to the list.

I have a very annoying problem with 1.4.x (not tried 1.5.x).
I run syslog-ng on several boxes from a long time. All these boxes are debian potato or woody. syslog-ng 1.4.x compiled by hand.
Here is the pb :
Sometimes, syslog-ng stops logging. When this happens, some of the services running on the box stop working.
If I issue a netstat on the box, here is what I got :

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  0      [ ACC ]     STREAM     LISTENING     115    /tmp/mysql.sock
unix  0      [ ACC ]     STREAM     LISTENING     57     /dev/log
unix  1      [ ]         STREAM     CONNECTED     128    @0000000b
unix  1      [ ]         STREAM     CONNECTED     228    @0000000f
unix  1      [ ]         STREAM     CONNECTED     176    @0000000e
unix  1      [ ]         STREAM     CONNECTED     60     @00000001
unix  1      [ ]         STREAM     CONNECTED     78     @00000004
unix  1      [ ]         STREAM     CONNECTED     87     @00000005
unix  1      [ ]         STREAM     CONNECTED     92     @00000007
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  0      [ ]         STREAM     CONNECTING    0      /dev/log
unix  1      [ ]         STREAM     CONNECTED     62     /dev/log

As you can see, lots of /dev/log sock in the "CONNECTING" state. Sometimes, I have 100 like this ;o)
Processes like stunnel then refuse to work.
I have to kill -9 syslog-ng and then restart it.
For some boxes I have to do that manually each time I boot the box.
Any clue?

Here is, for one of my boxes, its syslog-ng.conf.

# syslog-ng configuration file.

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source s_sys { unix-stream ("/dev/log" max-connections(210));  internal(); file("/proc/kmsg"); };
destination authlog { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/authlog"); };
destination daemon { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/daemon"); };
destination kern { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/kernel"); };
destination maillog { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/maillog"); };
destination messages { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/messages"); };
destination secure { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/secure"); };
destination wtmp { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/wtmp"); };
destination cron { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/cron"); };
destination ftp { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/ftp"); };
destination errors { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/errors"); usertty("root"); };
destination alert { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/alert"); usertty("root"); };
destination notice { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/notice"); };
destination emergency { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/emergency"); usertty(*); };

filter f_kern  { facility(kern); };
filter f_syslog  { facility(syslog); };
filter f_user  { facility(user); };
filter f_auth  { facility(auth); };
filter f_authpriv  { facility(authpriv); };
filter f_cron  { facility(cron); };
filter f_daemon  { facility(daemon); };
filter f_xferlog  { facility(ftp); };
filter f_lpr  { facility(lpr); };
filter f_mail  { facility(mail); };
filter f_kernel  { facility(kern); };

filter f_debug { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_alert { level(alert); };
filter f_emerg { level(emerg); };
filter f_err { level(err); };

#log { source(s_sys); destination(d_amethyste_file); };

log { source(s_sys); filter(f_kern); filter(f_debug); destination(messages); };
log { source(s_sys); filter(f_user); filter(f_info); destination(messages); };
log { source(s_sys); filter(f_syslog); filter(f_info); destination(messages); };
log { source(s_sys); filter(f_auth); filter(f_info); destination(authlog);  };
log { source(s_sys); filter(f_authpriv); filter(f_debug); destination(secure);  };
log { source(s_sys); filter(f_cron); filter(f_info); destination(cron);  };
log { source(s_sys); filter(f_daemon); filter(f_info); destination(daemon);  };
log { source(s_sys); filter(f_xferlog); filter(f_info); destination(ftp);  };
log { source(s_sys); filter(f_mail); filter(f_info); destination(maillog);  };
log { source(s_sys); filter(f_kern); destination(kern);  };
log { source(s_sys); filter(f_err); destination(errors); };
log { source(s_sys); filter(f_alert); destination(alert);  };
log { source(s_sys); filter(f_notice); destination(notice);  };
log { source(s_sys); filter(f_auth); filter(f_debug); destination(alert);  };
log { source(s_sys); filter(f_emerg); destination(emergency); };

Cheers,
a2k

archi2k＠altern.org

tags

participants (1)