[syslog-ng]syslog-ng hanging bringing machine in trouble
Peter Bieringer
pb@bieringer.de
Wed, 12 Feb 2003 08:13:47 +0100
Hi,
--On Wednesday, February 12, 2003 12:03:17 AM +0100 Roberto Nibali
<ratz@drugphish.ch> wrote:
>>> Is it reproducable without OWL? Only test it if you can easily do
>>> it, if it's a productive machine, I suspect the downtime is too
>>> big to do heuristic tests.
>>
>> Sorry, can't do that.
>
> Thought so, well, proc-fs output, netstat, lsof and strace will
> reveil the problem if it is connected with OWL. BTW could you list
> (if it's not too big) all the OWL features you've enabled in your
> running kernel? Not that I suspect it to really have an influence
> on syslog-ng but safe is safe ;).
CONFIG_HARDEN_STACK=y
CONFIG_HARDEN_STACK_SMART=y
CONFIG_HARDEN_LINK=y
CONFIG_HARDEN_FIFO=y
CONFIG_HARDEN_PROC=y
CONFIG_HARDEN_FD_0_1_2=y
CONFIG_HARDEN_RLIMIT_NPROC=y
CONFIG_HARDEN_SHM=y
>> start() {
>> echo -n $"Starting system logger: "
>> daemon syslog-ng $SYSLOGD_OPTIONS -f /etc/syslog-ng.conf
>> RETVAL=$?
>> echo
>> echo -n $"Starting kernel logger: "
>> daemon klogd $KLOGD_OPTIONS
>> echo
>> [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog-ng
>> return $RETVAL
>> }
>
> Fine, just uncomment the three lines concerning klogd, you should
> still get kernel messages.
Done, indeed.
> <OT>
> Another thing: Whoever wrote that script part for start() should
> seriously reconsider reading a good shell book or the advance bash
> programming guide. </OT>
Sure? Didn't look very strange to me. Other initscripts look very
similar.
>> Does this mean that starting klogd isn't required?
>
> Not really. In the config snipped you posted before you had a
> file("/proc/kmsg") defined as a source in s_local. I just hope
> you've got a d_local where you write those messages into.
Had defined
destination d_kern { file("/var/log/kernel-$YEAR$MONTH"); };
which catches still kernel messages - ok.
>>> I would say no but I'm not sure here, I would also suspect it
>>> depends on the version of cron deployed on your machine.
>>
>> vixie-cron-3.0.1-64
>
> The I suppose it should stop logging. How about if you send a
> SIGHUP to the cron? pkill -HUP cron.
Won't help. Is this a bug in syslog-ng or crond? Not nice that on
every syslog-ng restart crond has to be restarted, too (in case of
"not knowing about this issue").
>> Does a lsof | grep crond help? I see only some libs, pipes and
>> sockets.
>
> Yes, maybe you should also send along the output of:
>
> lsof -c cron -c syslog-ng
Here the crond-after-syslog-restart-no-longer-logging case:
# lsof -c crond -c syslog-ng
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
crond 19875 root cwd DIR 3,3 4096 2
/var/spool
crond 19875 root rtd DIR 3,1 4096 2 /
crond 19875 root txt REG 3,1 23048 82976
/usr/sbin/crond
crond 19875 root mem REG 3,1 89547 64281
/lib/ld-2.2.5.so
crond 19875 root mem REG 3,1 25572 65003
/lib/libsafe.so.2.0.16
crond 19875 root mem REG 3,1 12102 65975
/lib/libdl-2.2.5.so
crond 19875 root mem REG 3,1 45415 64493
/lib/libnss_files-2.2.5.so
crond 19875 root mem REG 3,1 1533837 64419
/lib/libnss_ldap-2.2.5.so
crond 19875 root mem REG 3,1 68925 64356
/lib/libresolv-2.2.5.so
crond 19875 root mem REG 3,1 1402035 64275
/lib/i686/libc-2.2.5.so
crond 19875 root 0u CHR 136,0 2
/dev/pts/0
crond 19875 root 1w FIFO 0,4 20072062 pipe
crond 19875 root 2w FIFO 0,4 20072063 pipe
crond 19875 root 3u REG 3,1 6 177220
/var/run/crond.pid
crond 19875 root 4u unix 0xc6341a40 20072069 socket
syslog-ng 20308 root cwd DIR 3,1 4096 2 /
syslog-ng 20308 root rtd DIR 3,1 4096 2 /
syslog-ng 20308 root txt REG 3,1 81576 64714
/sbin/syslog-ng
syslog-ng 20308 root mem REG 3,1 89547 64281
/lib/ld-2.2.5.so
syslog-ng 20308 root mem REG 3,1 25572 65003
/lib/libsafe.so.2.0.16
syslog-ng 20308 root mem REG 3,1 68925 64356
/lib/libresolv-2.2.5.so
syslog-ng 20308 root mem REG 3,1 89424 64328
/lib/libnsl-2.2.5.so
syslog-ng 20308 root mem REG 3,1 12102 65975
/lib/libdl-2.2.5.so
syslog-ng 20308 root mem REG 3,1 1402035 64275
/lib/i686/libc-2.2.5.so
syslog-ng 20308 root 0u CHR 1,3 33972 /dev/null
syslog-ng 20308 root 1u CHR 1,3 33972 /dev/null
syslog-ng 20308 root 2w FIFO 0,4 20077147 pipe
syslog-ng 20308 root 3u unix 0xc072c0a0 20077154 /dev/log
syslog-ng 20308 root 5u unix 0xc09daa80 20077156
/var/spool/postfix/dev/log
syslog-ng 20308 root 6r REG 0,6 0 4114
/proc/kmsg
syslog-ng 20308 root 7u IPv4 20077158 UDP
******:39269->************:syslog
syslog-ng 20308 root 8u unix 0xc2372540 20077174 /dev/log
syslog-ng 20308 root 9u unix 0xc09da580 20077188 /dev/log
syslog-ng 20308 root 10w REG 3,8 255123 42
/var/log/bootlog
syslog-ng 20308 root 11w REG 3,8 8134413 72
/var/log/maillog-200302
syslog-ng 20308 root 12u unix 0xc13975a0 20077203 /dev/log
syslog-ng 20308 root 13u unix 0xc1988a40 20077223 /dev/log
syslog-ng 20308 root 14u unix 0xc1f165c0 20077249 /dev/log
syslog-ng 20308 root 15u unix 0xc53c6580 20077269 /dev/log
syslog-ng 20308 root 16u unix 0xc525cac0 20077296
/var/spool/postfix/dev/log
syslog-ng 20308 root 17u unix 0xc53a1a60 20077301 /dev/log
syslog-ng 20308 root 18u unix 0xc525c0c0 20077645 /dev/log
Hope this helps!
Thank you very much,
Peter
--
Dr. Peter Bieringer http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de
Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/