Date: Tue, 13 Mar 2001 13:52:57 -0500 From: James Snow <snow@teardrop.org> To: freebsd-questions@freebsd.org Subject: syslogd acting weird, not logging, large receive queues? Message-ID: <20010313135257.B44753@teardrop.org>
next in thread | raw e-mail | index | archive | help
I'm trying to setup a FreeBSD machine to act as a central log collector and analyzer for a cluster of FreeBSD and Linux machines. /etc/syslog.conf for each of the machines logging to the remote host contains one line: *.* @loghost (Yes, with tabs for whitespace.) Loghost then does something like: +hosta *.* /var/log/hosta/logs +hostb *.* /var/log/hostb/logs They're actually sorted a bit more than that, but I don't think the config file is the source of the problem, so, anyway. I'll get a few log entries in and they'll be routed correctly. Almost immediately though, syslogd stops sending new log entries to the various log files. At this point, netstat -f inet -an show some oddities: Proto Recv-Q Send-Q Local Address Foreign Address (state) udp4 129 0 *.1053 *.* udp4 30350 0 *.514 *.* Seems like an awful lot of data to have sitting in the receive queue. :) Weirder still is that the port number for the non-514 UDP socket, (which I understand syslogd is using to do DNS queries) moves around. It might be on port 1053 when I run netstat one time, but 60 seconds later it will be on port 1127. However, the receive queue never diminishes. I'm puzzled. What on earth is going on here? Any hints, clues, pointers or invectives containing the letters R, T, F and M would be appreciated, so long as you mention which M, 'cuz I sure can't find anything that seems to relate to this. :) Thanks, -Snow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010313135257.B44753>