[syslog-ng]syslog-ng hanging bringing machine in trouble
Peter Bieringer
pb@bieringer.de
Tue, 11 Feb 2003 22:27:23 +0100
Hi,
I have here a big problem on one of my machine and it looks like that
it is caused by syslog-ng.
It has similar problems like already written here:
http://lists.balabit.hu/pipermail/syslog-ng/2003-January/004432.html
Machine:
Red Hat Linux 7.3 with all updates
Running kernel: currently 2.4.18-18.7.x extended with Openwall patch
128 MByte memory
syslog-ng: 1.5.26 (but also happen with latest 1.4.x)
pam is using a local running LDAP server.
>From time to time (let say distance 2-3 weeks or even 8 hours) syslog
suddenly stops logging like this evening:
Feb 11 19:10:44 gromit syslog-ng[17700]: STATS: dropped 0
Feb 11 19:20:44 gromit syslog-ng[17700]: STATS: dropped 0
Feb 11 19:30:45 gromit syslog-ng[17700]: STATS: dropped 0 <--
Feb 11 20:00:47 gromit syslog-ng[6771]: syslog-ng version 1.5.26
starting
Feb 11 20:00:48 gromit syslog-ng: syslog-ng startup succeeded
Feb 11 20:00:48 gromit syslog-ng: klogd startup succeeded
Feb 11 20:00:53 gromit ldap: slapd startup succeeded
I've detected this about 20 min later with following reproducable:
System load increases over 1 (normally, machine has no load)
"ps -ax" hangs after displaying some processes, "top" will sometimes
start, sometimes hang
Last times I saw also some CROND entries by "ps -ax", one with stat
"D".
syslog-ng configuration is nothing special, destinations are files
(divided by yyyymm), sources are
source s_local { internal();
unix-stream("/dev/log" keep-alive(yes) max-connections(100));
unix-stream("/var/spool/postfix/dev/log" keep-alive(yes)
max-connections(100));
file("/proc/kmsg");
};
options { use_dns(no);
use_fqdn(no);
use_time_recvd(no);
chain_hostnames(no);
mark(0);
sync(0);
};
Last week I've disabled postfix's LDAP usage completly to check
whether it's a LDAP problem here. In former cases (postfix with LDAP
lookups) postfix will hang completly, a TCP connects, but no HELO
string was displayed.
So the big question:
1) is this a syslog-ng related problem?
2) is this a LDAP problem? I've already increased threads.
I don't believe it's a DNS problem because on machine itself a
caching DNS server is running.
One note: machine is IPv6 enabled.
I hope someone could point me to some solutions or proper debugging
methods. Machine is semiproductive since end of September (with
syslog-ng), but since the beginning such troubles occur.
BTW: is this ok, that if syslog-ng restarts, crond don't log anymore
until restarted?
Thank you very very much,
Peter
--
Dr. Peter Bieringer http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de
Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/