/dev/log causing system to hang?
We deploy syslog-ng-1.6.2-1, the (non-destination) configuration is: -------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; -------- One of our support people reported: -------- 1. "EPROTOTYPE (Protocol wrong type for socket) ... pointing to /dev/log ... /dev/log is a socket 2. List all the socket on the sever .... via netstat ... found lot of socket still waiting to get connected .. indicating .. it couldnot establish new connection ... hence it ruled out the authentication issue 3. Tried to find out what was blocking the socket /dev/log .... found that syslog-ng was the culprit ... i had bounced syslog-ng and we were good thereafter -------- cat /proc/version gives: -------- Linux version 2.4.21-47.0.1.ELsmp (brewbuilder@hs20-bc2-2.build.redhat.com) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-56)) #1 SMP Fri Oct 13 17:56:20 EDT 2006 -------- That's all I've got so far. Any suggestions on next step? Thanks ... Bill
We deploy syslog-ng-1.6.2-1, the (non-destination) configuration is:
Way too old. I recommend upgrading to 2.0.4
-------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: "));
This is wrong. Use file() instead of pipe(), and stop klogd before starting syslog-ng
unix-stream ("/dev/log");
Either raise max_connections() for unix-stream or switch to using unix_dgram
internal(); }; --------
One of our support people reported:
-------- 1. "EPROTOTYPE (Protocol wrong type for socket) ... pointing to /dev/log ... /dev/log is a socket
You should change /dev/log to unix_dgram instead of unix_stream
2. List all the socket on the sever .... via netstat ... found lot of socket still waiting to get connected .. indicating .. it couldnot establish new connection ... hence it ruled out the authentication issue
Either raise max_connections or switch to unix-dgram. syslog-ng logs when it refuses socket connections
3. Tried to find out what was blocking the socket /dev/log .... found that syslog-ng was the culprit ... i had bounced syslog-ng and we were good thereafter --------
Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
participants (2)
-
Bill Horn
-
Geller, Sandor (IT)