From owner-freebsd-questions Sat Jan 8 11: 3:14 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hsalouserv1.hsacorp.net (208-247-171-50.hsacorp.net [208.247.171.50]) by hub.freebsd.org (Postfix) with ESMTP id 023A014C1A for ; Sat, 8 Jan 2000 11:03:09 -0800 (PST) (envelope-from jconner@enterit.com) Received: from default (24-216-177-226.hsacorp.net [24.216.177.226]) by hsalouserv1.hsacorp.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id CPRQHM5H; Sat, 8 Jan 2000 13:57:06 -0500 Message-Id: <4.2.0.58.20000107134842.009b7f00@mail.enterit.com> X-Sender: jconner@mail.enterit.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 07 Jan 2000 14:04:18 -0500 To: aunty , freebsd-questions@FreeBSD.ORG From: Jim Conner Subject: Re: syslogd stops In-Reply-To: <20000108221750.A38776@comcen.com.au> References: <200001080651.HAA02806@dorifer.heim3.tu-clausthal.de> <8565ih$2kn8$1@atlantis.rz.tu-clausthal.de> <200001080651.HAA02806@dorifer.heim3.tu-clausthal.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ok. Im not expert at this kind of thing...look below...I will tell you what I see... At 22:17 08-01-00 +1100, aunty wrote: >On Sat, Jan 08, 2000 at 07:51:46AM +0100, Oliver Fromme wrote: > > Tony Simaz wrote in list.freebsd-questions: > > > If anyone knows a solution to this I would love to hear it as well. I > > > have a 2.2.8 mail server running at a remote location that does the same > > > thing. I have another 2.2.8 mail server at my office that has never > done > > > it. But the other one just stops logging once in a while. No > warnings of > > > any kind or unusual messages prior to it halting. I just log in > from the > > > office and see that it quit last night sometime. > > > > What exactly do you mean by "quit"? Did the syslogd process > > exit? If so, it should have logged why it exited (unless it's > > killed by a SIGKILL). > >Nope, it's very much alive, all dressed up and asleep at the wheel. > > > > It's not real > > > consistant either. It probably quits about once every two or three > > > weeks. In my case sighup is useless as well. I have to kill > syslogd and > > > restart it. > > > > Ah, so the process is still there. Does it consume any CPU? > > What is the last line that have been logged? What happens > > when you type this command: > > > > logger -i -p kern.emerg -t test "It's alive!" > >It silently ignores that. > >This should answer all of your questions... but not necessarily ours: > >bash$ date >Sat Jan 8 22:06:50 EST 2000 So. Its 10 PM on Jan 8 2000 >bash$ ls -lart /var/log |tail >-rw-rw-r-- 1 root wheel 105 Jan 7 14:00 messages.1.gz >-rw-rw-r-- 1 root wheel 101 Jan 7 18:00 maillog.1.gz >-rw-rw-r-- 1 root wheel 108 Jan 8 14:00 messages.0.gz >-rw-rw-r-- 1 root wheel 62 Jan 8 14:00 messages Messages was last written to at 2 PM on Jan 8... >-rw-rw-r-- 1 root wheel 102 Jan 8 18:00 maillog.0.gz >-rw-rw-r-- 1 root wheel 62 Jan 8 18:00 maillog >drwxr-xr-x 2 root wheel 2048 Jan 8 18:00 . >-rw-rw-r-- 1 root wheel 616 Jan 8 21:11 sendmail.st >-rw-r--r-- 1 root wheel 176 Jan 8 22:06 wtmp >-rw-r--r-- 1 root wheel 28056 Jan 8 22:06 lastlog >bash$ cat /var/log/messages >Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over This just proves that messages was last written to at 2 PM. This also indicates that there was a log rotation perhaps. >bash$ zcat /var/log/messages.0.zg >/var/log/messages.0.zg.gz: No such file or directory >bash$ zcat /var/log/messages.0 >Jan 7 14:00:01 hostname newsyslog[35980]: logfile turned over >Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over This shows that this log rotation seems to be occurring everyday at 2PM. The wierd thing about this is that there was nothing (so it appears) logged between 2 PM on the 7th and 2PM on the 8th. Perhaps, there was a problem that occurred (or that the syslog stopped logging between these two rotations) >bash$ logger -i -p kern.emerg -t test "It's alive!" >bash$ cat /var/log/messages >Jan 8 14:00:00 hostname newsyslog[40027]: logfile turned over Obviously the logger command didn't work. So...here is what I would do. Check the periodic contents and any other crons for newsyslog and see what (if anything) is being run. I have this in my /etc/crontab: # rotate log files every hour, if necessary 0 * * * * root newsyslog Also, I would check the configuration file for newsyslog from man (8) newsyslog When starting up, newsyslog reads in a configuration file to determine which logs may potentially be archived. By default, this configuration file is /etc/newsyslog.conf. Each line of the file contains information about a particular log file that should be handled by newsyslog. Each line has five mandatory fields and four optional fields, with a whites- pace separating each field. Blank lines or lines beginning with ``#'' are ignored. The fields of the configuration file are as follows: ... path_to_pid_file This optional field specifies the file name to read to find the daemon process id. If this field is present, a signal_number is sent the process id contained in this file. This field must start with "/" in order to be recognized properly. I haven't checked this out a lot but this may be the problem on your machine. It may not be correctly killing the PID for syslogd before moving that log file out from underneath the FD. This seems the be the problem to me. Im just stabbin in the dark though :) Im really curious to see if we can resolve this. Let me know if any of this is any help. Jim >bash$ >bash$ ps waux | grep PID >USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND >bash$ ps waux | grep syslo >root 109 0.0 0.5 820 572 ?? Ss 23Dec99 7:42.94 syslogd >bash$ top -n >last pid: 40739; load averages: 0.20, 0.15, 0.06 up >15+22:23:14 22:13:21 >26 processes: 1 running, 25 sleeping > >Mem: 6548K Active, 41M Inact, 10M Wired, 3181K Buf, 66M Free >Swap: 260M Total, 260M Free > > > PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND > 109 root 2 0 820K 572K poll 7:43 0.00% 0.00% syslogd > > > >bash$ cat /etc/syslog.conf ># $FreeBSD: src/etc/syslog.conf,v 1.9.2.1 1999/08/29 14:19:02 peter Exp $ ># ># Spaces are NOT valid field separators in this file. ># Consult the syslog.conf(5) manpage. >*.err;kern.debug;auth.notice;mail.crit /dev/console >*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages >mail.info /var/log/maillog >lpr.info /var/log/lpd-errs >cron.* /var/cron/log >#*.err root >#*.notice;news.err root >#*.alert root >*.emerg * > >local2.* /var/log/sudo.log >local3.* /var/log/sshd.log > > ># uncomment these if you're running inn ># news.crit /var/log/news/news.crit ># news.err /var/log/news/news.err ># news.notice /var/log/news/news.notice >!startslip >*.* /var/log/slip.log >!ppp >*.* /var/log/ppp.log >!popper /var/log/pop.log > > >bash$ >bash$ uname -v >FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT >1999 jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC > > >-- > >Regards, > -*Sue*- > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's errors, in contrast: Windows - "Invalid page fault in module kernel32.dll at 0032:A16F2935" UNIX - "segmentation fault - core dumped" Humanous Beingsus - "OOPS, I've fallen and I can't get up" ------------------------------- Jim Conner NOTJames jconner@enterit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message