uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is "Apr 20 2009" been running untouched for at least that long. about 00:20 today Friday, all syslogging to syslog-ng stopped. chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make && make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 shows 100KBs arriving from our syslog clients. df shows plenty of disk space for /var suggestions? Len
On Fri, 2011-03-11 at 19:28 +0100, Len Conrad wrote:
uname -a FreeBSD 7.0-RELEASE
syslog-ng --version syslog-ng 2.0.10
change date on syslog-ng.conf is "Apr 20 2009"
been running untouched for at least that long.
about 00:20 today Friday, all syslogging to syslog-ng stopped.
chkrootkit shows nothing wrong
stop syslog-ng
then pkg_delete, and then
cd /usr/ports/sysutils/syslog-ng2
make && make install
start it,
no change
I rebooted the syslog server. no change
trafshow -i bce0 -n
then filter 514
shows 100KBs arriving from our syslog clients.
df shows plenty of disk space for /var
suggestions?
Well, it seems generic troubleshooting task. Check, that: 1) netstat shows syslog-ng is listening 2) check that your pf rules don't drop this traffic 3) check that syslog-ng is actually receiving the traffic (using truss or ktrace) If the above confirms that syslog-ng is indeed receiving messages and then not doing anything with them, that might be a sign of syslog-ng trouble. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Len Conrad