[rsyslog] rsyslog status ABRT or SEGV

Tue, 07 Nov 2017 22:47:47 -0800 

Hi all!

I see the following messages in my syslog:
Nov  8 08:42:56 dc-zbx rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" 
x-pid="13223" x-info="http://www.rsyslog.com";] start
Nov  8 08:42:56 dc-zbx systemd[1]: rsyslog.service: main process exited, 
code=killed, status=11/SEGV
Nov  8 08:42:56 dc-zbx systemd[1]: Unit rsyslog.service entered failed state.
Nov  8 08:42:56 dc-zbx systemd[1]: rsyslog.service holdoff time over, 
scheduling restart.
Nov  8 08:42:56 dc-zbx systemd[1]: Stopping System Logging Service...
Nov  8 08:42:56 dc-zbx systemd[1]: Starting System Logging Service...
Nov  8 08:42:56 dc-zbx systemd[1]: Started System Logging Service.
Nov  8 08:43:01 dc-zbx rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" 
x-pid="13249" x-info="http://www.rsyslog.com";] start
Nov  8 08:43:01 dc-zbx systemd[1]: rsyslog.service: main process exited, 
code=killed, status=11/SEGV
Nov  8 08:43:01 dc-zbx systemd[1]: Unit rsyslog.service entered failed state.
Nov  8 08:43:01 dc-zbx systemd[1]: rsyslog.service holdoff time over, 
scheduling restart.
Nov  8 08:43:01 dc-zbx systemd[1]: Stopping System Logging Service...
Nov  8 08:43:01 dc-zbx systemd[1]: Starting System Logging Service...
Nov  8 08:43:01 dc-zbx systemd[1]: Started System Logging Service.
Nov  8 08:43:07 dc-zbx rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" 
x-pid="13291" x-info="http://www.rsyslog.com";] start
Nov  8 08:43:06 dc-zbx systemd[1]: rsyslog.service: main process exited, 
code=killed, status=6/ABRT
Nov  8 08:43:06 dc-zbx systemd[1]: Unit rsyslog.service entered failed state.
Nov  8 08:43:07 dc-zbx systemd[1]: rsyslog.service holdoff time over, 
scheduling restart.
Nov  8 08:43:07 dc-zbx systemd[1]: Stopping System Logging Service...
Nov  8 08:43:07 dc-zbx systemd[1]: Starting System Logging Service...
Nov  8 08:43:07 dc-zbx systemd[1]: Started System Logging Service.
Nov  8 08:43:13 dc-zbx rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" 
x-pid="13326" x-info="http://www.rsyslog.com";] start
Nov  8 08:43:13 dc-zbx systemd[1]: rsyslog.service: main process exited, 
code=killed, status=11/SEGV
Nov  8 08:43:13 dc-zbx systemd[1]: Unit rsyslog.service entered failed state.
Nov  8 08:43:13 dc-zbx systemd[1]: rsyslog.service holdoff time over, 
scheduling restart.
Nov  8 08:43:13 dc-zbx systemd[1]: Stopping System Logging Service...
Nov  8 08:43:13 dc-zbx systemd[1]: Starting System Logging Service...
Nov  8 08:43:13 dc-zbx systemd[1]: Started System Logging Service.

​So rsyslogd fails with different error codes several times per minute. This 
causes log files be incomplete since I use rsyslog as remote log collector for 
about 100 remote hosts.

My rsyslog.conf:
module(load="imudp" threads="8" timeRequery="8" batchSize="128")
input(type="imudp" port="514" ruleset="writeRemoteData")

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$RepeatedMsgReduction on

$FileOwner root
$FileGroup adm
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022

$WorkDirectory /var/spool/rsyslog

$IncludeConfig /etc/rsyslog.d/*.conf

template (name="DynFile" type="string" 
string="/var/log/remotes/LAN/%FROMHOST-IP%/%syslogfacility-text%.log")

ruleset(name="writeRemoteData"
        queue.type="fixedArray"
        queue.size="250000"
        queue.dequeueBatchSize="4096"
        queue.workerThreads="8"
        queue.workerThreadMinimumMessages="60000"
) {
        if ($fromhost-ip startswith "192.168.") then {
                Action (type="omfile" dynaFile="DynFile" flushOnTXEnd="off" 
asyncWriting="on" flushInterval="1" ioBufferSize="64k")
                stop
        } else if ($fromhost-ip startswith "10.") then {
                Action (type="omfile" dynaFile="DynFile" flushOnTXEnd="off" 
asyncWriting="on" flushInterval="1" ioBufferSize="64k")
                stop
        } else if ($fromhost-ip startswith "172.") then {
                Action (type="omfile" dynaFile="DynFile" flushOnTXEnd="off" 
asyncWriting="on" flushInterval="1" ioBufferSize="64k")
                stop
        }
}

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log

mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

*.=debug;\
auth,authpriv.none;\
news.none;mail.none
-/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none
-/var/log/messages

*.emerg :omusrmsg:*

daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn
|/dev/xconsole

​Thank you for any help.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.
  • [rsys... Войнович Андрей Александрович via rsyslog
    • ... David Lang
      • ... Войнович Андрей Александрович via rsyslog
        • ... deoren
        • ... David Lang
          • ... Войнович Андрей Александрович via rsyslog

Reply via email to