From owner-freebsd-stable Wed Oct 3 22:24:39 2001 Delivered-To: freebsd-stable@freebsd.org Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.121.12]) by hub.freebsd.org (Postfix) with ESMTP id DA99A37B407 for ; Wed, 3 Oct 2001 22:24:35 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.247.140.64.Dial1.SanJose1.Level3.net [209.247.140.64]) by harrier.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id WAA17652; Wed, 3 Oct 2001 22:24:30 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f945OTr13470; Wed, 3 Oct 2001 22:24:29 -0700 (PDT) (envelope-from cjc) Date: Wed, 3 Oct 2001 22:24:29 -0700 From: "Crist J. Clark" To: Daniel Frazier Cc: stable@FreeBSD.ORG Subject: Re: syslogd problems... Message-ID: <20011003222428.R8391@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <3BBB5E9F.8030803@magpage.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3BBB5E9F.8030803@magpage.com>; from dfrazier@magpage.com on Wed, Oct 03, 2001 at 02:53:19PM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Oct 03, 2001 at 02:53:19PM -0400, Daniel Frazier wrote: > Here at the isp I work for we recently replaced the box that serves as > our syslog server with a new FreeBSD box. We spent a few weeks > getting everything everything set up on it and haven't made world since > as this box runs a couple of other critical services. It went live > last week. Since then on more than a couple of occasions I've had to > manually restart syslogd after it (apparently) hung. The process was > still running but nothing was being logged, not local stuff and not > stuff from remote machines. HUP'ing syslogd didn't fix this condition, > I had to kill it then start it back up. > > Unfortunately I didn't spend too much time trying to investigate while > this was happening as at the time my first priority was to get things > logging again. This happens at random times which do not correlate > with newsyslog runs. Seeing as how there is at least 200Mb logged to > various logs per hour could it be related to the volume of syslog data > coming in? I noticed that syslogd.c was changed a few days ago. That > wouldn't have been to address something like this, would it? > > Any ideas as to what could be going on here or what I can do next time > this happens to try to track down the cause? I'll be more than happy > to clarify anything I've written here or provide additional details if > needed. Thanks for your help. This is a toughie to diagnose, "random" freezes. Could we get some more specifics on how you are logging (e.g. syslog.conf(5)) and an better idea of the magnitude (bytes per time) and pattern (how many hosts) of the traffic you are handling? I might be able to try to reproduce the problem. Some other things to collect next freeze up would be, % ps luww -p `cat /var/run/syslog.pid` % fstat -p `cat /var/run/syslogd.pid` % netstat -an % sockstat There wouldn't happen to be any similarity in the logs right before it quits? Or any special time of day? How long was it frozen before you noticed? Are you using the '-n' option? Does it help? HTH. -- Crist J. Clark cjclark@alum.mit.edu cjclark@jhu.edu cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message