Date: Sat, 12 Mar 2011 15:40:03 -0600 From: Len Conrad <LConrad@Go2France.com> To: freebsd-questions@freebsd.org Subject: Re: syslog-ng logging stopped Message-ID: <201103122240713.SM06140@W500.Go2France.com> In-Reply-To: <201103112331.AA2596602004@mail.Go2France.com> References: <201103112331.AA2596602004@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>---------- Original Message ---------------------------------- >From: Iñigo Ortiz de Urbina <inigoortizdeurbina@gmail.com> >Date: Fri, 11 Mar 2011 23:12:49 +0100 > >>Whats in dmesg and /var/log/? You shared extensive and excellent >>troubleshooting info but didnt spot none of these. >> >>Keep us updated im sure im not the only one puzzled :) >> >>On 3/11/11, Len Conrad <lconrad@go2france.com> wrote: >>> uname -a >>> FreeBSD 7.0-RELEASE >>> >>> syslog-ng --version >>> syslog-ng 2.0.10 >>> >>> change date on syslog-ng.conf is "Apr 20 2009" >>> >>> syslog-ng been running untouched for that long. Millions of lines/per day >>> log from 10 source machine. >>> >>> about 00:20 today Friday, all syslogging to syslog-ng stopped. >>> >>> sockstat -4 shows udp/tcp 514 listening >>> >>> chkrootkit shows nothing wrong >>> >>> stop syslog-ng >>> >>> then pkg_delete, and then >>> >>> cd /usr/ports/sysutils/syslog-ng2 >>> >>> make && make install >>> >>> start it, >>> >>> no change >>> >>> I rebooted the syslog server. no change >>> >>> trafshow -i bce0 -n >>> >>> then filter 514 >>> >>> ... shows 100KBs arriving from our syslog clients. >>> >>> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving >>> with untouched pf rules active, >>> >>> pfctl -d no change so pfctl -e >>> >>> df shows plenty of disk space for /var >>> >>> suggestions? >>> >>> Len >>> >>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >> >> >>-- >>Iñigo Ortiz de Urbina Cazenave >>http://www.twitter.com/ioc32 > >============= > >dmesg -a | less showed nothing > >/var/log/console.log showed nothing > >/var/log/messages showed nothing btw, I later replaced syslog-ng with syslogd, listening UDP:514. no lines in messages, maillog. Len >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103122240713.SM06140>