Date: Fri, 11 Mar 2011 21:37:01 +0100 From: "Len Conrad" <lconrad@Go2France.com> To: <freebsd-questions@freebsd.org> Subject: syslog-ng logging stopped Message-ID: <201103112137.AA2540961940@mail.Go2France.com>
next in thread | raw e-mail | index | archive | help
uname -a FreeBSD 7.0-RELEASE syslog-ng --version syslog-ng 2.0.10 change date on syslog-ng.conf is "Apr 20 2009" syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine. about 00:20 today Friday, all syslogging to syslog-ng stopped. sockstat -4 shows udp/tcp 514 listening chkrootkit shows nothing wrong stop syslog-ng then pkg_delete, and then cd /usr/ports/sysutils/syslog-ng2 make && make install start it, no change I rebooted the syslog server. no change trafshow -i bce0 -n then filter 514 ... shows 100KBs arriving from our syslog clients. tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, pfctl -d no change so pfctl -e df shows plenty of disk space for /var suggestions? Len
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103112137.AA2540961940>