[syslog-ng] Re : Re: Constant syslog-ng startup message

ILLES, Marton illes.marton at balabit.hu
Fri Mar 27 13:15:19 CET 2009 

So it keeps restarting... Could you enable core and see if it dumps
core? (--enable-core or ulimit -c unlimited)
Also the configfile which restarts would be helpful to track down the
problem.

best,

M

On Fri, 2009-03-27 at 01:52 -0400, srainville at videotron.ca wrote:
> The problem seems to be related to filters. Here's what I found so
> far:
>  
> 1- The following filter causes syslog-ng to restart constantly:
> filter f_pix_filter          { message("-6-30201[3-6]") or
> message("-6-30202[0-1]") or message("-6-305011") or
> message("-6-60900[1-2]") or message("-7-710007"); };
> 
> 2- I tried using the following filter, which doesn't cause syslog-ng
> to fail, but doesn't match anything:
> filter f_pix_filter
> { match("-30201[3-6]|-30202[0-1]|-305011|-60900[1-2]|-710007"
> value("$MSG")); };
>  
> 3- The match() doesn't seem to work with any macro (by using
> value("$MACRO").
>  
> 4- The same filter as mentioned in #2 works without the "value"
> parameter, but causes syslog-ng to fail. I know it works partially
> because syslog-ng filters the messages correctly every time its
> restarted.
>  
>  
> Steve
> 
> ----- Message d'origine -----
> De: "ILLES, Marton" <illes.marton at balabit.hu>
> Date: Jeudi, 26 Mars 2009, 20:09
> Objet: Re: [syslog-ng] Constant syslog-ng startup message
> À: Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu>
> 
> > On Fri, 2009-03-27 at 09:42 +1300, chris packham wrote:
> > > On Thu, 2009-03-26 at 15:56 -0400, srainville at videotron.ca wrote:
> > > > syslog-ng keeps logging the following message. I installed 
> > it using
> > > > the HEAD RPM for Linux RHEL4. Is there a problem with the 
> > startup, or
> > > > just a message that can be ignored?
> > > > 
> > > > Mar 26 15:30:16 testserver syslog-ng[22090]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:18 testserver syslog-ng[22092]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:20 testserver syslog-ng[22094]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:21 testserver syslog-ng[22095]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:22 testserver syslog-ng[22097]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:23 testserver syslog-ng[22098]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:24 testserver syslog-ng[22099]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:25 testserver syslog-ng[22100]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:26 testserver syslog-ng[22101]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:28 testserver syslog-ng[22103]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > > Mar 26 15:30:29 testserver syslog-ng[22104]: syslog-ng 
> > starting up;
> > > > version='3.0.1+binpkg4'
> > > 
> > > That looks like either multiple instances of syslog-ng are 
> > being started
> > > or its being stopped and started multiple times ('ps | grep 
> > syslog-ng'
> > > should tell you which). 
> > > 
> > > Either way it's probably not good. At best its adding 
> > unnecessary system
> > > load, at worst its losing messages.
> > > 
> > > Does RHEL4 use upstart or some other special init system that 
> > tries to
> > > keep things running if they exit? You may see this kind of 
> > thing if
> > > there was an error in your config file which would cause 
> > syslog-ng to
> > > exit only to be re-started by init.
> > > 
> > 
> > Maybe it is started than it dies and the superviser restarts it. 
> > Can you
> > start it using strace?
> > 
> > M
> > -- 
> > Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D
> > 
> > 
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: 
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> > 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 
-- 
Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D

More information about the syslog-ng mailing list