From owner-freebsd-questions@FreeBSD.ORG Sat Mar 12 21:40:14 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E44F61065672 for ; Sat, 12 Mar 2011 21:40:14 +0000 (UTC) (envelope-from LConrad@Go2France.com) Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75]) by mx1.freebsd.org (Postfix) with ESMTP id A69088FC13 for ; Sat, 12 Mar 2011 21:40:14 +0000 (UTC) Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 6C68E47184C for ; Sat, 12 Mar 2011 22:40:16 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id F34AB3865B4 for ; Sat, 12 Mar 2011 22:40:16 +0100 (CET) (envelope-from LConrad@Go2France.com) Received: from W500.Go2France.com [72.48.240.99] by mail.Go2France.com with ESMTP (SMTPD32-7.07) id A85010A501A0; Sat, 12 Mar 2011 22:40:32 +0100 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 12 Mar 2011 15:40:03 -0600 To: freebsd-questions@freebsd.org From: Len Conrad In-Reply-To: <201103112331.AA2596602004@mail.Go2France.com> References: <201103112331.AA2596602004@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Message-Id: <201103122240713.SM06140@W500.Go2France.com> Subject: Re: syslog-ng logging stopped X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2011 21:40:15 -0000 >---------- Original Message ---------------------------------- >From: Iñigo Ortiz de Urbina >Date: Fri, 11 Mar 2011 23:12:49 +0100 > >>Whats in dmesg and /var/log/? You shared extensive and excellent >>troubleshooting info but didnt spot none of these. >> >>Keep us updated im sure im not the only one puzzled :) >> >>On 3/11/11, Len Conrad wrote: >>> uname -a >>> FreeBSD 7.0-RELEASE >>> >>> syslog-ng --version >>> syslog-ng 2.0.10 >>> >>> change date on syslog-ng.conf is "Apr 20 2009" >>> >>> syslog-ng been running untouched for that long. Millions of lines/per day >>> log from 10 source machine. >>> >>> about 00:20 today Friday, all syslogging to syslog-ng stopped. >>> >>> sockstat -4 shows udp/tcp 514 listening >>> >>> chkrootkit shows nothing wrong >>> >>> stop syslog-ng >>> >>> then pkg_delete, and then >>> >>> cd /usr/ports/sysutils/syslog-ng2 >>> >>> make && make install >>> >>> start it, >>> >>> no change >>> >>> I rebooted the syslog server. no change >>> >>> trafshow -i bce0 -n >>> >>> then filter 514 >>> >>> ... shows 100KBs arriving from our syslog clients. >>> >>> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriving >>> with untouched pf rules active, >>> >>> pfctl -d no change so pfctl -e >>> >>> df shows plenty of disk space for /var >>> >>> suggestions? >>> >>> Len >>> >>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >> >> >>-- >>Iñigo Ortiz de Urbina Cazenave >>http://www.twitter.com/ioc32 > >============= > >dmesg -a | less showed nothing > >/var/log/console.log showed nothing > >/var/log/messages showed nothing btw, I later replaced syslog-ng with syslogd, listening UDP:514. no lines in messages, maillog. Len >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"