[syslog-ng] syslog-ng v3.0.4 stops receiving remote logs
Balazs Scheidler
bazsi at balabit.hu
Fri Sep 18 20:31:07 CEST 2009
On Fri, 2009-09-18 at 13:49 -0400, Mike Duncan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We are running into an issue using syslog-ng v3.0.3 and v3.0.4. After
> about 1minute or so, all external/remote hosts can no longer log to the
> logging server (syslog-ng). We run udp only and have something around
> 300-400 hosts logging to the server. The local logging seems to be okay
> even after the remote logging ceases. We are not getting any indication
> from syslog-ng (logs or stdout) that there is an issue unless we run it
> in debug mode.
>
hmm.. syslog-ng is not reading its UDP socket for some reason. Can you
attach to it using strace?
e.g. once you have syslog-ng running, attach to the process using:
strace -p <pid> -s 256 -f -o /tmp/strace.log
To know which fd is which, it'd be nice to run "lsof -p <pid>" as well.
and check whether:
1) syslog-ng is polling its UDP socket or not
2) if it polls it, whether it invokes recv on the socket or not
(probably now)
Do you have flow control enabled?
--
Bazsi
More information about the syslog-ng
mailing list