Hello! I use stable syslog-ng-1.6.7-1 on RH7.3. When at night the logrotate does a rotate and sends a signal HUP to syslog-ng it causet to syslog-ng stop write to all logfile (but write messages from kernel!). I know, that it is a old problem, but I not understand where is solution. When I attach to syslog-ng process by strace I see many poll([{fd=65, events=POLLIN},........ strings, but only kernel messages are ends on .... ], 103, 100) = 1 and write below. Please, help. -- Andy (ANDY-UANIC)
On Fri, 2005-04-15 at 13:14 +0300, Andy wrote:
Hello!
I use stable syslog-ng-1.6.7-1 on RH7.3.
When at night the logrotate does a rotate and sends a signal HUP to syslog-ng it causet to syslog-ng stop write to all logfile (but write messages from kernel!).
What do you mean on "syslog-ng" stops writing to all logfiles? It still runs, accepts messages but does not write them to the proper destination? Can you post a longer strace and maybe an lsof output of syslog-ng to see the problem? -- Bazsi
Hello Balazs Scheidler! On Fri, Apr 15, 2005 at 03:12:00PM +0200, Balazs Scheidler wrote:
On Fri, 2005-04-15 at 13:14 +0300, Andy wrote:
Hello!
I use stable syslog-ng-1.6.7-1 on RH7.3.
When at night the logrotate does a rotate and sends a signal HUP to syslog-ng it causet to syslog-ng stop write to all logfile (but write messages from kernel!).
What do you mean on "syslog-ng" stops writing to all logfiles? It still runs, accepts messages but does not write them to the proper destination?
yes. And I get this effect only if logfile rotate.
Can you post a longer strace and maybe an lsof output of syslog-ng to see the problem?
of course. do # echo test|logger -p daemon.debug -t test get /var/log/messages: Apr 15 16:58:06 vpn test: test do # mv /var/log/messages /var/log/messages.0 # echo test|logger -p daemon.debug -t test get /var/log/messages.0: Apr 15 17:00:53 vpn test: test OK. Daemon not know about logrotate. do # ps ax|grep syslog 13466 ? S 0:00 /sbin/syslog-ng # kill -HUP 13466 # echo test|logger -p daemon.debug -t test get /var/log/messages.0: nothing!!! get /var/log/messages: nothing too!!! in this time in strace I get: ......... poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9 fcntl64(0x9, 0x3, 0x50, 0x9) = 2 fcntl64(0x9, 0x4, 0x802, 0x9) = 0 fcntl64(0x9, 0x2, 0x1, 0x9) = 0 time(NULL) = 1113574143 poll([{fd=9, events=POLLIN, revents=POLLIN}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1 read(9, "<31>Apr 15 17:09:03 test: test\0", 2048) = 31 time(NULL) = 1113574143 time(NULL) = 1113574143 time(NULL) = 1113574143 poll([{fd=9, events=POLLIN}, {fd=7, events=0}, {fd=8, events=POLLOUT, revents=POLLOUT}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1 write(8, "Apr 15 17:09:03 vpn test: test\n", 31) = 31 time(NULL) = 1113574143 poll([{fd=9, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1 read(9, "", 2048) = 0 time(NULL) = 1113574143 poll([{fd=9, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1 time(NULL) = 1113574143 close(9) = 0 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 231000) = 1 read(3, "<7>PPP: VJ decompression error\n", 2048) = 31 time(NULL) = 1113574152 time(NULL) = 1113574152 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1 write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 222000) = 1 read(3, "<7>PPP: VJ decompression error\n", 2048) = 31 time(NULL) = 1113574152 time(NULL) = 1113574152 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1 write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1 read(3, "<7>PPP: VJ decompression error\n", 2048) = 31 time(NULL) = 1113574152 time(NULL) = 1113574152 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1 write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56 time(NULL) = 1113574152 poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0 poll( .............. and (I think it very strange!!!) only _kernel_ message are normally writted: ..... Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error ..... my syslog-ng.conf: =cut options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" sync(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_iptables { file("/var/log/iptables"); }; destination d_vpn { file("/var/log/vpn.log"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(kern) and not (match(OUT=) or match(PPP)) ; }; filter f_filter2 { level(debug) and not (facility(mail) or facility(authpriv) or facility(cron) or facility(local2) or match(OUT=) or match(PPP) ); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg) and not match(OUT=); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; filter f_filter9 { facility(kern) and match(OUT=); }; filter f_filter10 { facility(local2) or program(pppd) or program(pptpd) or ( facility(kern) and match(PPP) ); }; log { source(s_sys); filter(f_filter1); destination(d_mesg); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); }; log { source(s_sys); filter(f_filter9); destination(d_iptables); }; log { source(s_sys); filter(f_filter10); destination(d_vpn); }; =end
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Andy (ANDY-UANIC)
Hi, On Fri, 2005-04-15 at 17:36 +0300, Andy wrote:
On Fri, Apr 15, 2005 at 03:12:00PM +0200, Balazs Scheidler wrote:
On Fri, 2005-04-15 at 13:14 +0300, Andy wrote:
Can you post a longer strace and maybe an lsof output of syslog-ng to see the problem?
of course.
do # echo test|logger -p daemon.debug -t test
get /var/log/messages: Apr 15 16:58:06 vpn test: test
do # mv /var/log/messages /var/log/messages.0 # echo test|logger -p daemon.debug -t test
get /var/log/messages.0:
Apr 15 17:00:53 vpn test: test
OK. Daemon not know about logrotate.
do # ps ax|grep syslog 13466 ? S 0:00 /sbin/syslog-ng # kill -HUP 13466 # echo test|logger -p daemon.debug -t test
get /var/log/messages.0: nothing!!! get /var/log/messages: nothing too!!!
What is "get" in the commands quoted above? I assume it is the equivalent of cat, or maybe grep.
in this time in strace I get:
......... poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9
[snip[
..............
As I see your test message was written to fd 8 while all kernel messages are written to fd 6. You'll need to check out what those fds are in reality.
and (I think it very strange!!!) only _kernel_ message are normally writted:
.... Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error .....
my syslog-ng.conf:
=cut
options { sync (0);
[snip]
=end
I've tried running syslog-ng with your exact configuration and it continued to log fine. -- Bazsi
Hello Balazs Scheidler! On Sat, Apr 16, 2005 at 02:55:21PM +0200, Balazs Scheidler wrote:
Hi,
On Fri, 2005-04-15 at 17:36 +0300, Andy wrote:
get /var/log/messages.0: nothing!!! get /var/log/messages: nothing too!!!
What is "get" in the commands quoted above? I assume it is the equivalent of cat, or maybe grep.
yes. It's tail
in this time in strace I get:
......... poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9
[snip[
..............
As I see your test message was written to fd 8 while all kernel messages are written to fd 6. You'll need to check out what those fds are in reality.
May be you explain how I can do this?
and (I think it very strange!!!) only _kernel_ message are normally writted:
.... Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error .....
my syslog-ng.conf:
=cut
options { sync (0);
[snip]
=end
I've tried running syslog-ng with your exact configuration and it continued to log fine.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Andy (ANDY-UANIC)
On Fri, 2005-04-22 at 12:58 +0300, Andy wrote:
Hello Balazs Scheidler!
......... poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9 [snip[ ..............
As I see your test message was written to fd 8 while all kernel messages are written to fd 6. You'll need to check out what those fds are in reality.
May be you explain how I can do this?
lsof -p <syslog-ng-pid> -- Bazsi
Hello Balazs Scheidler! On Fri, Apr 22, 2005 at 01:55:44PM +0200, Balazs Scheidler wrote:
On Fri, 2005-04-22 at 12:58 +0300, Andy wrote:
Hello Balazs Scheidler!
......... poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9 [snip[ ..............
As I see your test message was written to fd 8 while all kernel messages are written to fd 6. You'll need to check out what those fds are in reality.
May be you explain how I can do this?
lsof -p <syslog-ng-pid>
Ok, it's my investigation: # echo test|logger -p local2.info -t logger During same time: strace -p <pid_of_syslog-ng>: ..... poll([{fd=56, events=POLLIN}, {fd=51, events=POLLIN}, {fd=43, events=POLLIN}, {fd=55, events=POLLIN}, {fd=54, events=POLLIN}, {fd=101, events=POLLIN}, {fd=100, events=POLLIN}, {fd=58, events=POLLIN}, {fd=57, events=POLLIN}, {fd=93, events=POLLIN}, {fd=108, events=POLLIN}, {fd=105, events=POLLIN}, {fd=104, events=POLLIN}, {fd=78, events=POLLIN}, {fd=77, events=POLLIN}, {fd=98, events=POLLIN}, {fd=33, events=POLLIN}, {fd=32, events=POLLIN}, {fd=94, events=POLLIN}, {fd=38, events=POLLIN}, {fd=23, events=POLLIN}, {fd=97, events=POLLIN}, {fd=63, events=POLLIN}, {fd=59, events=POLLIN}, {fd=50, events=POLLIN}, {fd=45, events=POLLIN}, {fd=17, events=POLLIN}, {fd=14, events=POLLIN}, {fd=109, events=0}, {fd=44, events=POLLIN}, {fd=92, events=POLLIN}, {fd=91, events=POLLIN}, {fd=60, events=POLLIN}, {fd=36, events=POLLIN}, {fd=107, events=POLLIN}, {fd=106, events=POLLIN}, {fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=29, events=POLLIN}, {fd=28, events=POLLIN}, {fd=15, events=POLLIN}, {fd=12, events=POLLIN}, {fd=27, events=POLLIN}, {fd=26, events=POLLIN}, {fd=10, events=POLLIN}, {fd=9, events=POLLIN}, {fd=11, events=POLLIN}, {fd=8, events=POLLIN}, {fd=103, events=POLLIN}, {fd=102, events=POLLIN}, {fd=99, events=0}, {fd=37, events=POLLIN}, {fd=31, events=POLLIN}, {fd=88, events=POLLIN}, {fd=69, events=POLLIN}, {fd=13, events=0}, {fd=22, events=0}, {fd=4, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=75, events=POLLIN}, {fd=70, events=POLLIN}, {fd=21, events=POLLIN}, {fd=16, events=POLLIN}, {fd=96, events=POLLIN}, {fd=95, events=POLLIN}, {fd=87, events=POLLIN}, {fd=76, events=POLLIN}, {fd=65, events=POLLIN}, {fd=64, events=POLLIN}, {fd=47, events=POLLIN}, {fd=46, events=POLLIN}, {fd=39, events=POLLIN}, {fd=74, events=POLLIN}, {fd=72, events=POLLIN}, {fd=71, events=POLLIN}, {fd=62, events=POLLIN}, {fd=61, events=POLLIN}, {fd=90, events=POLLIN}, {fd=89, events=POLLIN}, {fd=86, events=POLLIN}, {fd=85, events=POLLIN}, {fd=84, events=POLLIN}, {fd=83, events=POLLIN}, {fd=80, events=POLLIN}, {fd=79, events=POLLIN}, {fd=68, events=POLLIN}, {fd=67, events=POLLIN}, {fd=20, events=POLLIN}, {fd=19, events=POLLIN}, {fd=82, events=POLLIN}, {fd=81, events=POLLIN}, {fd=25, events=POLLIN}, {fd=24, events=POLLIN}, {fd=73, events=POLLIN}, {fd=66, events=POLLIN}, {fd=53, events=POLLIN}, {fd=52, events=POLLIN}, {fd=49, events=POLLIN}, {fd=48, events=POLLIN}, {fd=35, events=POLLIN}, {fd=34, events=POLLIN}, {fd=42, events=POLLIN}, {fd=41, events=POLLIN}, {fd=40, events=POLLIN}, {fd=30, events=POLLIN}, {fd=18, events=POLLIN}], 107, 147000) = 1 accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 110 fcntl64(0x6e, 0x3, 0x50, 0x6e) = 2 fcntl64(0x6e, 0x4, 0x802, 0x6e) = 0 fcntl64(0x6e, 0x2, 0x1, 0x6e) = 0 getpid() = 4464 time(NULL) = 1114441203 time(NULL) = 1114441203 poll([{fd=110, events=0, revents=POLLHUP}, {fd=56, events=POLLIN}, {fd=51, events=POLLIN}, {fd=43, events=POLLIN}, {fd=55, events=POLLIN}, {fd=54, events=POLLIN}, {fd=101, events=POLLIN}, {fd=100, events=POLLIN}, {fd=58, events=POLLIN}, {fd=57, events=POLLIN}, {fd=93, events=POLLIN}, {fd=108, events=POLLIN}, {fd=105, events=POLLIN}, {fd=104, events=POLLIN}, {fd=78, events=POLLIN}, {fd=77, events=POLLIN}, {fd=98, events=POLLIN}, {fd=33, events=POLLIN}, {fd=32, events=POLLIN}, {fd=94, events=POLLIN}, {fd=38, events=POLLIN}, {fd=23, events=POLLIN}, {fd=97, events=POLLIN}, {fd=63, events=POLLIN}, {fd=59, events=POLLIN}, {fd=50, events=POLLIN}, {fd=45, events=POLLIN}, {fd=17, events=POLLIN}, {fd=14, events=POLLIN}, {fd=109, events=0}, {fd=44, events=POLLIN}, {fd=92, events=POLLIN}, {fd=91, events=POLLIN}, {fd=60, events=POLLIN}, {fd=36, events=POLLIN}, {fd=107, events=POLLIN}, {fd=106, events=POLLIN}, {fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=29, events=POLLIN}, {fd=28, events=POLLIN}, {fd=15, events=POLLIN}, {fd=12, events=POLLIN}, {fd=27, events=POLLIN}, {fd=26, events=POLLIN}, {fd=10, events=POLLIN}, {fd=9, events=POLLIN}, {fd=11, events=POLLIN}, {fd=8, events=POLLIN}, {fd=103, events=POLLIN}, {fd=102, events=POLLIN}, {fd=99, events=0}, {fd=37, events=POLLIN}, {fd=31, events=POLLIN}, {fd=88, events=POLLIN}, {fd=69, events=POLLIN}, {fd=13, events=0}, {fd=22, events=0}, {fd=4, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=75, events=POLLIN}, {fd=70, events=POLLIN}, {fd=21, events=POLLIN}, {fd=16, events=POLLIN}, {fd=96, events=POLLIN}, {fd=95, events=POLLIN}, {fd=87, events=POLLIN}, {fd=76, events=POLLIN}, {fd=65, events=POLLIN}, {fd=64, events=POLLIN}, {fd=47, events=POLLIN}, {fd=46, events=POLLIN}, {fd=39, events=POLLIN}, {fd=74, events=POLLIN}, {fd=72, events=POLLIN}, {fd=71, events=POLLIN}, {fd=62, events=POLLIN}, {fd=61, events=POLLIN}, {fd=90, events=POLLIN}, {fd=89, events=POLLIN}, {fd=86, events=POLLIN}, {fd=85, events=POLLIN}, {fd=84, events=POLLIN}, {fd=83, events=POLLIN}, {fd=80, events=POLLIN}, {fd=79, events=POLLIN}, {fd=68, events=POLLIN}, {fd=67, events=POLLIN}, {fd=20, events=POLLIN}, {fd=19, events=POLLIN}, {fd=82, events=POLLIN}, {fd=81, events=POLLIN}, {fd=25, events=POLLIN}, {fd=24, events=POLLIN}, {fd=73, events=POLLIN}, {fd=66, events=POLLIN}, {fd=53, events=POLLIN}, {fd=52, events=POLLIN}, {fd=49, events=POLLIN}, {fd=48, events=POLLIN}, {fd=35, events=POLLIN}, {fd=34, events=POLLIN}, {fd=42, events=POLLIN}, {fd=41, events=POLLIN}, {fd=40, events=POLLIN}, {fd=30, events=POLLIN}, {fd=18, events=POLLIN}], 108, 100) = 1 time(NULL) = 1114441203 close(110) = 0 poll([{fd=56, events=POLLIN}, {fd=51, events=POLLIN}, {fd=43, events=POLLIN}, {fd=55, events=POLLIN}, {fd=54, events=POLLIN}, {fd=101, events=POLLIN}, {fd=100, events=POLLIN}, {fd=58, events=POLLIN}, {fd=57, events=POLLIN}, {fd=93, events=POLLIN}, {fd=108, events=POLLIN}, {fd=105, events=POLLIN}, {fd=104, events=POLLIN}, {fd=78, events=POLLIN}, {fd=77, events=POLLIN}, {fd=98, events=POLLIN}, {fd=33, events=POLLIN}, {fd=32, events=POLLIN}, {fd=94, events=POLLIN}, {fd=38, events=POLLIN}, {fd=23, events=POLLIN}, {fd=97, events=POLLIN}, {fd=63, events=POLLIN}, {fd=59, events=POLLIN}, {fd=50, events=POLLIN}, {fd=45, events=POLLIN}, {fd=17, events=POLLIN}, {fd=14, events=POLLIN}, {fd=109, events=0}, {fd=44, events=POLLIN}, {fd=92, events=POLLIN}, {fd=91, events=POLLIN}, {fd=60, events=POLLIN}, {fd=36, events=POLLIN}, {fd=107, events=POLLIN}, {fd=106, events=POLLIN}, {fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=29, events=POLLIN}, {fd=28, events=POLLIN}, {fd=15, events=POLLIN}, {fd=12, events=POLLIN}, {fd=27, events=POLLIN}, {fd=26, events=POLLIN}, {fd=10, events=POLLIN}, {fd=9, events=POLLIN}, {fd=11, events=POLLIN}, {fd=8, events=POLLIN}, {fd=103, events=POLLIN}, {fd=102, events=POLLIN}, {fd=99, events=0}, {fd=37, events=POLLIN}, {fd=31, events=POLLIN}, {fd=88, events=POLLIN}, {fd=69, events=POLLIN}, {fd=13, events=0}, {fd=22, events=0}, {fd=4, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=75, events=POLLIN}, {fd=70, events=POLLIN}, {fd=21, events=POLLIN}, {fd=16, events=POLLIN}, {fd=96, events=POLLIN}, {fd=95, events=POLLIN}, {fd=87, events=POLLIN}, {fd=76, events=POLLIN}, {fd=65, events=POLLIN}, {fd=64, events=POLLIN}, {fd=47, events=POLLIN}, {fd=46, events=POLLIN}, {fd=39, events=POLLIN}, {fd=74, events=POLLIN}, {fd=72, events=POLLIN}, {fd=71, events=POLLIN}, {fd=62, events=POLLIN}, {fd=61, events=POLLIN}, {fd=90, events=POLLIN}, {fd=89, events=POLLIN}, {fd=86, events=POLLIN}, {fd=85, events=POLLIN}, {fd=84, events=POLLIN}, {fd=83, events=POLLIN}, {fd=80, events=POLLIN}, {fd=79, events=POLLIN}, {fd=68, events=POLLIN}, {fd=67, events=POLLIN}, {fd=20, events=POLLIN}, {fd=19, events=POLLIN}, {fd=82, events=POLLIN}, {fd=81, events=POLLIN}, {fd=25, events=POLLIN}, {fd=24, events=POLLIN}, {fd=73, events=POLLIN}, {fd=66, events=POLLIN}, {fd=53, events=POLLIN}, {fd=52, events=POLLIN}, {fd=49, events=POLLIN}, {fd=48, events=POLLIN}, {fd=35, events=POLLIN}, {fd=34, events=POLLIN}, {fd=42, events=POLLIN}, {fd=41, events=POLLIN}, {fd=40, events=POLLIN}, {fd=30, events=POLLIN}, {fd=18, events=POLLIN}], 107, 100) = 0 poll( ..... # lsof -p <pid_of_syslog-ng>: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslog-ng 4464 root cwd DIR 3,7 4096 3254644 /home/andy syslog-ng 4464 root rtd DIR 3,3 4096 2 / syslog-ng 4464 root txt REG 3,3 111432 114039 /sbin/syslog-ng syslog-ng 4464 root mem REG 3,3 85420 16422 /lib/ld-2.2.5.so syslog-ng 4464 root mem REG 3,3 85262 16443 /lib/libnsl-2.2.5.so syslog-ng 4464 root mem REG 3,3 64733 17484 /lib/libresolv-2.2.5.so syslog-ng 4464 root mem REG 3,3 1344152 16435 /lib/libc-2.2.5.so syslog-ng 4464 root 0u CHR 1,3 69279 /dev/null syslog-ng 4464 root 1u CHR 1,3 69279 /dev/null syslog-ng 4464 root 2u CHR 1,3 69279 /dev/null syslog-ng 4464 root 3r REG 0,6 0 4110 /proc/kmsg syslog-ng 4464 root 4w REG 3,5 595 48927 /var/log/maillog syslog-ng 4464 root 5u unix 0xc6e963c0 301272 /dev/log syslog-ng 4464 root 6u unix 0xcc9c4800 348060 /dev/log syslog-ng 4464 root 7u unix 0xc30c80c0 348069 /dev/log syslog-ng 4464 root 8u unix 0xc243d500 329073 /dev/log syslog-ng 4464 root 9u unix 0xcc16db00 330663 /dev/log syslog-ng 4464 root 10u unix 0xc7229040 330672 /dev/log syslog-ng 4464 root 11u unix 0xc9b7f400 329082 /dev/log syslog-ng 4464 root 12u unix 0xc4d4d8c0 332938 /dev/log syslog-ng 4464 root 13w REG 3,5 136973 48951 /var/log/iptables syslog-ng 4464 root 14u unix 0xce603140 370254 /dev/log syslog-ng 4464 root 15u unix 0xce29e880 332947 /dev/log syslog-ng 4464 root 16u unix 0xc9a0d540 286964 /dev/log syslog-ng 4464 root 17u unix 0xc764a480 370263 /dev/log syslog-ng 4464 root 18u unix 0xcbdde140 32218 /dev/log syslog-ng 4464 root 19u unix 0xc8eff740 118382 /dev/log syslog-ng 4464 root 20u unix 0xc5756880 118391 /dev/log syslog-ng 4464 root 21u unix 0xc4311440 286973 /dev/log syslog-ng 4464 root 22w REG 3,5 1097825 48901 /var/log/vpn.log -> I waiting log message in vpn.log syslog-ng 4464 root 23u unix 0xc4fa9180 378812 /dev/log syslog-ng 4464 root 24u unix 0xc8bab800 58402 /dev/log syslog-ng 4464 root 25u unix 0xc90acb40 58411 /dev/log syslog-ng 4464 root 26u unix 0xc764a800 332105 /dev/log syslog-ng 4464 root 27u unix 0xc19d5080 332114 /dev/log syslog-ng 4464 root 28u unix 0xc6adc740 339999 /dev/log syslog-ng 4464 root 29u unix 0xcdecdc00 340008 /dev/log syslog-ng 4464 root 30u unix 0xc9e3d740 33937 /dev/log syslog-ng 4464 root 31u unix 0xc878db40 323653 /dev/log syslog-ng 4464 root 32u unix 0xcc5c7ac0 391279 /dev/log syslog-ng 4464 root 33u unix 0xcf193b00 391288 /dev/log syslog-ng 4464 root 34u unix 0xc243d880 37586 /dev/log syslog-ng 4464 root 35u unix 0xc4db9c40 37595 /dev/log syslog-ng 4464 root 36u unix 0xc628b540 357236 /dev/log syslog-ng 4464 root 37u unix 0xc3a1b180 323696 /dev/log syslog-ng 4464 root 38u unix 0xc382b440 378821 /dev/log syslog-ng 4464 root 39u unix 0xcfed6b00 187277 /dev/log syslog-ng 4464 root 40u unix 0xcdd51bc0 35201 /dev/log syslog-ng 4464 root 41u unix 0xcc1da740 35210 /dev/log syslog-ng 4464 root 42u unix 0xc74bbb00 35804 /dev/log syslog-ng 4464 root 43u unix 0xc30c8440 419599 /dev/log syslog-ng 4464 root 44u unix 0xc9225bc0 361515 /dev/log syslog-ng 4464 root 45u unix 0xc2162040 371790 /dev/log syslog-ng 4464 root 46u unix 0xcdecd500 241761 /dev/log syslog-ng 4464 root 47u unix 0xc9b7f780 241770 /dev/log syslog-ng 4464 root 48u unix 0xcd52bbc0 39447 /dev/log syslog-ng 4464 root 49u unix 0xc1683b40 39456 /dev/log syslog-ng 4464 root 50u unix 0xcb7b6c40 371799 /dev/log syslog-ng 4464 root 51u unix 0xc8b078c0 419608 /dev/log syslog-ng 4464 root 52u unix 0xc2536440 48708 /dev/log syslog-ng 4464 root 53u unix 0xc41de180 48717 /dev/log syslog-ng 4464 root 54u unix 0xc7edb740 419477 /dev/log syslog-ng 4464 root 55u unix 0xc628bc40 419486 /dev/log syslog-ng 4464 root 56u unix 0xcc40fc00 419833 /dev/log syslog-ng 4464 root 57u unix 0xc8eff3c0 413883 /dev/log syslog-ng 4464 root 58u unix 0xcb7b61c0 413893 /dev/log syslog-ng 4464 root 59u unix 0xcedce540 374898 /dev/log syslog-ng 4464 root 60u unix 0xc3120bc0 357256 /dev/log syslog-ng 4464 root 61u unix 0xc5bd7b80 130377 /dev/log syslog-ng 4464 root 62u unix 0xc9d3b840 130386 /dev/log syslog-ng 4464 root 63u unix 0xc5b5c440 374907 /dev/log syslog-ng 4464 root 64u unix 0xcccbe880 282284 /dev/log syslog-ng 4464 root 65u unix 0xc415f540 282293 /dev/log syslog-ng 4464 root 66u unix 0xc742a180 49614 /dev/log syslog-ng 4464 root 67u unix 0xcdd99180 118430 /dev/log syslog-ng 4464 root 68u unix 0xc27551c0 118439 /dev/log syslog-ng 4464 root 69u unix 0xc6e96040 319187 /dev/log syslog-ng 4464 root 70u unix 0xcbb6e3c0 291698 /dev/log syslog-ng 4464 root 71u unix 0xcbb6e740 150605 /dev/log syslog-ng 4464 root 72u unix 0xcd201780 150614 /dev/log syslog-ng 4464 root 73u unix 0xc2772800 49623 /dev/log syslog-ng 4464 root 74u unix 0xc8838400 157202 /dev/log syslog-ng 4464 root 75u unix 0xc5579180 291718 /dev/log syslog-ng 4464 root 76u unix 0xc2241100 282484 /dev/log syslog-ng 4464 root 77u unix 0xc21acc00 400967 /dev/log syslog-ng 4464 root 78u unix 0xcab19440 400976 /dev/log syslog-ng 4464 root 79u unix 0xcb9e1440 118473 /dev/log syslog-ng 4464 root 80u unix 0xc3b3c740 118477 /dev/log syslog-ng 4464 root 81u unix 0xcc3e51c0 116862 /dev/log syslog-ng 4464 root 82u unix 0xc9f20480 116871 /dev/log syslog-ng 4464 root 83u unix 0xc301f4c0 118486 /dev/log syslog-ng 4464 root 84u unix 0xc82023c0 118525 /dev/log syslog-ng 4464 root 85u unix 0xcb7b68c0 118602 /dev/log syslog-ng 4464 root 86u unix 0xc420c080 118611 /dev/log syslog-ng 4464 root 87u unix 0xcd724800 282503 /dev/log syslog-ng 4464 root 88u unix 0xc9048840 319196 /dev/log syslog-ng 4464 root 89u unix 0xc2ac4180 119473 /dev/log syslog-ng 4464 root 90u unix 0xc2ac4500 119492 /dev/log syslog-ng 4464 root 91u unix 0xc90ac0c0 359394 /dev/log syslog-ng 4464 root 92u unix 0xcdd99500 359403 /dev/log syslog-ng 4464 root 93u unix 0xc4570100 412155 /dev/log syslog-ng 4464 root 94u unix 0xc4efc7c0 389023 /dev/log syslog-ng 4464 root 95u unix 0xcc2c9800 284370 /dev/log syslog-ng 4464 root 96u unix 0xca039840 284379 /dev/log syslog-ng 4464 root 97u unix 0xc33e2c40 376050 /dev/log syslog-ng 4464 root 98u unix 0xc31204c0 392334 /dev/log syslog-ng 4464 root 99w REG 3,5 24726 48876 /var/log/secure syslog-ng 4464 root 100u unix 0xc33e2540 414097 /dev/log syslog-ng 4464 root 101u unix 0xc723b7c0 414221 /dev/log syslog-ng 4464 root 102u unix 0xc3b32480 324548 /dev/log syslog-ng 4464 root 103u unix 0xc5df6ac0 324557 /dev/log syslog-ng 4464 root 104u unix 0xce13e1c0 401526 /dev/log syslog-ng 4464 root 105u unix 0xcc22f4c0 401535 /dev/log syslog-ng 4464 root 106u unix 0xc1db7500 356457 /dev/log syslog-ng 4464 root 107u unix 0xc9597ac0 356466 /dev/log syslog-ng 4464 root 108u unix 0xc9443840 401703 /dev/log syslog-ng 4464 root 109w REG 3,5 387 49004 /var/log/messages syslog-ng.conf: options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; ...... destination d_vpn { file("/var/log/vpn.log"); }; ...... filter f_filter10 { facility(local2) or program(pppd) or program(pptpd) or ( facility(kern) and match(PPP) ); }; ...... log { source(s_sys); filter(f_filter10); destination(d_vpn); };
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Andy (ANDY-UANIC)
participants (2)
-
Andy
-
Balazs Scheidler