3.0.3: Accessing unix-dgram source appears to break all logging
Hello list, my first post to the list, so hello everybody! :-) I'm on Ubuntu 8.04.2 amd64 and trying to upgrade from syslog-ng 2.0.9-1ubuntu1 to syslog-ng 3.0.3. I've both tried the on balabit.com provided amd64 .deb package and also created an own amd64 .deb with the default settings in /debian using dpkg buildpackage. I have the following two sources in my config: source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); }; source src { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); }; Logging works just fine with the s_all source. However, as soon as I access the src source, by, for example destination temp_logfile { fifo("/tmp/.tivoli/.logfile."); }; log { source(src); destination(temp_logfile); }; all logging will cease. Meaning, other than Aug 5 15:04:23 server syslog-ng[17505]: syslog-ng starting up; version='3.0.3' I'm not getting *anything* in my logs after restarting syslog-ng. If I then comment destination temp_logfile ... again and restart syslog-ng, logging works again. The exact same config has worked just fine with 2.0.9-1ubuntu1. Any idea what could be wrong here? Thanks a lot! Best regards Markus
But who and what is reading the fifo /tmp/.tivoli/.logfile. in your configuration? Opening a fifo for write will hang until someone else opens it for read, that's how named pipes work... -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Markus Stalder Sent: 05 August 2009 14:48 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] 3.0.3: Accessing unix-dgram source appears to break all logging Hello list, my first post to the list, so hello everybody! :-) I'm on Ubuntu 8.04.2 amd64 and trying to upgrade from syslog-ng 2.0.9-1ubuntu1 to syslog-ng 3.0.3. I've both tried the on balabit.com provided amd64 .deb package and also created an own amd64 .deb with the default settings in /debian using dpkg buildpackage. I have the following two sources in my config: source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); }; source src { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); }; Logging works just fine with the s_all source. However, as soon as I access the src source, by, for example destination temp_logfile { fifo("/tmp/.tivoli/.logfile."); }; log { source(src); destination(temp_logfile); }; all logging will cease. Meaning, other than Aug 5 15:04:23 server syslog-ng[17505]: syslog-ng starting up; version='3.0.3' I'm not getting *anything* in my logs after restarting syslog-ng. If I then comment destination temp_logfile ... again and restart syslog-ng, logging works again. The exact same config has worked just fine with 2.0.9-1ubuntu1. Any idea what could be wrong here? Thanks a lot! Best regards Markus ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, On Wed, Aug 5, 2009 at 3:48 PM, Markus Stalder<ms2@lightupnet.de> wrote:
Hello list,
my first post to the list, so hello everybody! :-) I'm on Ubuntu 8.04.2 amd64 and trying to upgrade from syslog-ng 2.0.9-1ubuntu1 to syslog-ng 3.0.3. I've both tried the on balabit.com provided amd64 .deb package and also created an own amd64 .deb with the default settings in /debian using dpkg buildpackage.
I have the following two sources in my config:
source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
source src { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
You're referencing exactly the same sources (like /dev/log, /proc/kmsg)? This config is horribly broken. I can't imagine how was syslog-ng 2.0.9 working with such a config. You should eliminate all duplicated sources. You can add as many log {} sections using the same source definition as you wish. Regards, Sandor
On Wed, 2009-08-05 at 16:56 +0200, Sandor Geller wrote:
Hi,
On Wed, Aug 5, 2009 at 3:48 PM, Markus Stalder<ms2@lightupnet.de> wrote:
Hello list,
my first post to the list, so hello everybody! :-) I'm on Ubuntu 8.04.2 amd64 and trying to upgrade from syslog-ng 2.0.9-1ubuntu1 to syslog-ng 3.0.3. I've both tried the on balabit.com provided amd64 .deb package and also created an own amd64 .deb with the default settings in /debian using dpkg buildpackage.
I have the following two sources in my config:
source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
source src { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
You're referencing exactly the same sources (like /dev/log, /proc/kmsg)? This config is horribly broken. I can't imagine how was syslog-ng 2.0.9 working with such a config. You should eliminate all duplicated sources. You can add as many log {} sections using the same source definition as you wish.
the configuration is indeed broken, you basically tell syslog-ng to open /dev/log _twice_, what's worse: in a different mode (stream vs. dgram). Also the linux kernel does not like when there are multiple /proc/kmsg readers, syslog-ng might deadlock in this scenario. I'm not sure syslog-ng hangs or simply the applications trying to send messages cease to do so, you could find that out using strace (either the application or syslog-ng, or both) -- Bazsi
On Wed, 2009-08-05 at 16:56 +0200, Sandor Geller wrote:
You're referencing exactly the same sources (like /dev/log, /proc/kmsg)? This config is horribly broken. I can't imagine how was syslog-ng 2.0.9 working with such a config. You should eliminate all duplicated sources. You can add as many log {} sections using the same source definition as you wish.
the configuration is indeed broken, you basically tell syslog-ng to open /dev/log _twice_, what's worse: in a different mode (stream vs. dgram). Also the linux kernel does not like when there are multiple /proc/kmsg readers, syslog-ng might deadlock in this scenario.
I'm not sure syslog-ng hangs or simply the applications trying to send messages cease to do so, you could find that out using strace (either the application or syslog-ng, or both)
Thanks guys, that was the feedback I was hoping for! I'll remove the unix-dgram source then... Regards, Markus
participants (4)
-
Balazs Scheidler
-
Fegan, Joe
-
Markus Stalder
-
Sandor Geller