syslog-ng logging stopped
Len Conrad
lconrad at Go2France.com
Fri Mar 11 22:31:12 UTC 2011
---------- Original Message ----------------------------------
From: Iñigo Ortiz de Urbina <inigoortizdeurbina at gmail.com>
Date: Fri, 11 Mar 2011 23:12:49 +0100
>Whats in dmesg and /var/log/? You shared extensive and excellent
>troubleshooting info but didnt spot none of these.
>
>Keep us updated im sure im not the only one puzzled :)
>
>On 3/11/11, Len Conrad <lconrad at go2france.com> wrote:
>> uname -a
>> FreeBSD 7.0-RELEASE
>>
>> syslog-ng --version
>> syslog-ng 2.0.10
>>
>> change date on syslog-ng.conf is "Apr 20 2009"
>>
>> syslog-ng been running untouched for that long. Millions of lines/per day
>> log from 10 source machine.
>>
>> about 00:20 today Friday, all syslogging to syslog-ng stopped.
>>
>> sockstat -4 shows udp/tcp 514 listening
>>
>> chkrootkit shows nothing wrong
>>
>> stop syslog-ng
>>
>> then pkg_delete, and then
>>
>> cd /usr/ports/sysutils/syslog-ng2
>>
>> make && make install
>>
>> start it,
>>
>> no change
>>
>> I rebooted the syslog server. no change
>>
>> trafshow -i bce0 -n
>>
>> then filter 514
>>
>> ... shows 100KBs arriving from our syslog clients.
>>
>> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving
>> with untouched pf rules active,
>>
>> pfctl -d no change so pfctl -e
>>
>> df shows plenty of disk space for /var
>>
>> suggestions?
>>
>> Len
>>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
>
>
>--
>Iñigo Ortiz de Urbina Cazenave
>http://www.twitter.com/ioc32
=============
dmesg -a | less showed nothing
/var/log/console.log showed nothing
/var/log/messages showed nothing
More information about the freebsd-questions
mailing list