syslog-ng logging stopped
Peter Boosten
peter at boosten.org
Sat Mar 12 22:12:52 UTC 2011
That probably means that it's not syslog-ng causing the problems.
Maybe some firewall rule?
Peter
--
HTTP://www.boosten.org
On 12 mrt 2011, at 22:40, Len Conrad <LConrad at Go2France.com> wrote:
>
>
>> ---------- Original Message ----------------------------------
>> From: Iñigo Ortiz de Urbina <inigoortizdeurbina at gmail.com>
>> Date: Fri, 11 Mar 2011 23:12:49 +0100
>>
>>> Whats in dmesg and /var/log/? You shared extensive and excellent
>>> troubleshooting info but didnt spot none of these.
>>>
>>> Keep us updated im sure im not the only one puzzled :)
>>>
>>> On 3/11/11, Len Conrad <lconrad at go2france.com> wrote:
>>>> uname -a
>>>> FreeBSD 7.0-RELEASE
>>>>
>>>> syslog-ng --version
>>>> syslog-ng 2.0.10
>>>>
>>>> change date on syslog-ng.conf is "Apr 20 2009"
>>>>
>>>> syslog-ng been running untouched for that long. Millions of lines/
>>>> per day
>>>> log from 10 source machine.
>>>>
>>>> about 00:20 today Friday, all syslogging to syslog-ng stopped.
>>>>
>>>> sockstat -4 shows udp/tcp 514 listening
>>>>
>>>> chkrootkit shows nothing wrong
>>>>
>>>> stop syslog-ng
>>>>
>>>> then pkg_delete, and then
>>>>
>>>> cd /usr/ports/sysutils/syslog-ng2
>>>>
>>>> make && make install
>>>>
>>>> start it,
>>>>
>>>> no change
>>>>
>>>> I rebooted the syslog server. no change
>>>>
>>>> trafshow -i bce0 -n
>>>>
>>>> then filter 514
>>>>
>>>> ... shows 100KBs arriving from our syslog clients.
>>>>
>>>> tshark capture "port 514" on syslog-ng box shows plenty of
>>>> traffic arriving
>>>> with untouched pf rules active,
>>>>
>>>> pfctl -d no change so pfctl -e
>>>>
>>>> df shows plenty of disk space for /var
>>>>
>>>> suggestions?
>>>>
>>>> Len
>>>>
>>>>
>>>> _______________________________________________
>>>> freebsd-questions at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org
>>>> "
>>>>
>>>
>>>
>>> --
>>> Iñigo Ortiz de Urbina Cazenave
>>> http://www.twitter.com/ioc32
>>
>> =============
>>
>> dmesg -a | less showed nothing
>>
>> /var/log/console.log showed nothing
>>
>> /var/log/messages showed nothing
>
> btw, I later replaced syslog-ng with syslogd, listening UDP:514. no
> lines in messages, maillog.
>
> Len
>
>
>
>
>
>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org
>> "
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org
> "
More information about the freebsd-questions
mailing list