From owner-freebsd-questions@FreeBSD.ORG Fri Mar 11 22:31:12 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28827106566B for ; Fri, 11 Mar 2011 22:31:12 +0000 (UTC) (envelope-from lconrad@Go2France.com) Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75]) by mx1.freebsd.org (Postfix) with ESMTP id E384C8FC1C for ; Fri, 11 Mar 2011 22:31:11 +0000 (UTC) Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id C6B1547184C for ; Fri, 11 Mar 2011 23:31:16 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 0A9CF3865B6 for ; Fri, 11 Mar 2011 23:31:18 +0100 (CET) (envelope-from lconrad@Go2France.com) Date: Fri, 11 Mar 2011 23:31:19 +0100 Message-Id: <201103112331.AA2596602004@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable From: "Len Conrad" X-Sender: To: X-Mailer: Subject: Re: syslog-ng logging stopped X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lconrad@Go2France.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2011 22:31:12 -0000 ---------- Original Message ---------------------------------- From: I=C3=B1igo Ortiz de Urbina Date: Fri, 11 Mar 2011 23:12:49 +0100 >Whats in dmesg and /var/log/? You shared extensive and excellent >troubleshooting info but didnt spot none of these. > >Keep us updated im sure im not the only one puzzled :) > >On 3/11/11, Len Conrad wrote: >> uname -a >> FreeBSD 7.0-RELEASE >> >> syslog-ng --version >> syslog-ng 2.0.10 >> >> change date on syslog-ng.conf is "Apr 20 2009" >> >> syslog-ng been running untouched for that long. Millions of lines/per da= y >> log from 10 source machine. >> >> about 00:20 today Friday, all syslogging to syslog-ng stopped. >> >> sockstat -4 shows udp/tcp 514 listening >> >> chkrootkit shows nothing wrong >> >> stop syslog-ng >> >> then pkg_delete, and then >> >> cd /usr/ports/sysutils/syslog-ng2 >> >> make && make install >> >> start it, >> >> no change >> >> I rebooted the syslog server. no change >> >> trafshow -i bce0 -n >> >> then filter 514 >> >> ... shows 100KBs arriving from our syslog clients. >> >> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriv= ing >> with untouched pf rules active, >> >> pfctl -d no change so pfctl -e >> >> df shows plenty of disk space for /var >> >> suggestions? >> >> Len >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >> > > >-- >I=C3=B1igo Ortiz de Urbina Cazenave >http://www.twitter.com/ioc32 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D dmesg -a | less showed nothing /var/log/console.log showed nothing /var/log/messages showed nothing