Date: Fri, 11 Mar 2011 23:31:19 +0100 From: "Len Conrad" <lconrad@Go2France.com> To: <freebsd-questions@freebsd.org> Subject: Re: syslog-ng logging stopped Message-ID: <201103112331.AA2596602004@mail.Go2France.com>
next in thread | raw e-mail | index | archive | help
---------- Original Message ---------------------------------- From: I=C3=B1igo Ortiz de Urbina <inigoortizdeurbina@gmail.com> Date: Fri, 11 Mar 2011 23:12:49 +0100 >Whats in dmesg and /var/log/? You shared extensive and excellent >troubleshooting info but didnt spot none of these. > >Keep us updated im sure im not the only one puzzled :) > >On 3/11/11, Len Conrad <lconrad@go2france.com> wrote: >> uname -a >> FreeBSD 7.0-RELEASE >> >> syslog-ng --version >> syslog-ng 2.0.10 >> >> change date on syslog-ng.conf is "Apr 20 2009" >> >> syslog-ng been running untouched for that long. Millions of lines/per da= y >> log from 10 source machine. >> >> about 00:20 today Friday, all syslogging to syslog-ng stopped. >> >> sockstat -4 shows udp/tcp 514 listening >> >> chkrootkit shows nothing wrong >> >> stop syslog-ng >> >> then pkg_delete, and then >> >> cd /usr/ports/sysutils/syslog-ng2 >> >> make && make install >> >> start it, >> >> no change >> >> I rebooted the syslog server. no change >> >> trafshow -i bce0 -n >> >> then filter 514 >> >> ... shows 100KBs arriving from our syslog clients. >> >> tshark capture "port 514" on syslog-ng box shows plenty of traffic arriv= ing >> with untouched pf rules active, >> >> pfctl -d no change so pfctl -e >> >> df shows plenty of disk space for /var >> >> suggestions? >> >> Len >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >> > > >-- >I=C3=B1igo Ortiz de Urbina Cazenave >http://www.twitter.com/ioc32 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D dmesg -a | less showed nothing /var/log/console.log showed nothing /var/log/messages showed nothing
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103112331.AA2596602004>