[syslog-ng]Syslog-ng and Minilogd

Brian E. Seppanen seppy@chartermi.net
Mon, 5 Mar 2001 15:23:46 -0500 (EST) 

Hello:

I'm running syslog-ng on a redhat-7.0 box.  I have a monitoring script
that checks to insure that syslog-ng is running.

The script greps the process listing for the pid listed in the pid file.
If it's not found its not running, and its restarted.  Now I'm not sure if
my script is crap or whether I have another problem, because it seems that
syslog-ng is getting restarted quite a bit.  I'd say probably every other
day.

What I've noticed is that after syslog-ng restarts minilogd (which is I
believe redhat specific)is also running and I believe there is contention
for /dev/log.  Minilogd apparently is used during the redhat boot process
and logs stuff, before syslog starts and then hands  off to syslog once it
starts.  This issue is occurring well after boot.   Has anyone seen this
issue as well?

Below is my monitoring script.  Perhaps there is an error there that is
reporting a false positive?  Anyone know of a better way to monitor a
process to insure its running.  snmptraps?  ?  I get no real indication of
any sort of problem.

Any insight appreciated.

#!/usr/bin/perl -w
use MIME::Entity;

my $pid=`cat /var/run/syslog-ng.pid`;
chomp $pid;
my $check = `ps -eo pid,command| grep '$pid' | grep -v grep`;
if ($check ne "") {
   #print "OK - check = $check";
   exit 0;
} else {
   my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime(time);
   $year %= 100;
   my $errortime =
sprintf("%02d:%02d:%02d-%02d/%02d/%02d",$hour,$min,$sec,$mon+1,$mday,$year);
   #print "NOT OK - check = $check";
   system "/etc/rc.d/init.d/syslog-ng start";
   $minilogd = `ps -eo pid,command | grep minilogd | grep -v grep`;
   $page = "Syslog Error at $errortime";
   $top = MIME::Entity->build(Type      =>"multipart/mixed",
                              From      =>"admin",
                              To        =>"pager\@localhost");
   $top->attach(Data=>$page);
   $message="\n

   There is a problem with syslog-ng at $errortime, it's last known
   whereabouts were $pid.

   Syslog has been restarted.
   ";
   $top->attach(Data=>$message);
   open (MAIL, "| /usr/sbin/sendmail -t");
   $top->print(\*MAIL);
   close MAIL;

   exit 0;
}


Brian Seppanen
Charter Communications
Regional Data Center				906-228-4226 ext 23
Marquette, MI					seppy@chartermi.net