isc-dhcpd logging breaks when syslog-ng HUP'd

Christopher Cowart ccowart at rescomp.berkeley.edu
Thu Apr 5 21:28:38 UTC 2007 

Hello,

I posted this to questions last month, but have not received any
responses. I'm hoping somebody on this list may be able to help.

I have 2 servers running isc-dhcp3-server and syslog-ng. I have
configured dhcpd to run in a chroot. The following (reproducible)
sequence of events cause dhcpd logging to break:
 1) Start syslog-ng
 2) Start isc-dhcpd (At this point, logging is working fine)
 3) `pkill -HUP syslog-ng` (This happens on the hour whenever logfiles
    need rotating, but can also be effected manually)
 4) dhcpd logging is now broken
 5) Restart isc-dhcpd (logging works again)

My theory (and it's only a theory) is that when isc-dhcpd starts, it 
gets an fd to the syslog socket. When syslog-ng receives a HUP, that 
socket is reopened and isc-dhcpd's fd is now broken.

Relevant options from rc.conf:
| syslogd_enable="NO"
| newsyslog_enable="NO"
| syslog_ng_enable="YES"
| dhcpd_enable="YES"
| dhcpd_flags="-q"
| dhcpd_conf="/usr/local/etc/dhcpd.conf"
| dhcpd_includedir="/usr/local/etc/dhcpd.d"
| dhcpd_withumask="022"
| dhcpd_chuser_enable="YES"
| dhcpd_withuser="dhcpd"
| dhcpd_withgroup="dhcpd"
| dhcpd_devfs_enable="YES"
| dhcpd_rootdir="/var/jails/dhcpd"
| dhcpd_chroot_enable="YES"
| dhcpd_ifaces="bge0"

Note that if I enable the dhcpd_jail options (to use a FreeBSD jail in
addition to the chroot and unprivileged user), I still experience the
same symptoms.

My workaround:
For the hosts in question, I've added to the logrotate postrotate
script: `/usr/local/etc/rc.d/isc-dhcpd restart > /dev/null`
This workaround makes me a little uncomfortable, because these instances
of dhcpd are critical for thousands of end users.

Is this a bug? Is there a better workaround? Logging from all other
applications on the system is unaffected by the HUP to syslog-ng,
including two jailed instances of bind9 (syslog-ng on the host opens up
the socket /var/run/log inside those jails). 

Any insight would be greatly appreciated.

Thanks,

-- 
Chris Cowart
Lead Systems Administrator
Network Infrastructure, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-isp/attachments/20070405/c2ca45e2/attachment.pgp

More information about the freebsd-isp mailing list