I think you are affected by this bug: http://bugzilla.adiscon.com/show_bug.cgi?id=86
You need to upgrade to the recent v3-stable version. Rainer > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:rsyslog- > [EMAIL PROTECTED] On Behalf Of Julian Tyler > Sent: Monday, August 04, 2008 3:25 AM > To: [email protected] > Subject: [rsyslog] Denial of Service > > > I have a client/server setup of rsyslog, however if the server becomes > unreachable > and the client's memory buffers fill up, everything that needs to log > just hangs/blocks, > such as ssh. > > I have enabled disk queueing however it never seems to queue anything > to disk. > > What am i doing wrong ? > > --- > ----> Rsyslog version > --- > [app-00-0001 ~]# rsyslogd -v > rsyslogd 3.16.1, compiled with: > FEATURE_REGEXP: Yes > FEATURE_LARGEFILE: Yes > FEATURE_NETZIP (message compression): Yes > GSSAPI Kerberos 5 support: No > FEATURE_DEBUG (debug build, slow code): No > Runtime Instrumentation (slow code): No > > --- > -----> Here is my rsyslog.conf from the offending box > --- > [app-00-0001 ~]# cat /etc/rsyslog.conf > # rsyslog v3: load input modules > # If you do not load inputs, nothing happens! > # You may need to set the module load path if modules are not found. > > # Debug Template > $template MyDebug,"Debug line with all properties:\nFROMHOST: > '%FROMHOST%', fromhost-ip: '%fromhost-ip%', HOSTNAME: '%HOSTNAME%', > PRI: %PRI%,\nsyslogtag '%syslogtag%', programname: '%programname%', > APP-NAME: '%APP-NAME%', PROCID: '%PROCID%', MSGID: '%MSGID%', > \nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: '%STRUCTURED-DATA%', > \nmsg: '%msg%'\nescaped msg: '%msg:::drop-cc%'\nrawmsg: '%rawmsg%'\n\n" > > $template Sys23Forward, "<%PRI%>1 %TIMESTAMP:::date-rfc3339% %HOSTNAME > % %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%" > > > $ModLoad immark.so # provides --MARK-- message capability > $ModLoad imuxsock.so # provides support for local system logging (e.g. > via logger command) > $ModLoad imklog.so # kernel logging (formerly provided by rklogd) > $ModLoad lmregexp.so > > *.* /var/log/all > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > *.info;mail.none;authpriv.none;cron.none -/var/log/ > messages > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > mail.* -/var/log/ > maillog > > > # Log cron stuff > cron.* -/var/log/cron > > # Everybody gets emergency messages > *.emerg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit -/var/log/ > spooler > > # Save boot messages also to boot.log > local7.* /var/log/ > boot.log > > # Remote Logging (we use TCP for reliable delivery) > # An on-disk queue is created for this action. If the remote host is > # down, messages are spooled to disk and sent when it is up again. > $WorkDirectory /var/spool/rsyslog/ # where to place spool files > $ActionQueueType LinkedList # run asynchronously > $ActionQueueFileName remotelog # unique name prefix for spool files > $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as > possible) > $ActionQueueSaveOnShutdown on # save messages to disk on shutdown > $ActionResumeRetryCount -1 # infinite retries if host is down > # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional > #*.* @@(z9)10.238.0.1;RSYSLOG_SyslogProtocol23Format > *.* @@10.238.0.1;Sys23Forward > > > # ######### Receiving Messages from Remote Hosts ########## > # TCP Syslog Server: > # provides TCP syslog reception and GSS-API (if compiled to support it) > #$ModLoad imtcp.so # load module > # Note: as of now, you need to use the -t command line option to > # enable TCP reception (e.g. -t514 to run a server at port 514/tcp) > # This will change in later v3 releases. > > # UDP Syslog Server: > $ModLoad imudp.so # provides UDP syslog reception > #$UDPServerRun 514 # start a UDP syslog server at standard port 514 > $UDPServerRun 513 # start a UDP syslog server at standard port 514 > #$UDPServerAddress > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
