[syslog-ng]Stats stop logging? - Fixed, but noticed another problem
Glasser, Rob
syslog-ng@lists.balabit.hu
Thu, 12 Jun 2003 16:16:10 -0700
This is a multi-part message in MIME format.
------_=_NextPart_001_01C33138.9BED5AFE
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Stupid mistake on my part. Looks like the issue had to do with me
running the process as nobody, but nobody couldn't read the
syslog-ng.conf file. Since I couldn't write anything out to the console
either I decided to stop running syslog-ng as nobody for now.=20
=20
However I've noticed something else, on my Solaris 2.6 systems whenever
I HUP or stop and restart syslog-ng it dumps a bunch of old messages
from system startup and about filesystems being full into
/var/adm/messages. Basically everything that shows up with 'dmesg'.
Freaked me out the first time because the date information shows as
current time so I was wondering how everything broke all at once.=20
=20
I have no idea how to clear this so it won't show it everything I
restart syslog-ng. Any ideas on the cause of this problem? Some buffer
somewhere is storing this information and I'm not sure where.
=20
Thanks
=20
Rob
-----Original Message-----
From: Glasser, Rob [mailto:rob.glasser@attws.com]=20
Sent: Wednesday, June 11, 2003 5:31 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Stats stop logging?
=09
=09
I currently have stats turned on for once an hour. It was
running fine until I rotated my log file. I currently have all
syslog-ng messages with a match(syslog-ng) filter going to
/var/adm/messages. I rotated the logs, and HUP'd the syslog-ng process,
it indicated in the new messages file that it was restarted and that is
the last message from syslog-ng in that file. syslog-ng is logging other
facilities to that file, but not stats, or any other syslog-ng messages
for that matter, though I don't know if there would have been any
others. Am I missing something or is this a bug? If I completely stop
and restart syslog-ng everything starts working again.=20
By the way, I rotate the log file by cat'ing it out to another
filename, then cat'ing /dev/null to /var/adm/messages.=20
Thanks=20
Rob Glasser
AT&T Wireless
WNS Data Operations - Core Services
UNIX Systems Administrator
=09
------_=_NextPart_001_01C33138.9BED5AFE
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2>Stupid=20
mistake on my part. Looks like the issue had to do with me =
running=20
the process as nobody, but nobody couldn't read the syslog-ng.conf=20
file. Since I couldn't write anything out to the console either I =
decided=20
to stop running syslog-ng as nobody for now. </FONT></SPAN></DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2>However I've noticed something else, on my Solaris 2.6 systems =
whenever I=20
HUP or stop and restart syslog-ng it dumps a bunch of old messages from =
system=20
startup and about filesystems being full into /var/adm/messages. =
Basically=20
everything that shows up with 'dmesg'. Freaked me out the first =
time=20
because the date information shows as current time so I was wondering =
how=20
everything broke all at once. </FONT></SPAN></DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2>I have=20
no idea how to clear this so it won't show it everything I restart=20
syslog-ng. Any ideas on the cause of this problem? Some =
buffer=20
somewhere is storing this information and I'm not sure=20
where.</FONT></SPAN></DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2>Thanks</FONT></SPAN></DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D807301123-12062003><FONT face=3DArial color=3D#0000ff =
size=3D2>Rob</FONT></SPAN></DIV>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> =
Glasser, Rob=20
[mailto:rob.glasser@attws.com] <BR><B>Sent:</B> Wednesday, June 11, =
2003 5:31=20
PM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B>=20
[syslog-ng]Stats stop logging?<BR><BR></FONT></DIV><!-- Converted from =
text/rtf format -->
<P><FONT face=3DArial size=3D2>I currently have stats turned on for =
once an hour.=20
It was running fine until I rotated my log file. I currently =
have all=20
syslog-ng messages with a match(syslog-ng) filter going to=20
/var/adm/messages. I rotated the logs, and HUP'd the syslog-ng =
process,=20
it indicated in the new messages file that it was restarted and that =
is the=20
last message from syslog-ng in that file. syslog-ng is logging other=20
facilities to that file, but not stats, or any other syslog-ng =
messages for=20
that matter, though I don't know if there would have been any =
others. Am=20
I missing something or is this a bug? If I completely stop and =
restart=20
syslog-ng everything starts working again. </FONT></P>
<P><FONT face=3DArial size=3D2>By the way, I rotate the log file by =
cat'ing it out=20
to another filename, then cat'ing /dev/null to =
/var/adm/messages.</FONT> </P>
<P><FONT face=3DArial size=3D2>Thanks</FONT> </P>
<P><FONT face=3D"Comic Sans MS" color=3D#000000 size=3D4>Rob =
Glasser</FONT><BR><FONT=20
face=3D"Comic Sans MS" color=3D#000000 size=3D1>AT&T =
Wireless<BR>WNS Data=20
Operations - Core Services</FONT><FONT face=3D"Times New Roman" =
color=3D#000000=20
size=3D1></FONT><BR><FONT face=3D"Comic Sans MS" color=3D#000000 =
size=3D1>UNIX Systems=20
Administrator</FONT><FONT face=3D"Times New Roman" color=3D#000000=20
size=3D1><BR></FONT></P><BR></BLOCKQUOTE></BODY></HTML>
=00
------_=_NextPart_001_01C33138.9BED5AFE--