[syslog-ng] logging stopped
Balazs Scheidler
bazsi at balabit.hu
Tue Mar 15 13:13:53 CET 2011
On Fri, 2011-03-11 at 19:28 +0100, Len Conrad wrote:
> uname -a
> FreeBSD 7.0-RELEASE
>
> syslog-ng --version
> syslog-ng 2.0.10
>
> change date on syslog-ng.conf is "Apr 20 2009"
>
> been running untouched for at least that long.
>
> about 00:20 today Friday, all syslogging to syslog-ng stopped.
>
> chkrootkit shows nothing wrong
>
> stop syslog-ng
>
> then pkg_delete, and then
>
> cd /usr/ports/sysutils/syslog-ng2
>
> make && make install
>
> start it,
>
> no change
>
> I rebooted the syslog server. no change
>
> trafshow -i bce0 -n
>
> then filter 514
>
> shows 100KBs arriving from our syslog clients.
>
> df shows plenty of disk space for /var
>
> suggestions?
Well, it seems generic troubleshooting task. Check, that:
1) netstat shows syslog-ng is listening
2) check that your pf rules don't drop this traffic
3) check that syslog-ng is actually receiving the traffic (using truss
or ktrace)
If the above confirms that syslog-ng is indeed receiving messages and
then not doing anything with them, that might be a sign of syslog-ng
trouble.
--
Bazsi
More information about the syslog-ng
mailing list