[syslog-ng] Console logging stops after some time.

Attila Szakacs (aszakacs) Attila.Szakacs at oneidentity.com
Tue Feb 23 12:41:15 UTC 2021 

Hi Alex,

Can you show us a `syslog-ng-ctl stats` output?
Also, I can see that you have internal() source enabled, are there any errors in it?

Thanks!

Cheers,
Attila
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos at gmail.com>
Sent: Friday, February 19, 2021 2:15 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] Console logging stops after some time.

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi All,

I am using a Debian10 with syslog-ng 3.19.

I have a simple configuration formed by a log to a file and a log to the console "usertty(*)". Please check the attached file.

After some time the logging to the console stops, but the logging to the file keeps working.

I used strace to debug this. (strace -p <syslog-ng-pid> -yy -f -s 256 -e trace=write)
root at localhost:~# w root
 12:50:41 up  3:16,  5 users,  load average: 0.21, 0.35, 0.37
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     ttyS0    -                09:36   45:18   0.02s  0.02s -bash
root     pts/1    10.0.2.2         09:40    1.00s  0.26s  0.00s w root
root     pts/4    10.0.2.2         09:56   24:08   3.03s  2.84s strace -p 23429 -yy -f -s 256 -e trace=write
root     pts/5    10.0.2.2         10:26   22:01   0.01s  0.01s tail -f /var/log/apps.log
root     pts/0    10.0.2.2         12:31   19:25  21.77s  0.00s sleep 60

root at localhost:~# strace -p 23429 -yy -f -s 256 -e trace=write

[pid 24379] write(26</dev/ttyS0<char 4:64>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 107) = 107
[pid 24379] write(26</dev/pts/1<char 136:1>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 107) = 107
[pid 24379] write(26</dev/pts/4<char 136:4>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 1072021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398
[pid 24379] write(26</dev/pts/4<char 136:4>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 1072021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398
[pid 24379] write(26</dev/pts/5<char 136:5>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 107) = 107
[pid 24379] write(26</dev/pts/0<char 136:0>>, "2021 Feb 19 12:31:16 localhost 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 107) = 107
[pid 24379] write(23<pipe:[1957563]>, "<190>1 2021-02-19T12:31:16.855+00:00 localhost usm 6802 - - 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 136) = 136
[pid 24379] write(23<pipe:[1957563]>, "<190>1 2021-02-19T12:31:16.885+00:00 localhost usm 6802 - - 8395:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 136) = 136
[pid 23703] write(1</var/log/apps.log>, "<190>1 2021-02-19T12:31:16.855+00:00 localhost usm 6802 - - 8389:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 136) = 136
[pid 23703] write(1</var/log/apps.log>, "<190>1 2021-02-19T12:31:16.885+00:00 localhost usm 6802 - - 8395:Usm             INFO   {Orchestrator.cpp:1329} attr_id=10931 moid=8398\n", 136) = 136

After some time I stop seeing writes to the console's, and only see writes to the apps.log file.

[pid 24379] write(23<pipe:[1957563]>, "<190>1 2021-02-19T12:31:21.334+00:00 localhost dbf 7884 - - 8159:Dbf             INFO   {transaction_context.cpp:20} dtor of TransCtxt, tid: 120\n", 145) = 145
[pid 23703] write(1</var/log/apps.log>, "<190>1 2021-02-19T12:31:21.334+00:00 localhost dbf 7884 - - 8159:Dbf             INFO   {transaction_context.cpp:20} dtor of TransCtxt, tid: 120\n", 145) = 145


It seems that due to the high amount of messages the logging to the console is discarded.
Can you help me to solve this,
Thanks in advance,
Alex



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210223/243d34c7/attachment.html>

More information about the syslog-ng mailing list