syslog-ng logging stopped
lconrad at Go2France.com
Fri Mar 11 20:36:56 UTC 2011
change date on syslog-ng.conf is "Apr 20 2009"
syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine.
about 00:20 today Friday, all syslogging to syslog-ng stopped.
sockstat -4 shows udp/tcp 514 listening
chkrootkit shows nothing wrong
then pkg_delete, and then
make && make install
I rebooted the syslog server. no change
trafshow -i bce0 -n
then filter 514
... shows 100KBs arriving from our syslog clients.
tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving with untouched pf rules active,
pfctl -d no change so pfctl -e
df shows plenty of disk space for /var
More information about the freebsd-questions