syslog-ng logging stopped

Len Conrad LConrad at Go2France.com
Sat Mar 12 21:40:15 UTC 2011 


>---------- Original Message ----------------------------------
>From: Iñigo Ortiz de Urbina <inigoortizdeurbina at gmail.com>
>Date:  Fri, 11 Mar 2011 23:12:49 +0100
>
>>Whats in dmesg and /var/log/? You shared extensive and excellent
>>troubleshooting info but didnt spot none of these.
>>
>>Keep us updated im sure im not the only one puzzled :)
>>
>>On 3/11/11, Len Conrad <lconrad at go2france.com> wrote:
>>> uname -a
>>> FreeBSD 7.0-RELEASE
>>>
>>> syslog-ng --version
>>> syslog-ng 2.0.10
>>>
>>> change date on syslog-ng.conf is  "Apr 20  2009"
>>>
>>> syslog-ng been running untouched for that long. Millions of lines/per day
>>> log from 10 source machine.
>>>
>>> about 00:20 today Friday,  all syslogging to syslog-ng stopped.
>>>
>>> sockstat -4 shows udp/tcp 514 listening
>>>
>>> chkrootkit  shows nothing wrong
>>>
>>> stop syslog-ng
>>>
>>> then pkg_delete, and then
>>>
>>> cd /usr/ports/sysutils/syslog-ng2
>>>
>>> make && make install
>>>
>>> start it,
>>>
>>> no change
>>>
>>> I rebooted the syslog server.  no change
>>>
>>> trafshow -i bce0 -n
>>>
>>> then filter 514
>>>
>>> ... shows 100KBs arriving from our syslog clients.
>>>
>>> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving
>>> with untouched pf rules active,
>>>
>>> pfctl -d   no change so pfctl -e
>>>
>>> df shows plenty of disk space for /var
>>>
>>> suggestions?
>>>
>>> Len
>>>
>>>
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>>
>>
>>
>>-- 
>>Iñigo Ortiz de Urbina Cazenave
>>http://www.twitter.com/ioc32
>
>=============
>
>dmesg -a | less showed nothing
>
>/var/log/console.log showed nothing
>
>/var/log/messages showed nothing

btw, I later replaced syslog-ng with syslogd, listening UDP:514.  no lines in messages, maillog.

Len






>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list