[syslog-ng] syslog hangup
Vincent Régnard
vregnard at tbs-internet.com
Fri Jul 28 12:38:05 CEST 2006
Hi,
Since at least a couple of month now, we've been experiencing some
strange troubles on some of our routers which we now associate to a
syslog-ng (or a syslog-ng internal facility) hangup. The version of
syslog ng we use is 1.6.8 on different linux kernel 2.4.31 and 2.6.8.
I read some posts on this list
(https://lists.balabit.hu/pipermail/syslog-ng/2006-May/008784.html)
establishing some similar problems.
The conditions in which the problem occur are not clear to us. There are
obviously different sircumstances that lead syslog-ng to hangup.
We first noticed the problem on a server where some users where not able
to login, certainly because of the impossibility to write to the
/dev/log socket. Reloading syslog-ng when we had an active shell on the
server corrected the problem. For this server we "solved" the problem by
adding a cron to check the syslog activity and reload syslog if needed.
This is not a nice soltution, but it avoids hard reboot of the server.
More recently we realized that some routers where not logging some
(iptables firewall) events sent to syslog, when in the same time, log
from other daemons where treated correctly, again reloading syslog-ng
fixes the problem untill the problem randmly accurs again. I am
presently studdying the way these log messages are sent to syslog to
understand this trouble better.
We are tracking the causes of such an annoying behaviour without succes
untill now. First of all we would like to understand what is happening
in syslog-ng itselfs, at what level is this hangup ? kernel ? syslog ?
is it related to /dev/log socket ? Maybe some experts or syslog
devloppers can send us some hints ? Is it related to the kernel
environement ? /proc ? udev ? Or is it possible that another daemon is
responsible for this syslog hangup.
Apparently the problem is also present in newer releases in the 1.6.X
branch according to the posts on the list, I checked the branch
changelogs without seeing anything on that. Has some work been devoted
to fix this kind of trouble in more recent branches (1.9 and 2.0) ?
We are planning to develop a daemon to monitor syslog-ng and reload the
service in case of hangup. If some of you already performed some work in
that direction, we would be glad to share the effort or learn the best
and more efficient way proceed.
Any hints, comments or suggestions are welcome.
Thanks in advance.
--
Vincent Régnard
vregnard at tbs-internet.com
TBS-internet.com
027 630 5902
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5603 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060728/1b20c89d/smime.bin
More information about the syslog-ng
mailing list