[syslog-ng]Syslog-ng and Minilogd

John_Delisle@ceridian.ca John_Delisle@ceridian.ca
Mon, 5 Mar 2001 14:24:05 -0600


It could be killed by logrotate, check /etc/logrotate.d. It gzips logs, and
restarts daemons.

John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909


                                                                                                                            
                    "Brian E. Seppanen"                                                                                     
                    <seppy@chartermi.net>         To:     <syslog-ng@lists.balabit.hu>                                      
                    Sent by:                      cc:                                                                       
                    syslog-ng-admin@lists.        Subject:     [syslog-ng]Syslog-ng and Minilogd                            
                    balabit.hu                                                                                              
                                                                                                                            
                                                                                                                            
                    2001/03/05 02:23 PM                                                                                     
                    Please respond to                                                                                       
                    syslog-ng                                                                                               
                                                                                                                            
                                                                                                                            




Hello:

I'm running syslog-ng on a redhat-7.0 box.  I have a monitoring script
that checks to insure that syslog-ng is running.

The script greps the process listing for the pid listed in the pid file.
If it's not found its not running, and its restarted.  Now I'm not sure if
my script is crap or whether I have another problem, because it seems that
syslog-ng is getting restarted quite a bit.  I'd say probably every other
day.

What I've noticed is that after syslog-ng restarts minilogd (which is I
believe redhat specific)is also running and I believe there is contention
for /dev/log.  Minilogd apparently is used during the redhat boot process
and logs stuff, before syslog starts and then hands  off to syslog once it
starts.  This issue is occurring well after boot.   Has anyone seen this
issue as well?

Below is my monitoring script.  Perhaps there is an error there that is
reporting a false positive?  Anyone know of a better way to monitor a
process to insure its running.  snmptraps?  ?  I get no real indication of
any sort of problem.

Any insight appreciated.

#!/usr/bin/perl -w
use MIME::Entity;

my $pid=`cat /var/run/syslog-ng.pid`;
chomp $pid;
my $check = `ps -eo pid,command| grep '$pid' | grep -v grep`;
if ($check ne "") {
   #print "OK - check = $check";
   exit 0;
} else {
   my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime(time);
   $year %= 100;
   my $errortime =
sprintf
("%02d:%02d:%02d-%02d/%02d/%02d",$hour,$min,$sec,$mon+1,$mday,$year);
   #print "NOT OK - check = $check";
   system "/etc/rc.d/init.d/syslog-ng start";
   $minilogd = `ps -eo pid,command | grep minilogd | grep -v grep`;
   $page = "Syslog Error at $errortime";
   $top = MIME::Entity->build(Type      =>"multipart/mixed",
                              From      =>"admin",
                              To        =>"pager\@localhost");
   $top->attach(Data=>$page);
   $message="\n

   There is a problem with syslog-ng at $errortime, it's last known
   whereabouts were $pid.

   Syslog has been restarted.
   ";
   $top->attach(Data=>$message);
   open (MAIL, "| /usr/sbin/sendmail -t");
   $top->print(\*MAIL);
   close MAIL;

   exit 0;
}


Brian Seppanen
Charter Communications
Regional Data Center                                          906-228-4226
ext 23
Marquette, MI
seppy@chartermi.net


_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng