[syslog-ng]syslog-ng 1.4.x troubles
archi2k@altern.org
archi2k@altern.org
Wed, 31 Jul 2002 22:52:43 +0200 (CEST)
Please CC me, I'm not subscribed to the list.
I have a very annoying problem with 1.4.x (not tried 1.5.x).
I run syslog-ng on several boxes from a long time. All these boxes are debian potato or woody. syslog-ng 1.4.x compiled by hand.
Here is the pb :
Sometimes, syslog-ng stops logging. When this happens, some of the services running on the box stop working.
If I issue a netstat on the box, here is what I got :
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 115 /tmp/mysql.sock
unix 0 [ ACC ] STREAM LISTENING 57 /dev/log
unix 1 [ ] STREAM CONNECTED 128 @0000000b
unix 1 [ ] STREAM CONNECTED 228 @0000000f
unix 1 [ ] STREAM CONNECTED 176 @0000000e
unix 1 [ ] STREAM CONNECTED 60 @00000001
unix 1 [ ] STREAM CONNECTED 78 @00000004
unix 1 [ ] STREAM CONNECTED 87 @00000005
unix 1 [ ] STREAM CONNECTED 92 @00000007
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 0 [ ] STREAM CONNECTING 0 /dev/log
unix 1 [ ] STREAM CONNECTED 62 /dev/log
As you can see, lots of /dev/log sock in the "CONNECTING" state. Sometimes, I have 100 like this ;o)
Processes like stunnel then refuse to work.
I have to kill -9 syslog-ng and then restart it.
For some boxes I have to do that manually each time I boot the box.
Any clue?
Here is, for one of my boxes, its syslog-ng.conf.
# syslog-ng configuration file.
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys { unix-stream ("/dev/log" max-connections(210)); internal(); file("/proc/kmsg"); };
destination authlog { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/authlog"); };
destination daemon { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/daemon"); };
destination kern { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/kernel"); };
destination maillog { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/maillog"); };
destination messages { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/messages"); };
destination secure { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/secure"); };
destination wtmp { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/wtmp"); };
destination cron { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/cron"); };
destination ftp { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/ftp"); };
destination errors { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/errors"); usertty("root"); };
destination alert { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/alert"); usertty("root"); };
destination notice { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/notice"); };
destination emergency { file("/var/log/$HOST/$YEAR/$MONTH/$DAY/emergency"); usertty(*); };
filter f_kern { facility(kern); };
filter f_syslog { facility(syslog); };
filter f_user { facility(user); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_xferlog { facility(ftp); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_kernel { facility(kern); };
filter f_debug { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_alert { level(alert); };
filter f_emerg { level(emerg); };
filter f_err { level(err); };
#log { source(s_sys); destination(d_amethyste_file); };
log { source(s_sys); filter(f_kern); filter(f_debug); destination(messages); };
log { source(s_sys); filter(f_user); filter(f_info); destination(messages); };
log { source(s_sys); filter(f_syslog); filter(f_info); destination(messages); };
log { source(s_sys); filter(f_auth); filter(f_info); destination(authlog); };
log { source(s_sys); filter(f_authpriv); filter(f_debug); destination(secure); };
log { source(s_sys); filter(f_cron); filter(f_info); destination(cron); };
log { source(s_sys); filter(f_daemon); filter(f_info); destination(daemon); };
log { source(s_sys); filter(f_xferlog); filter(f_info); destination(ftp); };
log { source(s_sys); filter(f_mail); filter(f_info); destination(maillog); };
log { source(s_sys); filter(f_kern); destination(kern); };
log { source(s_sys); filter(f_err); destination(errors); };
log { source(s_sys); filter(f_alert); destination(alert); };
log { source(s_sys); filter(f_notice); destination(notice); };
log { source(s_sys); filter(f_auth); filter(f_debug); destination(alert); };
log { source(s_sys); filter(f_emerg); destination(emergency); };
Cheers,
a2k