Hi I've ran into serious problems yesterday with my Debian server and finally was able to nail down the problem to syslog-ng and/or the logging subsystem (or whatever it is called). I first noticed troubles after I did a apt-get install, which hang while installing ssl-cert due to a failure to create a group (connected to the symptoms mentioned below). Symptoms: - a growing number of unterminated /USR/SBIN/CRON processes (strace: "connect(7, {sa_family=AF_FILE, path="/dev/log"}, 16") - unable to 'su <user>' (Ctrl-C to return to shell) - unable to establish a ssh connection (terminal hangs after entering password, sshd <defunct> in processes) - unable to login physically at the server itself ("You have new mail", but no command line, Ctrl-C to return to the login screen) - when logged in prior the failures, either 'shutdown' nor 'reboot' have any effect (system must be shut down by /etc/init.d/reboot stop) - no new entries in /var/log/cron.log or /var/log/syslog Temporary Cure: - reboot and prevent syslog-ng from starting at boot Sidenotes: - All other services work as expected I've got to know Linux in recent years, but it seems I'm not capable of solving such a difficult issue by myself. Do you have any suggestions? Thank you very much! Kind regards Mario -- Mario Aeby Stritenstrasse 47 CH-3176 Neuenegg Mobile 078 690 50 11 Fax 031 741 28 93 http://www.eMeidi.com/
Mario Aeby wrote:
Hi
I've ran into serious problems yesterday with my Debian server and finally was able to nail down the problem to syslog-ng and/or the logging subsystem (or whatever it is called). I first noticed troubles after I did a apt-get install, which hang while installing ssl-cert due to a failure to create a group (connected to the symptoms mentioned below).
Symptoms: - a growing number of unterminated /USR/SBIN/CRON processes (strace: "connect(7, {sa_family=AF_FILE, path="/dev/log"}, 16") - unable to 'su <user>' (Ctrl-C to return to shell) - unable to establish a ssh connection (terminal hangs after entering password, sshd <defunct> in processes) - unable to login physically at the server itself ("You have new mail", but no command line, Ctrl-C to return to the login screen) - when logged in prior the failures, either 'shutdown' nor 'reboot' have any effect (system must be shut down by /etc/init.d/reboot stop) - no new entries in /var/log/cron.log or /var/log/syslog
Temporary Cure: - reboot and prevent syslog-ng from starting at boot
Sidenotes: - All other services work as expected
I've got to know Linux in recent years, but it seems I'm not capable of solving such a difficult issue by myself. Do you have any suggestions?
Thank you very much! Kind regards Mario
Hi Mario, Thanks for your report. I haven't seen this issue in the Debian BTS, so please give more details: 1. which syslog-ng package are you using 2. if it isn't confidental what looks your configuration like Regards, -- Sandor Geller wildy@balabit.hu
On Wed, 2006-05-17 at 16:33 +0200, Mario Aeby wrote:
Hi
I've ran into serious problems yesterday with my Debian server and finally was able to nail down the problem to syslog-ng and/or the logging subsystem (or whatever it is called). I first noticed troubles after I did a apt-get install, which hang while installing ssl-cert due to a failure to create a group (connected to the symptoms mentioned below).
Symptoms: - a growing number of unterminated /USR/SBIN/CRON processes (strace: "connect(7, {sa_family=AF_FILE, path="/dev/log"}, 16") - unable to 'su <user>' (Ctrl-C to return to shell) - unable to establish a ssh connection (terminal hangs after entering password, sshd <defunct> in processes) - unable to login physically at the server itself ("You have new mail", but no command line, Ctrl-C to return to the login screen) - when logged in prior the failures, either 'shutdown' nor 'reboot' have any effect (system must be shut down by /etc/init.d/reboot stop) - no new entries in /var/log/cron.log or /var/log/syslog
Syslog-ng is probably blocking on something, prominent cause reading /proc/kmsg from multiple processes (multiple syslog-ng or klogd and syslog-ng) _OR_ using 1.6.10 which was broken in this regard. -- Bazsi
participants (3)
-
Balazs Scheidler
-
Mario Aeby
-
Sandor Geller