[syslog-ng] line of sendmail log output missing?

Fri May 4 17:40:17 CEST 2007

On Fri, 2007-05-04 at 10:25 -0400, Centyx Centalix wrote:
> Hi,
> 
> I recently switched from syslogd to syslog-ng on several servers running
> CentOS. While running syslogd, a usual mail delivery appeared in
> /var/log/maillog as follows:
> 
> Apr 22 04:11:07 ws01 sendmail[32181]: l3M8B71l032181: from=<someuser at someremote.domain>, size=2361, class=0, nrcpts=1, msgid=<001901c784c6$9688fea0$018ab484 at maison9tm8hfuv>, proto=ESMTP, relay=root at localhost
> Apr 22 04:11:07 ws01 sendmail[32179]: l3M8Av5T032164: to=<domain_support at somelocal.domain>, delay=00:00:04, xdelay=00:00:00, mailer=virthostmail, pri=121926, relay=somelocal.domain, dsn=2.0.0, stat=Sent (l3M8B71l032181 Message accepted for delivery)
> Apr 22 04:11:07 ws01 spamd[24594]: spamd: connection from localhost.localdomain [127.0.0.1] at port 50252 
> Apr 22 04:11:07 ws01 spamd[24594]: spamd: setuid to domain_admin at somelocal.domain succeeded 
> Apr 22 04:11:07 ws01 spamd[24594]: spamd: processing message <001901c784c6$9688fea0$018ab484 at maison9tm8hfuv> for domain_admin at somelocal.domain:22003 
> Apr 22 04:11:08 ws01 spamd[24594]: spamd: identified spam (18.5/4.0) for domain_admin at somelocal.domain:22003 in 1.3 seconds, 2646 bytes. 
> Apr 22 04:11:08 ws01 spamd[24594]: spamd: result: Y 18 - BAYES_99,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL scantime=1.3,size=2646,user=domain_admin at somelocal.com,uid=22003,required_score=4.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=50252,mid=<001901c784c6$9688fea0$018ab484 at maison9tm8hfuv>,bayes=1,autolearn=spam 
> Apr 22 04:11:08 ws01 spamd[4109]: prefork: child states: BI 
> Apr 22 04:11:08 ws01 spamd[4109]: spamd: handled cleanup of child pid 24594 due to SIGCHLD 
> Apr 22 04:11:08 ws01 spamd[4109]: spamd: server successfully spawned child process, pid 32189 
> Apr 22 04:11:08 ws01 spamd[4109]: prefork: child states: II 
> Apr 22 04:11:08 ws01 sendmail[32182]: l3M8B71l032181: to=domain_admin, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=32547, dsn=2.0.0, stat=Sent
> 
> Now, after replacing syslogd with syslog-ng, the last line showing the
> delivery by the local mailer ( in this case, procmail ) is absent from
> the log files. I have made sure that levels info through emergency are
> specified for facility mail, and have also checked to see if this
> message was showing up under any other facility ( although I have not
> explicity defined the levels for all facilities ).
> 
> I am rather stumped about where this line of log output is going. Any
> suggestions would be greatly appreciated.
> 

consistently losing a log message is strange, are you sure nothing else
changed but the migration to syslog-ng? I have only seen losing messages
like this when a process runs in a chroot-ed environment, with an
inherited connection to /dev/log from the outside. Once the logger is
restarted (regardless whether it is syslogd or syslog-ng), /dev/log gets
reopened and the process stuck in a chroot cannot reconnect to /dev/log.

The solution is to open a /dev/log socket inside the chroot as well, in
this way when the chrooted child loses its /dev/log connection, it can
reopen it and happily log onwards.

The exact scenario I described happened with postfix but could apply to
sendmail as well.

-- 
Bazsi