Re: syslogd on 6.0-beta

Wed, 25 May 2016 22:26:10 -0700 

On Wed, May 25, 2016 at 9:16 PM, Amit Kulkarni <amitk...@gmail.com> wrote:
> On Wed, May 25, 2016 at 10:31 PM, Ted Unangst <t...@tedunangst.com> wrote:
>
>> Jeff Ross wrote:
>> > jross@fw:/home/jross $ tail -10 /var/log/messages
>> > May 21 04:00:01 fw syslogd: restart
>> > May 25 15:53:58 fw syslogd: exiting on signal 15
>> > May 25 15:53:58 fw syslogd: start
>> > May 25 15:53:58 fw syslogd: recvfrom unix: Connection reset by peer
>> > May 25 15:56:00 fw syslogd: exiting on signal 15
>> > May 25 15:57:42 fw syslogd: start
>> > May 25 15:57:42 fw syslogd: recvfrom unix: Connection reset by peer
>> > May 25 16:01:09 fw syslogd: exiting on signal 15
>> > May 25 16:01:09 fw syslogd: start
>> > May 25 16:01:09 fw syslogd: recvfrom unix: Connection reset by peer
>>
>> This is quite unusual and not observed by anyone else.
>>
>> I'm not sure what else to suggest, but your environment seems quite
>> different.
>
> It looks like syslog starts and then exits immediately due to some kind of
> startup error.

It seem to get about three minutes in before being shut down, which is
way past a startup error.

The "recvfrom unix: Connection reset by peer" means this syslogd is
getting UNIX-domain socket connections (i.e., *not* the libc syslog()
API!) that are dropping their connections after sending something;
syslogd should probably be ignoring ECONNRESET in unix_readcb(), but
that's not why logger and sendsyslog() aren't getting through.  It
does raise the question of why you're getting syslog messages over UDP
instead of via syslog().

Anyway, the "socket not connected" error from sendsyslog() means that
syslogd isn't behaving like the real openbsd 6.0-beta syslogd.  I
would start by just running syslogd as root with
    syslogd -F -d

and see if it spits out anything interesting, including when running
logger in a different window.  If no clues from that, then do it again
under ktrace -i and then verify that it's using ioctl(LIOCSFD)
*successfully* to register as the recipient of syslog messages.


Your machine is behaving differently than other peoples'; what is
different about it?  How have you changed the configuration?  What
else is running on it?


Philip Guenther

Reply via email to