syslog-ng logging stopped
Len Conrad
lconrad at Go2France.com
Fri Mar 11 20:36:56 UTC 2011
uname -a
FreeBSD 7.0-RELEASE
syslog-ng --version
syslog-ng 2.0.10
change date on syslog-ng.conf is "Apr 20 2009"
syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine.
about 00:20 today Friday, all syslogging to syslog-ng stopped.
sockstat -4 shows udp/tcp 514 listening
chkrootkit shows nothing wrong
stop syslog-ng
then pkg_delete, and then
cd /usr/ports/sysutils/syslog-ng2
make && make install
start it,
no change
I rebooted the syslog server. no change
trafshow -i bce0 -n
then filter 514
... shows 100KBs arriving from our syslog clients.
tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving with untouched pf rules active,
pfctl -d no change so pfctl -e
df shows plenty of disk space for /var
suggestions?
Len
More information about the freebsd-questions
mailing list