Re: [syslog-ng] Constant syslog-ng startup message
On Thu, 2009-03-26 at 15:56 -0400, srainville@videotron.ca wrote:
syslog-ng keeps logging the following message. I installed it using the HEAD RPM for Linux RHEL4. Is there a problem with the startup, or just a message that can be ignored?
Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng starting up; version='3.0.1+binpkg4'
That looks like either multiple instances of syslog-ng are being started or its being stopped and started multiple times ('ps | grep syslog-ng' should tell you which). Either way it's probably not good. At best its adding unnecessary system load, at worst its losing messages. Does RHEL4 use upstart or some other special init system that tries to keep things running if they exit? You may see this kind of thing if there was an error in your config file which would cause syslog-ng to exit only to be re-started by init.
On Fri, 2009-03-27 at 09:42 +1300, chris packham wrote:
On Thu, 2009-03-26 at 15:56 -0400, srainville@videotron.ca wrote:
syslog-ng keeps logging the following message. I installed it using the HEAD RPM for Linux RHEL4. Is there a problem with the startup, or just a message that can be ignored?
Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng starting up; version='3.0.1+binpkg4'
That looks like either multiple instances of syslog-ng are being started or its being stopped and started multiple times ('ps | grep syslog-ng' should tell you which).
Either way it's probably not good. At best its adding unnecessary system load, at worst its losing messages.
Does RHEL4 use upstart or some other special init system that tries to keep things running if they exit? You may see this kind of thing if there was an error in your config file which would cause syslog-ng to exit only to be re-started by init.
Maybe it is started than it dies and the superviser restarts it. Can you start it using strace? M -- Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D
So it keeps restarting... Could you enable core and see if it dumps core? (--enable-core or ulimit -c unlimited) Also the configfile which restarts would be helpful to track down the problem. best, M On Fri, 2009-03-27 at 01:52 -0400, srainville@videotron.ca wrote:
The problem seems to be related to filters. Here's what I found so far:
1- The following filter causes syslog-ng to restart constantly: filter f_pix_filter { message("-6-30201[3-6]") or message("-6-30202[0-1]") or message("-6-305011") or message("-6-60900[1-2]") or message("-7-710007"); };
2- I tried using the following filter, which doesn't cause syslog-ng to fail, but doesn't match anything: filter f_pix_filter { match("-30201[3-6]|-30202[0-1]|-305011|-60900[1-2]|-710007" value("$MSG")); };
3- The match() doesn't seem to work with any macro (by using value("$MACRO").
4- The same filter as mentioned in #2 works without the "value" parameter, but causes syslog-ng to fail. I know it works partially because syslog-ng filters the messages correctly every time its restarted.
Steve
----- Message d'origine ----- De: "ILLES, Marton" <illes.marton@balabit.hu> Date: Jeudi, 26 Mars 2009, 20:09 Objet: Re: [syslog-ng] Constant syslog-ng startup message À: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
On Fri, 2009-03-27 at 09:42 +1300, chris packham wrote:
On Thu, 2009-03-26 at 15:56 -0400, srainville@videotron.ca wrote:
syslog-ng keeps logging the following message. I installed it using the HEAD RPM for Linux RHEL4. Is there a problem with the startup, or just a message that can be ignored?
Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng starting up; version='3.0.1+binpkg4' Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng starting up; version='3.0.1+binpkg4'
That looks like either multiple instances of syslog-ng are being started or its being stopped and started multiple times ('ps | grep syslog-ng' should tell you which).
Either way it's probably not good. At best its adding unnecessary system load, at worst its losing messages.
Does RHEL4 use upstart or some other special init system that tries to keep things running if they exit? You may see this kind of thing if there was an error in your config file which would cause syslog-ng to exit only to be re-started by init.
Maybe it is started than it dies and the superviser restarts it. Can you start it using strace?
M -- Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D
participants (3)
-
chris packham
-
ILLES, Marton
-
srainville@videotron.ca