From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 11 20:36:56 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 03F071065670
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2011 20:36:56 +0000 (UTC)
	(envelope-from lconrad@Go2France.com)
Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75])
	by mx1.freebsd.org (Postfix) with ESMTP id BFEC78FC16
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2011 20:36:55 +0000 (UTC)
Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 8824747184C
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2011 21:37:00 +0100 (CET)
Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 9FB603865B4
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2011 21:37:01 +0100 (CET)
	(envelope-from lconrad@Go2France.com)
Date: Fri, 11 Mar 2011 21:37:01 +0100
Message-Id: <201103112137.AA2540961940@mail.Go2France.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Len Conrad" <lconrad@Go2France.com>
X-Sender: <lconrad@Go2France.com>
To: <freebsd-questions@freebsd.org>
X-Mailer: <IMail v7.07>
Subject: syslog-ng logging stopped
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lconrad@Go2France.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2011 20:36:56 -0000

uname -a
FreeBSD 7.0-RELEASE

syslog-ng --version
syslog-ng 2.0.10

change date on syslog-ng.conf is  "Apr 20  2009"

syslog-ng been running untouched for that long. Millions of lines/per day log from 10 source machine.

about 00:20 today Friday,  all syslogging to syslog-ng stopped.

sockstat -4 shows udp/tcp 514 listening

chkrootkit  shows nothing wrong

stop syslog-ng

then pkg_delete, and then

cd /usr/ports/sysutils/syslog-ng2

make && make install

start it,

no change

I rebooted the syslog server.  no change

trafshow -i bce0 -n

then filter 514

... shows 100KBs arriving from our syslog clients.

tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving with untouched pf rules active, 

pfctl -d   no change so pfctl -e

df shows plenty of disk space for /var

suggestions?

Len