[syslog-ng]syslog and -HUP
Andy
syslog-ng@lists.balabit.hu
Fri, 15 Apr 2005 17:36:09 +0300
Hello Balazs Scheidler!
On Fri, Apr 15, 2005 at 03:12:00PM +0200, Balazs Scheidler wrote:
> On Fri, 2005-04-15 at 13:14 +0300, Andy wrote:
> > Hello!
> >
> > I use stable syslog-ng-1.6.7-1 on RH7.3.
> >
> > When at night the logrotate does a rotate and sends a signal HUP to syslog-ng it
> > causet to syslog-ng stop write to all logfile (but write messages from kernel!).
>
> What do you mean on "syslog-ng" stops writing to all logfiles? It still
> runs, accepts messages but does not write them to the proper
> destination?
yes. And I get this effect only if logfile rotate.
>
> Can you post a longer strace and maybe an lsof output of syslog-ng to
> see the problem?
of course.
do
# echo test|logger -p daemon.debug -t test
get /var/log/messages:
Apr 15 16:58:06 vpn test: test
do
# mv /var/log/messages /var/log/messages.0
# echo test|logger -p daemon.debug -t test
get /var/log/messages.0:
Apr 15 17:00:53 vpn test: test
OK. Daemon not know about logrotate.
do
# ps ax|grep syslog
13466 ? S 0:00 /sbin/syslog-ng
# kill -HUP 13466
# echo test|logger -p daemon.debug -t test
get /var/log/messages.0:
nothing!!!
get /var/log/messages:
nothing too!!!
in this time in strace I get:
.........
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 241000) = 1
accept(5, {sin_family=AF_UNIX, path=@}, [2]) = 9
fcntl64(0x9, 0x3, 0x50, 0x9) = 2
fcntl64(0x9, 0x4, 0x802, 0x9) = 0
fcntl64(0x9, 0x2, 0x1, 0x9) = 0
time(NULL) = 1113574143
poll([{fd=9, events=POLLIN, revents=POLLIN}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1
read(9, "<31>Apr 15 17:09:03 test: test\0", 2048) = 31
time(NULL) = 1113574143
time(NULL) = 1113574143
time(NULL) = 1113574143
poll([{fd=9, events=POLLIN}, {fd=7, events=0}, {fd=8, events=POLLOUT, revents=POLLOUT}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1
write(8, "Apr 15 17:09:03 vpn test: test\n", 31) = 31
time(NULL) = 1113574143
poll([{fd=9, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1
read(9, "", 2048) = 0
time(NULL) = 1113574143
poll([{fd=9, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 9, 100) = 1
time(NULL) = 1113574143
close(9) = 0
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 231000) = 1
read(3, "<7>PPP: VJ decompression error\n", 2048) = 31
time(NULL) = 1113574152
time(NULL) = 1113574152
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1
write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 222000) = 1
read(3, "<7>PPP: VJ decompression error\n", 2048) = 31
time(NULL) = 1113574152
time(NULL) = 1113574152
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1
write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1
read(3, "<7>PPP: VJ decompression error\n", 2048) = 31
time(NULL) = 1113574152
time(NULL) = 1113574152
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=POLLOUT, revents=POLLOUT}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 1
write(6, "Apr 15 17:09:12 vpn kernel: PPP:"..., 56) = 56
time(NULL) = 1113574152
poll([{fd=7, events=0}, {fd=8, events=0}, {fd=6, events=0}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=12, events=POLLIN}, {fd=11, events=POLLIN}, {fd=4, events=POLLIN}], 8, 100) = 0
poll(
..............
and (I think it very strange!!!) only _kernel_ message are normally writted:
.....
Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error
Apr 15 17:09:28 vpn kernel: PPP: VJ decompression error
Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error
Apr 15 17:09:39 vpn kernel: PPP: VJ decompression error
.....
my syslog-ng.conf:
=cut
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_iptables { file("/var/log/iptables"); };
destination d_vpn { file("/var/log/vpn.log"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern) and not (match(OUT=) or match(PPP)) ; };
filter f_filter2 { level(debug) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or facility(local2)
or match(OUT=)
or match(PPP)
); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg) and not match(OUT=); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_filter9 { facility(kern) and match(OUT=); };
filter f_filter10 { facility(local2) or program(pppd) or program(pptpd) or ( facility(kern) and match(PPP) ); };
log { source(s_sys); filter(f_filter1); destination(d_mesg); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter9); destination(d_iptables); };
log { source(s_sys); filter(f_filter10); destination(d_vpn); };
=end
>
> --
> Bazsi
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
--
Andy (ANDY-UANIC)