Re: syslog-ng logging stopped
May it be a permission issue (fs or /dev/kmem or the like)? syslog-ng or syslogd as root doesn't enable log writing. Can you manually start syslog-ng or syslogd with verbose flags enabled? I edited rc.d/syslog-ng script to add -d of course, nothing is logged, so -d doesn't help. Len Man, you really stumbled upon something weird! On 3/12/11, Len Conrad lcon...@go2france.com wrote: At 03:52 PM 3/12/2011, you wrote: That probably means that it's not syslog-ng causing the problems. right Maybe some firewall rule? I run pf. pfctl -d didn't allow logging to start. trafshow and tshark showed all the traffic hitting port 514, not being blocked. Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Iñigo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: syslog-ng logging stopped
-- Original Message -- From: Iñigo Ortiz de Urbina inigoortizdeurb...@gmail.com Date: Fri, 11 Mar 2011 23:12:49 +0100 Whats in dmesg and /var/log/? You shared extensive and excellent troubleshooting info but didnt spot none of these. Keep us updated im sure im not the only one puzzled :) On 3/11/11, Len Conrad lcon...@go2france.com wrote: uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is Apr 20 2009 syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine. about 00:20 today Friday, all syslogging to syslog-ng stopped. sockstat -4 shows udp/tcp 514 listening chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 ... shows 100KBs arriving from our syslog clients. tshark capture port 514 on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, pfctl -d no change so pfctl -e df shows plenty of disk space for /var suggestions? Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Iñigo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32 = dmesg -a | less showed nothing /var/log/console.log showed nothing /var/log/messages showed nothing btw, I later replaced syslog-ng with syslogd, listening UDP:514. no lines in messages, maillog. Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: syslog-ng logging stopped
At 03:52 PM 3/12/2011, you wrote: That probably means that it's not syslog-ng causing the problems. right Maybe some firewall rule? I run pf. pfctl -d didn't allow logging to start. trafshow and tshark showed all the traffic hitting port 514, not being blocked. Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: syslog-ng logging stopped
That probably means that it's not syslog-ng causing the problems. Maybe some firewall rule? Peter -- HTTP://www.boosten.org On 12 mrt 2011, at 22:40, Len Conrad lcon...@go2france.com wrote: -- Original Message -- From: Iñigo Ortiz de Urbina inigoortizdeurb...@gmail.com Date: Fri, 11 Mar 2011 23:12:49 +0100 Whats in dmesg and /var/log/? You shared extensive and excellent troubleshooting info but didnt spot none of these. Keep us updated im sure im not the only one puzzled :) On 3/11/11, Len Conrad lcon...@go2france.com wrote: uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is Apr 20 2009 syslog-ng been running untouched for that long. Millions of lines/ per day log from 10 source machine. about 00:20 today Friday, all syslogging to syslog-ng stopped. sockstat -4 shows udp/tcp 514 listening chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 ... shows 100KBs arriving from our syslog clients. tshark capture port 514 on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, pfctl -d no change so pfctl -e df shows plenty of disk space for /var suggestions? Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Iñigo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32 = dmesg -a | less showed nothing /var/log/console.log showed nothing /var/log/messages showed nothing btw, I later replaced syslog-ng with syslogd, listening UDP:514. no lines in messages, maillog. Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
syslog-ng logging stopped
uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is Apr 20 2009 syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine. about 00:20 today Friday, all syslogging to syslog-ng stopped. sockstat -4 shows udp/tcp 514 listening chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 ... shows 100KBs arriving from our syslog clients. tshark capture port 514 on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, pfctl -d no change so pfctl -e df shows plenty of disk space for /var suggestions? Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: syslog-ng logging stopped
-- Original Message -- From: Iñigo Ortiz de Urbina inigoortizdeurb...@gmail.com Date: Fri, 11 Mar 2011 23:12:49 +0100 Whats in dmesg and /var/log/? You shared extensive and excellent troubleshooting info but didnt spot none of these. Keep us updated im sure im not the only one puzzled :) On 3/11/11, Len Conrad lcon...@go2france.com wrote: uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is Apr 20 2009 syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine. about 00:20 today Friday, all syslogging to syslog-ng stopped. sockstat -4 shows udp/tcp 514 listening chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 ... shows 100KBs arriving from our syslog clients. tshark capture port 514 on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, pfctl -d no change so pfctl -e df shows plenty of disk space for /var suggestions? Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Iñigo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32 = dmesg -a | less showed nothing /var/log/console.log showed nothing /var/log/messages showed nothing ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
