Hi,
> > ssh logs connections, if the syslog process cannot process the message, > ssh is designed to stop and wait until it does (it deems the log so > important that it refuses to do anything until the log is written) > > conole logins do the same thing. Is there any way I can test this? Strace? Ltrace? Sshd configuration directive?... > > so something causes rsyslog to stop accepting messages. the same thing can > happen to syslog-ng or to plain sysklog, just under different conditions. > > so the question is why rsyslog stopped. > > what is rsyslog configured to do with log messages? > > is there any chance that it was unable to do something with a message and > so would have had to keep it in it's queue until the queue filled up? > (logging via TCP to a remote server that stops responding will do this, so > will writing to a full filesystem) The system sends its logs over TCP to a remote logserver. Initial analysis yield a routing problem which should have been fixed so I hope not to see such a problem due to this. But, my question now is: shouldn't logfiles be spooled under $WorkDirectory /var/spool/rsyslog and sent over to the logserver once it becomes available again? There's plenty of space on /var ... > > rsyslog can be configured to accept and discard log entries when the queue > is full, doing this can avoid this sort of situation. Could you please tell us how? :-) Regards, Martin This email and any attachments are confidential, and may be legally privileged and protected by copyright. If you are not the intended recipient dissemination or copying of this email is prohibited. If you have received this in error, please notify the sender by replying by email and then delete the email completely from your system. Any views or opinions are solely those of the sender. This communication is not intended to form a binding contract unless expressly indicated to the contrary and properly authorised. Any actions taken on the basis of this email are at the recipient's own risk. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
