Date: Wed, 16 Aug 2000 14:08:55 -0700 (PDT) From: Todd Backman <todd@flyingcroc.net> To: freebsd-security@FreeBSD.ORG Subject: Re: syslogd poll state Message-ID: <Pine.BSF.4.21.0008161356000.6276-100000@security1.noc.flyingcroc.net> In-Reply-To: <Pine.BSF.4.21.0008151635580.4625-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I tried on -questions and didn't get any bites. Any ideas here?: (updated info: I increased my udp.recvspace via sysctl to overcome any possible overloads due to +250 servers spewing syslog data to it. That was not the problem and the poll state continues to occur. One thing I noticed is that when syslogd is in the "poll" state the following is listed in the output of sockstat: machinename# sockstat root syslogd 83 4 udp4 *.514 *.* root syslogd 83 6 udp4 x.x.x.x.271 x.x.x.x.53 ^^^^^^^ ^^^^^^^ machine IP nameserver IP I am wondering why syslogd would be attempting to do any type of lookups? Thanks. - Todd > > Greetings. > > Application: > > I am running a central syslog repository that logs +250 freebsd > servers. The syslog server is running 4.0-STABLE on good hardware (PII > 400, 256mb ram, Cheetah HD, adaptec 2940, Intel NIC). > > Issue: > > Syslog seems to die (enter poll state) at undetermined times. At first I > thought it was newsyslog related but I turned off newsyslog in cron and > the problem continues. Hupping syslogd has no effect and I must kill it > and restart to clear the poll state. I have searched the archives (pain in > the neck without having the ability to search by date :^P ) and have not > seen similar instances that have been answered. > > Question: > > Could some entry from one of my remote machines be killing syslogd? > (I have looked at the entries in /var/log/messages that correspond to the > times that cron dies/stops logging and nothing is out of the ordinary) > There are no other cronjobs that correspond to the times that syslog > stops... > > I would like to find out if anyone else has had this type of difficulty > before I rebuild the system/replace files/at script to grep for the poll > states, kill and restart syslogd... > > > Thanks in advance. > > - Todd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008161356000.6276-100000>