problem with syslog-ng hanging on saturday after working all week
Hi all, Need help. My syslog-ng is hanging on Saturdays. It is like the service just stops responding even though it is running. The system having the problem is just basically a syslog bridging/filtering server. I am using syslog-ng to accept syslog messages and filter for only what I need out of them, and then forwarding them on. It is basiclly setup like below: Webserver>>(udp 514)>syslog-ngfileterserver>>(udp1514)>Syslog Loghost Any help you could give to a newbie about debugging or find the issue would be great..Also any scripts to check the service and restart would be great to. Thanks Steven Meacham
Steven Meacham wrote:
Hi all,
Need help. My syslog-ng is hanging on Saturdays. It is like the service just stops responding even though it is running. The system having the problem is just basically a syslog bridging/filtering server. I am using syslog-ng to accept syslog messages and filter for only what I need out of them, and then forwarding them on. It is basiclly setup like below:
Webserver>>(udp 514)>syslog-ngfileterserver>>(udp1514)>Syslog Loghost
Any help you could give to a newbie about debugging or find the issue would be great..Also any scripts to check the service and restart would be great to.
Please give us details: the version number of syslog-ng, the configuration, the OS you are running syslog-ng on, and so... What specific tasks (like cronjobs) are running on saturdays? -- Sandor Geller wildy@balabit.hu
Sever is running Fedora core 5 with no patches. Syslog version 2.0 rc 1 +8092006. There are no cron jobs or any other scheduled software. Just syslog-ng and ssh, iptables. I am starting to think it is sometype of packet that is getting sent to the server from a windows server. This server is logging for an IIS webserver (actually about 12 servers). Seems to happen in the morning...but can not pinpoint a time. Server hardware Is a dual processor 3.06 intel and 1024mb ram on 73.gb scsi drivers and dual nic cards. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Sandor Geller Sent: Monday, September 18, 2006 1:30 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] problem with syslog-ng hanging on saturday afterworking all week Steven Meacham wrote:
Hi all,
Need help. My syslog-ng is hanging on Saturdays. It is like the service just stops responding even though it is running. The system having the problem is just basically a syslog bridging/filtering server. I am using syslog-ng to accept syslog messages and filter for only what I need out of them, and then forwarding them on. It is basiclly setup like below:
Webserver>>(udp 514)>syslog-ngfileterserver>>(udp1514)>Syslog Loghost
Any help you could give to a newbie about debugging or find the issue would be great..Also any scripts to check the service and restart would be great to.
Please give us details: the version number of syslog-ng, the configuration, the OS you are running syslog-ng on, and so... What specific tasks (like cronjobs) are running on saturdays? -- Sandor Geller wildy@balabit.hu _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Mon, 18 Sep 2006 12:36:51 CDT, Steven Meacham said:
Need help. My syslog-ng is hanging on Saturdays. It is like the service just stops responding even though it is running
I've seen similar oddness with other networking that had to go through a stateful firewall - worked fine as long as there was activity, but during long inactive sessions the firewall would time out the state entries and treat subsequent packets as "not part of a known connection". Does it keep working on Saturdays if you create a dummy program that just generates a throw-away log message once a minute? If so, then your system has an inactive timer that's going off and shooting things down. Oh yeah, and check for cronjobs running just before the last message when it stops running. If it rolls over and dies at 5:03AM every Saturday, it's time to check those 5AM cronjobs. ;)
On Mon, 2006-09-18 at 14:42 -0400, Valdis.Kletnieks@vt.edu wrote:
On Mon, 18 Sep 2006 12:36:51 CDT, Steven Meacham said:
Need help. My syslog-ng is hanging on Saturdays. It is like the service just stops responding even though it is running
I've seen similar oddness with other networking that had to go through a stateful firewall - worked fine as long as there was activity, but during long inactive sessions the firewall would time out the state entries and treat subsequent packets as "not part of a known connection". Does it keep working on Saturdays if you create a dummy program that just generates a throw-away log message once a minute? If so, then your system has an inactive timer that's going off and shooting things down.
Oh yeah, and check for cronjobs running just before the last message when it stops running. If it rolls over and dies at 5:03AM every Saturday, it's time to check those 5AM cronjobs. ;)
Also, you should check whether there are two programs reading /proc/kmsg in parallel, this is a known problem, the kernel does not support non-blocking I/O for /proc/kmsg and even though syslog-ng enables non-blocking I/O for its fds it still blocks. -- Bazsi
participants (4)
-
Balazs Scheidler
-
Sandor Geller
-
Steven Meacham
-
Valdis.Kletnieks@vt.edu