Date: Fri, 07 Jan 2000 14:04:18 -0500 From: Jim Conner <jconner@enterit.com> To: aunty <aunty@comcen.com.au>, freebsd-questions@FreeBSD.ORG Subject: Re: syslogd stops Message-ID: <4.2.0.58.20000107134842.009b7f00@mail.enterit.com> In-Reply-To: <20000108221750.A38776@comcen.com.au> References: <200001080651.HAA02806@dorifer.heim3.tu-clausthal.de> <8565ih$2kn8$1@atlantis.rz.tu-clausthal.de> <200001080651.HAA02806@dorifer.heim3.tu-clausthal.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok. Im not expert at this kind of thing...look below...I will tell you
what I see...
At 22:17 08-01-00 +1100, aunty wrote:
>On Sat, Jan 08, 2000 at 07:51:46AM +0100, Oliver Fromme wrote:
> > Tony Simaz <ajs@qtm.net> wrote in list.freebsd-questions:
> > > If anyone knows a solution to this I would love to hear it as well. I
> > > have a 2.2.8 mail server running at a remote location that does the same
> > > thing. I have another 2.2.8 mail server at my office that has never
> done
> > > it. But the other one just stops logging once in a while. No
> warnings of
> > > any kind or unusual messages prior to it halting. I just log in
> from the
> > > office and see that it quit last night sometime.
> >
> > What exactly do you mean by "quit"? Did the syslogd process
> > exit? If so, it should have logged why it exited (unless it's
> > killed by a SIGKILL).
>
>Nope, it's very much alive, all dressed up and asleep at the wheel.
>
> > > It's not real
> > > consistant either. It probably quits about once every two or three
> > > weeks. In my case sighup is useless as well. I have to kill
> syslogd and
> > > restart it.
> >
> > Ah, so the process is still there. Does it consume any CPU?
> > What is the last line that have been logged? What happens
> > when you type this command:
> >
> > logger -i -p kern.emerg -t test "It's alive!"
>
>It silently ignores that.
>
>This should answer all of your questions... but not necessarily ours:
>
>bash$ date
>Sat Jan 8 22:06:50 EST 2000
So. Its 10 PM on Jan 8 2000
>bash$ ls -lart /var/log |tail
>-rw-rw-r-- 1 root wheel 105 Jan 7 14:00 messages.1.gz
>-rw-rw-r-- 1 root wheel 101 Jan 7 18:00 maillog.1.gz
>-rw-rw-r-- 1 root wheel 108 Jan 8 14:00 messages.0.gz
>-rw-rw-r-- 1 root wheel 62 Jan 8 14:00 messages
Messages was last written to at 2 PM on Jan 8...
>-rw-rw-r-- 1 root wheel 102 Jan 8 18:00 maillog.0.gz
>-rw-rw-r-- 1 root wheel 62 Jan 8 18:00 maillog
>drwxr-xr-x 2 root wheel 2048 Jan 8 18:00 .
>-rw-rw-r-- 1 root wheel 616 Jan 8 21:11 sendmail.st
>-rw-r--r-- 1 root wheel 176 Jan 8 22:06 wtmp
>-rw-r--r-- 1 root wheel 28056 Jan 8 22:06 lastlog
>bash$ cat /var/log/messages
>Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over
This just proves that messages was last written to at 2 PM. This also
indicates that there was a log rotation perhaps.
>bash$ zcat /var/log/messages.0.zg
>/var/log/messages.0.zg.gz: No such file or directory
>bash$ zcat /var/log/messages.0
>Jan 7 14:00:01 hostname newsyslog[35980]: logfile turned over
>Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over
This shows that this log rotation seems to be occurring everyday at
2PM. The wierd thing about this is that there was nothing (so it appears)
logged between 2 PM on the 7th and 2PM on the 8th. Perhaps, there was a
problem that occurred (or that the syslog stopped logging between these two
rotations)
>bash$ logger -i -p kern.emerg -t test "It's alive!"
>bash$ cat /var/log/messages
>Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over
Obviously the logger command didn't work.
So...here is what I would do. Check the periodic contents and any other
crons for newsyslog and see what (if anything) is being run. I have this
in my /etc/crontab:
# rotate log files every hour, if necessary
0 * * * * root newsyslog
Also, I would check the configuration file for newsyslog
from man (8) newsyslog
When starting up, newsyslog reads in a configuration file to determine
which logs may potentially be archived. By default, this configuration
file is /etc/newsyslog.conf. Each line of the file contains information
about a particular log file that should be handled by newsyslog. Each
line has five mandatory fields and four optional fields, with a whites-
pace separating each field. Blank lines or lines beginning with ``#''
are ignored. The fields of the configuration file are as follows:
...
path_to_pid_file
This optional field specifies the file name to read to find the
daemon process id. If this field is present, a signal_number is
sent the process id contained in this file. This field must
start with "/" in order to be recognized properly.
I haven't checked this out a lot but this may be the problem on your
machine. It may not be correctly killing the PID for syslogd before moving
that log file out from underneath the FD. This seems the be the problem to
me. Im just stabbin in the dark though :)
Im really curious to see if we can resolve this. Let me know if any of this
is any help.
Jim
>bash$
>bash$ ps waux | grep PID
>USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
>bash$ ps waux | grep syslo
>root 109 0.0 0.5 820 572 ?? Ss 23Dec99 7:42.94 syslogd
>bash$ top -n
>last pid: 40739; load averages: 0.20, 0.15, 0.06 up
>15+22:23:14 22:13:21
>26 processes: 1 running, 25 sleeping
>
>Mem: 6548K Active, 41M Inact, 10M Wired, 3181K Buf, 66M Free
>Swap: 260M Total, 260M Free
>
>
> PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
> 109 root 2 0 820K 572K poll 7:43 0.00% 0.00% syslogd
>
><remaining lines of top output snipped>
>
>bash$ cat /etc/syslog.conf
># $FreeBSD: src/etc/syslog.conf,v 1.9.2.1 1999/08/29 14:19:02 peter Exp $
>#
># Spaces are NOT valid field separators in this file.
># Consult the syslog.conf(5) manpage.
>*.err;kern.debug;auth.notice;mail.crit /dev/console
>*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
>mail.info /var/log/maillog
>lpr.info /var/log/lpd-errs
>cron.* /var/cron/log
>#*.err root
>#*.notice;news.err root
>#*.alert root
>*.emerg *
>
>local2.* /var/log/sudo.log
>local3.* /var/log/sshd.log
>
>
># uncomment these if you're running inn
># news.crit /var/log/news/news.crit
># news.err /var/log/news/news.err
># news.notice /var/log/news/news.notice
>!startslip
>*.* /var/log/slip.log
>!ppp
>*.* /var/log/ppp.log
>!popper /var/log/pop.log
>
>
>bash$
>bash$ uname -v
>FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT
>1999 jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC
>
>
>--
>
>Regards,
> -*Sue*-
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Today's errors, in contrast:
Windows - "Invalid page fault in module kernel32.dll at 0032:A16F2935"
UNIX - "segmentation fault - core dumped"
Humanous Beingsus - "OOPS, I've fallen and I can't get up"
-------------------------------
Jim Conner
NOTJames
jconner@enterit.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000107134842.009b7f00>