syslog-ng logging stopped

Len Conrad lconrad at
Fri Mar 11 20:36:56 UTC 2011

uname -a

syslog-ng --version
syslog-ng 2.0.10

change date on syslog-ng.conf is  "Apr 20  2009"

syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine.

about 00:20 today Friday,  all syslogging to syslog-ng stopped.

sockstat -4 shows udp/tcp 514 listening

chkrootkit  shows nothing wrong

stop syslog-ng

then pkg_delete, and then

cd /usr/ports/sysutils/syslog-ng2

make && make install

start it,

no change

I rebooted the syslog server.  no change

trafshow -i bce0 -n

then filter 514

... shows 100KBs arriving from our syslog clients.

tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, 

pfctl -d   no change so pfctl -e

df shows plenty of disk space for /var



More information about the freebsd-questions mailing list