Date: Sat, 12 Mar 2011 22:52:23 +0100 From: Peter Boosten <peter@boosten.org> To: Len Conrad <LConrad@Go2France.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: syslog-ng logging stopped Message-ID: <3E21B80B-7386-4B4F-9B50-E87AA8D843DA@boosten.org> In-Reply-To: <201103122240713.SM06140@W500.Go2France.com> References: <201103112331.AA2596602004@mail.Go2France.com> <201103122240713.SM06140@W500.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
That probably means that it's not syslog-ng causing the problems. Maybe some firewall rule? Peter -- =20 HTTP://www.boosten.org On 12 mrt 2011, at 22:40, Len Conrad <LConrad@Go2France.com> wrote: > > >> ---------- Original Message ---------------------------------- >> From: I=C3=83=C2=B1igo Ortiz de Urbina <inigoortizdeurbina@gmail.com> >> Date: Fri, 11 Mar 2011 23:12:49 +0100 >> >>> Whats in dmesg and /var/log/? You shared extensive and excellent >>> troubleshooting info but didnt spot none of these. >>> >>> Keep us updated im sure im not the only one puzzled :) >>> >>> On 3/11/11, Len Conrad <lconrad@go2france.com> wrote: >>>> uname -a >>>> FreeBSD 7.0-RELEASE >>>> >>>> syslog-ng --version >>>> syslog-ng 2.0.10 >>>> >>>> change date on syslog-ng.conf is "Apr 20 2009" >>>> >>>> syslog-ng been running untouched for that long. Millions of lines/=20= >>>> per day >>>> log from 10 source machine. >>>> >>>> about 00:20 today Friday, all syslogging to syslog-ng stopped. >>>> >>>> sockstat -4 shows udp/tcp 514 listening >>>> >>>> chkrootkit shows nothing wrong >>>> >>>> stop syslog-ng >>>> >>>> then pkg_delete, and then >>>> >>>> cd /usr/ports/sysutils/syslog-ng2 >>>> >>>> make && make install >>>> >>>> start it, >>>> >>>> no change >>>> >>>> I rebooted the syslog server. no change >>>> >>>> trafshow -i bce0 -n >>>> >>>> then filter 514 >>>> >>>> ... shows 100KBs arriving from our syslog clients. >>>> >>>> tshark capture "port 514" on syslog-ng box shows plenty of =20 >>>> traffic arriving >>>> with untouched pf rules active, >>>> >>>> pfctl -d no change so pfctl -e >>>> >>>> df shows plenty of disk space for /var >>>> >>>> suggestions? >>>> >>>> Len >>>> >>>> >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 >>>> " >>>> >>> >>> >>> --=20 >>> I=C3=83=C2=B1igo Ortiz de Urbina Cazenave >>> http://www.twitter.com/ioc32 >> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> dmesg -a | less showed nothing >> >> /var/log/console.log showed nothing >> >> /var/log/messages showed nothing > > btw, I later replaced syslog-ng with syslogd, listening UDP:514. no =20= > lines in messages, maillog. > > Len > > > > > > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 >> " > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 > "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E21B80B-7386-4B4F-9B50-E87AA8D843DA>