Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Mar 2011 22:52:23 +0100
From:      Peter Boosten <peter@boosten.org>
To:        Len Conrad <LConrad@Go2France.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: syslog-ng logging stopped
Message-ID:  <3E21B80B-7386-4B4F-9B50-E87AA8D843DA@boosten.org>
In-Reply-To: <201103122240713.SM06140@W500.Go2France.com>
References:  <201103112331.AA2596602004@mail.Go2France.com> <201103122240713.SM06140@W500.Go2France.com>

next in thread | previous in thread | raw e-mail | index | archive | help
That probably means that it's not syslog-ng causing the problems.

Maybe some firewall rule?

Peter

-- =20
HTTP://www.boosten.org

On 12 mrt 2011, at 22:40, Len Conrad <LConrad@Go2France.com> wrote:

>
>
>> ---------- Original Message ----------------------------------
>> From: I=C3=83=C2=B1igo Ortiz de Urbina <inigoortizdeurbina@gmail.com>
>> Date:  Fri, 11 Mar 2011 23:12:49 +0100
>>
>>> Whats in dmesg and /var/log/? You shared extensive and excellent
>>> troubleshooting info but didnt spot none of these.
>>>
>>> Keep us updated im sure im not the only one puzzled :)
>>>
>>> On 3/11/11, Len Conrad <lconrad@go2france.com> wrote:
>>>> uname -a
>>>> FreeBSD 7.0-RELEASE
>>>>
>>>> syslog-ng --version
>>>> syslog-ng 2.0.10
>>>>
>>>> change date on syslog-ng.conf is  "Apr 20  2009"
>>>>
>>>> syslog-ng been running untouched for that long. Millions of lines/=20=

>>>> per day
>>>> log from 10 source machine.
>>>>
>>>> about 00:20 today Friday,  all syslogging to syslog-ng stopped.
>>>>
>>>> sockstat -4 shows udp/tcp 514 listening
>>>>
>>>> chkrootkit  shows nothing wrong
>>>>
>>>> stop syslog-ng
>>>>
>>>> then pkg_delete, and then
>>>>
>>>> cd /usr/ports/sysutils/syslog-ng2
>>>>
>>>> make && make install
>>>>
>>>> start it,
>>>>
>>>> no change
>>>>
>>>> I rebooted the syslog server.  no change
>>>>
>>>> trafshow -i bce0 -n
>>>>
>>>> then filter 514
>>>>
>>>> ... shows 100KBs arriving from our syslog clients.
>>>>
>>>> tshark capture "port 514" on syslog-ng box shows plenty of =20
>>>> traffic arriving
>>>> with untouched pf rules active,
>>>>
>>>> pfctl -d   no change so pfctl -e
>>>>
>>>> df shows plenty of disk space for /var
>>>>
>>>> suggestions?
>>>>
>>>> Len
>>>>
>>>>
>>>> _______________________________________________
>>>> freebsd-questions@freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org=20
>>>> "
>>>>
>>>
>>>
>>> --=20
>>> I=C3=83=C2=B1igo Ortiz de Urbina Cazenave
>>> http://www.twitter.com/ioc32
>>
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>
>> dmesg -a | less showed nothing
>>
>> /var/log/console.log showed nothing
>>
>> /var/log/messages showed nothing
>
> btw, I later replaced syslog-ng with syslogd, listening UDP:514.  no =20=

> lines in messages, maillog.
>
> Len
>
>
>
>
>
>
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org=20
>> "
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org=20
> "



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E21B80B-7386-4B4F-9B50-E87AA8D843DA>