[syslog-ng] I/O error occurred while writing; fd=\'6\', error=\'Connection refused (111)\'
Evan Rempel
erempel at uvic.ca
Mon Jun 8 06:03:24 CEST 2009
Wouldn't things be a lot easier to trouble shoot if syslog-ng just logged the destination name rather than, or in addition to the fd number.
Something like
syslog-ng: I/O error occurred while writing; destination=d_unitylab; error=\'Connection refused (111)\'
I have this problem all of the time, I can not tell which destination is having the problem, and since syslog-ng
closes the channel when the error occurs, using lsof is of little help.
Evan.
________________________________________
From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] On Behalf Of Clayton Dukes [cdukes at gmail.com]
Sent: Sunday, June 07, 2009 8:15 AM
To: Balazs Scheidler
Cc: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] I/O error occurred while writing; fd=\'6\', error=\'Connection refused (111)\'
Alrighty! I think I have the culprit...
> Are you sure that fd=6 refers to the pipe in question? That can be
> checked using lsof.
I checked lsof, but didn't find anything other than a pipe (I think)
syslog-ng 1009 root 7w FIFO 0,6 1232190 pipe
However an strace did yield some good information, now that I know
what to look for:
1009 write(6, "<187>Jun 7 10:56:54 vnt-cm1d.cis"..., 277) = -1
ECONNREFUSED (Connection refused)
This clued me in that, in fact, you are correct - it's not my perl
pipe that is the problem.
I'd forgotten that I had added some new destinations the other day to
some other servers in the lab, here's the config for that:
# Added destination for Unity servers for Scott and Joe
# Filter all incoming messages for unity server sources
filter f_unitylab { (
host("^vnt-cm")
);
};
# Set destination to Joe's lab
destination d_unitylab {
udp("172.16.106.206" port (514));
};
# Set destnation to Scott's server
destination d_ucsyslog {
udp("172.16.86.112" port (514));
};
# Log to configured destinations
log {
source(s_all);
filter(f_unitylab);
destination(d_unitylab);
destination(d_ucsyslog);
};
It looks like I'm getting an ECONNREFUSED from one of the sources (vnt-cm1d)?
I would think the connection refused would be a destination, not a
source - or am I just reading that wrong?
Thanks for your help (and sorry that I forgot about the new config!) :-)
>
> An strace could reveal which system call returned ECONNREFUSED, and that
> could let me find the problem. If you can't make that out yourself,
> just send me the strace and I'll check. (possibly in private as that may
> contain sensitive information)
On Sun, Jun 7, 2009 at 5:54 AM, Balazs Scheidler<bazsi at balabit.hu> wrote:
> On Sat, 2009-06-06 at 13:33 -0400, Clayton Dukes wrote:
>> Hi Folks,
>> I am the owner of php-syslog-ng...
>> While working on one of my servers, I notice the following error
>> getting repeated (a lot):
>> syslog-ng[23692]: I/O error occurred while writing; fd=\'6\',
>> error=\'Connection refused (111)\'
>>
>> I've done multiple searches but haven't been able to nail down why
>> this error is constantly getting logged into my pipe.
>> I've found google results where Baszi asked the user to try using
>> strace and/or lsof, but I can't gleen anything useful from it (maybe
>> I'm just too dumb :-))
>>
>
> hmm, for a destination pipe, "Connection refused" should not be received
> as an error code.
>
> Quickly checking the Linux kernel sources, I can't see this error code
> in the pipe driver (although this was only a quick grep)
>
> Are you sure that fd=6 refers to the pipe in question? That can be
> checked using lsof.
>
> An strace could reveal which system call returned ECONNREFUSED, and that
> could let me find the problem. If you can't make that out yourself,
> just send me the strace and I'll check. (possibly in private as that may
> contain sensitive information)
>
>
>> Any help would be greatly appreciated :-)
>>
>> Here's my syslog-ng config:
>>
>> options {
>> long_hostnames(off);
>>
>> # doesn't actually help on Solaris, log(3) truncates at 1024 chars
>> log_msg_size(8192);
>>
>> # buffer just a little for performance
>> sync(1);
>>
>> # memory is cheap, buffer messages unable to write (like to loghost)
>> log_fifo_size(16384);
>>
>> # Hosts we don't want syslog from
>> #bad_hostname("^(ctld.|cmd|tmd|last)$");
>> bad_hostname("^11.16.254.134$");
>>
>> # The time to wait before a dead connection is reestablished (seconds)
>> time_reopen(10);
>>
>> #Use DNS so that our good names are used, not hostnames
>> use_dns(yes);
>> dns_cache(yes);
>>
>> #Use the whole DNS name
>> use_fqdn(yes);
>>
>> keep_hostname(yes);
>> chain_hostnames(no);
>>
>> #Read permission for everyone
>> perm(0644);
>> # The default action of syslog-ng 1.6.0 is to log a STATS line
>> # to the file every 10 minutes. That's pretty ugly after a while.
>> # Change it to every 12 hours so you get a nice daily update of
>> # how many messages syslog-ng missed (0).
>> stats(43200);
>> };
>>
>> destination d_syslogdb {
>> pipe("/var/log/mysql.pipe",
>> template
>> ("'$HOST''$FACILITY''$PRIORITY''$LEVEL''$TAG''$YEAR-$MONTH-$DAY''$HOUR:$MIN:$SEC''$PROGRAM''$MSG'\n")
>> template_escape(yes)
>> );
>> };
>>
>> log {
>> source(s_all); destination(d_syslogdb);
>> };
>>
>>
> --
> Bazsi
>
>
>
--
______________________________________________________________
Clayton Dukes
______________________________________________________________
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list