From: Heiko Z. <he...@zu...> - 2009-11-08 14:58:40
|
Hey, Is there a reason to stay with Syslog-NG v3? It keeps crashing and even the newest GIT version doesn't work right. I'm very tempted to go back down to v2. Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@re...> - 2009-11-08 16:26:41
|
I don't really know the difference between v2 & v3. Is it grsec that's causing it to crash? - BS On Sun, Nov 8, 2009 at 09:58, Heiko Zuerker <he...@zu...> wrote: > Hey, > > > > Is there a reason to stay with Syslog-NG v3? > > It keeps crashing and even the newest GIT version doesn’t work right. > > > > I’m very tempted to go back down to v2. > > > > Regards > > Heiko Zuerker > > http://www.devil-linux.org > > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Devil-linux-develop mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > > |
From: Heiko Z. <he...@zu...> - 2009-11-08 16:52:55
|
> -----Original Message----- > From: Bruce Smith [mailto:bw...@re...] > Sent: Sunday, November 08, 2009 9:59 AM > To: dev...@li... > Subject: Re: [Devil-linux-develop] syslog-ng version > > I don't really know the difference between v2 & v3. > > Is it grsec that's causing it to crash? No, it crashes in the -server version too. :-( Heiko |
From: Serge L. <fi...@in...> - 2009-11-13 17:02:54
|
Heiko Zuerker wrote: >> -----Original Message----- >> From: Bruce Smith [mailto:bw...@re...] >> Sent: Sunday, November 08, 2009 9:59 AM >> To: dev...@li... >> Subject: Re: [Devil-linux-develop] syslog-ng version >> >> I don't really know the difference between v2 & v3. >> >> Is it grsec that's causing it to crash? > > No, it crashes in the -server version too. :-( > Heiko, I have been trying to reveal a problem with syslog-ng, which works perfectly on my setups. To be honest, I cannot reproduce the problem (DL is built on my box, though). However I found the interesting message in the syslog-ng list: cfg-lex: fixed a possible segmentation fault in HUP processing if included files have syntax errors May I ask what config file do you use? Is it default conf or modifyed? My configs are default initially and slightly modified later. Serge |
From: Heiko Z. <he...@zu...> - 2009-11-13 18:34:02
|
Quoting Serge Leschinsky <fi...@in...>: > Heiko Zuerker wrote: >>> -----Original Message----- >>> From: Bruce Smith [mailto:bw...@re...] >>> Sent: Sunday, November 08, 2009 9:59 AM >>> To: dev...@li... >>> Subject: Re: [Devil-linux-develop] syslog-ng version >>> >>> I don't really know the difference between v2 & v3. >>> >>> Is it grsec that's causing it to crash? >> >> No, it crashes in the -server version too. :-( >> > Heiko, I have been trying to reveal a problem with syslog-ng, which works > perfectly on my setups. To be honest, I cannot reproduce the problem (DL is > built on my box, though). However I found the interesting message in the > syslog-ng list: > cfg-lex: fixed a possible segmentation fault in HUP processing if > included files have syntax errors > > May I ask what config file do you use? Is it default conf or modifyed? My > configs are default initially and slightly modified later. I can't check it right now, but I have pretty much the default syslog-ng.conf with the addition of remote logging via udp 514 (?) to another host. -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
From: Heiko Z. <he...@zu...> - 2009-11-14 13:52:03
|
> -----Original Message----- > From: Heiko Zuerker [mailto:he...@zu...] > Sent: Friday, November 13, 2009 12:34 PM > To: dev...@li... > Subject: Re: [Devil-linux-develop] syslog-ng version > > Quoting Serge Leschinsky <fi...@in...>: > > > Heiko Zuerker wrote: > >>> -----Original Message----- > >>> From: Bruce Smith [mailto:bw...@re...] > >>> Sent: Sunday, November 08, 2009 9:59 AM > >>> To: dev...@li... > >>> Subject: Re: [Devil-linux-develop] syslog-ng version > >>> > >>> I don't really know the difference between v2 & v3. > >>> > >>> Is it grsec that's causing it to crash? > >> > >> No, it crashes in the -server version too. :-( > >> > > Heiko, I have been trying to reveal a problem with syslog-ng, which > works > > perfectly on my setups. To be honest, I cannot reproduce the problem > (DL is > > built on my box, though). However I found the interesting message in > the > > syslog-ng list: > > cfg-lex: fixed a possible segmentation fault in HUP processing if > > included files have syntax errors > > > > May I ask what config file do you use? Is it default conf or > modifyed? My > > configs are default initially and slightly modified later. > > I can't check it right now, but I have pretty much the default > syslog-ng.conf with the addition of remote logging via udp 514 (?) to > another host. The problem either shows within the next 2 minutes of the reboot, or it'll work. I checked my config and all servers except the log host use the base syslog-ng file, just with the remote logging enabled. Just in case I'll recreate the config. If it still fails, I'll start messing with the loghost itself, since I syslog-ng complains on that one about some parameter (it only complains about performance). Heiko |
From: Heiko Z. <he...@zu...> - 2009-11-15 13:48:46
|
Does anybody other than me and Dominic experience the syslog-ng crashes? I did start over with a new syslog-ng.conf and can't reproduce the issue since then. Not sure what's going on.... Heiko |
From: Bruce S. <bw...@re...> - 2009-11-15 14:02:34
|
A better question might be "Does syslog-ng run fine for anyone in the latest RC2?". Personally I'm not running syslog-ng on RC2. So asking me if it crashes does not apply to me, and you might incorrectly infer from my silence that it's working for me. - BS On Sun, Nov 15, 2009 at 08:48, Heiko Zuerker <he...@zu...> wrote: > Does anybody other than me and Dominic experience the syslog-ng crashes? > I did start over with a new syslog-ng.conf and can't reproduce the issue > since then. Not sure what's going on.... > > Heiko |
From: Serge L. <fi...@in...> - 2009-11-16 22:40:51
|
On 11/15/2009 06:02 AM, Bruce Smith wrote: > A better question might be > "Does syslog-ng run fine for anyone in the latest RC2?". > > Personally I'm not running syslog-ng on RC2. > So asking me if it crashes does not apply to me, and you might > incorrectly infer from my silence that it's working for me. > > - BS My systems work correctly. However, these systems are not "official" DL build, but I believe it's not a reason of the problem reproducibility... Serge |
From: Serge L. <fi...@in...> - 2009-11-08 19:14:54
|
Heiko, I use syslog-ng v3 for a while on different servers - I also built centralized syslog-server on top of v3. It works very good. The latest syslog-ng v3 (as a part of DL) I have got is: root@gw:~ # syslog-ng --version syslog-ng 3.0.4 Revision: ssh+git://ba...@gi...labit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10 Compile-Date: Sep 19 2009 18:24:01 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: on Enable-Pcre: on It works correctly... However, it's not a representative sample (and it was built without sql support). Let's revert it to v2, while I'm working on v3 problem. Serge Heiko Zuerker wrote: > Hey, > > Is there a reason to stay with Syslog-NG v3? > > It keeps crashing and even the newest GIT version doesn’t work right. |
From: Dominic R. <dl...@ed...> - 2009-11-17 11:11:48
|
Serge Leschinsky wrote: > On 11/15/2009 06:02 AM, Bruce Smith wrote: > >> A better question might be >> "Does syslog-ng run fine for anyone in the latest RC2?". >> >> Personally I'm not running syslog-ng on RC2. >> So asking me if it crashes does not apply to me, and you might >> incorrectly infer from my silence that it's working for me. >> >> - BS >> > > My systems work correctly. However, these systems are not "official" DL build, > but I believe it's not a reason of the problem reproducibility... > > Serge > I now think that the problem may relate to syslog-ng switching upon reload between source unix-stream and source unix-dgram. The default conf has (stripping comments): @version: 3.0 options { long_hostnames(on); flush_lines(0); time_reopen(60); use_dns (no); }; source src { file("/proc/kmsg" program_override("kernel: ")); unix-stream("/dev/log" max-connections(1000)); internal(); }; destination console { file("/dev/tty10"); }; log { source(src); destination(console); }; My syslog-ng.conf has: @version: 3.0 options { stats_freq(7200); long_hostnames(on); flush_lines(0); time_reopen(60); use_dns (no); }; source src { file("/proc/kmsg" program_override("kernel: ")); unix-dgram("/dev/log" max-connections(1000)); internal(); }; destination console { file("/dev/tty10"); }; log { source(src); destination(console); }; destination logfile { file("/var/log/messages"); }; log { source(src); destination(logfile); }; see some discussion here which may or may not be related: http://74.125.77.132/search?q=cache:j-kBNRHUY-EJ:www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg240161.html+unix-stream+unix-dgram+reload&cd=1&hl=en&ct=clnk&gl=uk In any case my guess is that "/etc/init.d/syslog reload" after upgrading DL switches from unix-stream to unix-dgram (because it switches from the default configuration at boot time to my configuration which I naturally elect to retain), and that this causes some problem which, hours later, leads syslog-ng to crash. This would also explain why I cannot replicate the problem except at upgrade - and why others do not experience it. Also why Heiko found the problem disappeared after removing his custom syslog-ng.conf (if you still have the custom file somewhere, Heiko, maybe you could check if it had unix-dgram?) I have changed my syslog-ng.conf to use unix-stream (the unix-dgram must be a carry-over from an earlier DL configuration), and am hoping that the problem will not recur. BTW does anyone know what is /dev/tty10, is it working and how does one get to see it? I guess this is why I specified the additional destination logfile, because I had no idea where the console messages were going. Dominic |
From: Serge L. <fi...@in...> - 2009-11-18 06:12:51
|
On 11/17/2009 03:11 AM, Dominic Raferd wrote: > In any case my guess is that "/etc/init.d/syslog reload" after upgrading > DL switches from unix-stream to unix-dgram (because it switches from the > default configuration at boot time to my configuration which I naturally > elect to retain), and that this causes some problem which, hours later, > leads syslog-ng to crash. This would also explain why I cannot replicate > the problem except at upgrade - and why others do not experience it. > Also why Heiko found the problem disappeared after removing his custom > syslog-ng.conf (if you still have the custom file somewhere, Heiko, > maybe you could check if it had unix-dgram?) > > I have changed my syslog-ng.conf to use unix-stream (the unix-dgram must > be a carry-over from an earlier DL configuration), and am hoping that > the problem will not recur. Awesome! I really appreciate your investigation because my upgrade of syslog-ng to 3.0 caused the problem which I can neither reproduce nor fix. To live without feeling of guilt is much better! :-) > > BTW does anyone know what is /dev/tty10, is it working and how does one > get to see it? I guess this is why I specified the additional > destination logfile, because I had no idea where the console messages > were going. > Console #10 is available after "ALT+F10" keys pressing. Thanks, Serge |
From: Dominic R. <dl...@ed...> - 2009-11-18 14:02:51
|
Serge Leschinsky wrote: > Awesome! I really appreciate your investigation because my upgrade of syslog-ng > to 3.0 caused the problem which I can neither reproduce nor fix. To live without > feeling of guilt is much better! :-) > Thank you, I pronounce you absolved! That is assuming that you have said three Hail Marys - and the problem doesn't reoccur :-) [On second thoughts, as this is Devil-Linux maybe Hail Marys are not appropriate!?] > Console #10 is available after "ALT+F10" keys pressing. > Still I can't get to it, does this only work from the local console not from ssh? When I do ps -A I see tty1 through to tty7 and also pts/0 (which in fact is my own ssh console I believe), but no tty10. So maybe syslog-ng is not writing to it because it doesn't exist? In any case I don't think I can reach any of the ttys. When I press ALT+F2 (I am using putty) I just see: [12~ |
From: Heiko Z. <he...@zu...> - 2009-11-18 14:28:59
|
> -----Original Message----- > From: Dominic Raferd [mailto:dl...@ed...] > Sent: Wednesday, November 18, 2009 8:02 AM > To: dev...@li... > Subject: Re: [Devil-linux-develop] syslog-ng version > > Serge Leschinsky wrote: > > Awesome! I really appreciate your investigation because my upgrade of > syslog-ng > > to 3.0 caused the problem which I can neither reproduce nor fix. To > live without > > feeling of guilt is much better! :-) > > > Thank you, I pronounce you absolved! That is assuming that you have > said > three Hail Marys - and the problem doesn't reoccur :-) [On second > thoughts, as this is Devil-Linux maybe Hail Marys are not > appropriate!?] > > Console #10 is available after "ALT+F10" keys pressing. > > > Still I can't get to it, does this only work from the local console not > from ssh? > > When I do ps -A I see tty1 through to tty7 and also pts/0 (which in > fact > is my own ssh console I believe), but no tty10. So maybe syslog-ng is > not writing to it because it doesn't exist? In any case I don't think I > can reach any of the ttys. When I press ALT+F2 (I am using putty) I > just > see: The console is only available on the machine itself (on the monitor). Heiko |
From: Dominic R. <dl...@ed...> - 2009-11-18 15:05:44
|
Heiko Zuerker wrote: > The console is only available on the machine itself (on the monitor). Ah, that explains it. I hardly ever use the direct console; in fact only when upgrading (and I wish there was a way of upgrading through ssh, but I digress...) |
From: Serge L. <fi...@in...> - 2009-11-18 19:10:18
|
On 11/18/2009 07:05 AM, Dominic Raferd wrote: > Heiko Zuerker wrote: >> The console is only available on the machine itself (on the monitor). > > Ah, that explains it. I hardly ever use the direct console; in fact only > when upgrading (and I wish there was a way of upgrading through ssh, but > I digress...) You can read the cache of tty actually, but it's not a proper way I guess. Please check if " cat /dev/vcs10" works for you. Serge |
From: Dominic R. <dl...@ed...> - 2009-11-19 10:46:40
|
Serge Leschinsky wrote: > You can read the cache of tty actually, but it's not a proper way I guess. > Please check if " cat /dev/vcs10" works for you. > Thanks Serge, that does work, though the line formatting is a bit strange and it only has the last 20 or so lines. I guess there is no point me keeping the lines destination console { file("/dev/tty10"); }; log { source(src); destination(console); }; in syslog-ng.conf, they don't do anything for me that the lines below can't do better: destination logfile { file("/var/log/messages"); }; log { source(src); destination(logfile); }; However, your tip led me to look at "cat /dev/vcs1" which showed that a script of mine was frequently throwing an error message that I was unaware of, so that has been helpful, thanks! Dominic |
From: Heiko Z. <he...@zu...> - 2009-11-21 12:33:30
|
Hey, I just upgraded all my VMs to the latest and greatest DL and about half of them had syslog-ng crash after not even a minute. The syslog-ng doesn't even get reloaded during the upgrade, it's simply not running when the files are changed. I'll refert back to unix-dgram and see what happens in the next upgrade. Serge, do you remember why you switched it from unix-dgram to unix-stream? Heiko > -----Original Message----- > From: Dominic Raferd [mailto:dl...@ed...] > Sent: Tuesday, November 17, 2009 5:11 AM > To: dev...@li... > Subject: Re: [Devil-linux-develop] syslog-ng version > > Serge Leschinsky wrote: > > On 11/15/2009 06:02 AM, Bruce Smith wrote: > > > >> A better question might be > >> "Does syslog-ng run fine for anyone in the latest RC2?". > >> > >> Personally I'm not running syslog-ng on RC2. > >> So asking me if it crashes does not apply to me, and you might > >> incorrectly infer from my silence that it's working for me. > >> > >> - BS > >> > > > > My systems work correctly. However, these systems are not "official" > DL build, > > but I believe it's not a reason of the problem reproducibility... > > > > Serge > > > I now think that the problem may relate to syslog-ng switching upon > reload between source unix-stream and source unix-dgram. The default > conf has (stripping comments): > > @version: 3.0 > options { long_hostnames(on); flush_lines(0); time_reopen(60); use_dns > (no); }; > source src { file("/proc/kmsg" program_override("kernel: ")); > unix-stream("/dev/log" max-connections(1000)); internal(); }; > destination console { file("/dev/tty10"); }; > log { source(src); destination(console); }; > > My syslog-ng.conf has: > > @version: 3.0 > options { stats_freq(7200); long_hostnames(on); flush_lines(0); > time_reopen(60); use_dns (no); }; > source src { file("/proc/kmsg" program_override("kernel: ")); > unix-dgram("/dev/log" max-connections(1000)); internal(); }; > destination console { file("/dev/tty10"); }; > log { source(src); destination(console); }; > destination logfile { file("/var/log/messages"); }; > log { source(src); destination(logfile); }; > > see some discussion here which may or may not be related: > http://74.125.77.132/search?q=cache:j-kBNRHUY-EJ:www.mail- > archive.com/debian-bugs-dist%40lists.debian.org/msg240161.html+unix- > stream+unix-dgram+reload&cd=1&hl=en&ct=clnk&gl=uk > > In any case my guess is that "/etc/init.d/syslog reload" after > upgrading > DL switches from unix-stream to unix-dgram (because it switches from > the > default configuration at boot time to my configuration which I > naturally > elect to retain), and that this causes some problem which, hours later, > leads syslog-ng to crash. This would also explain why I cannot > replicate > the problem except at upgrade - and why others do not experience it. > Also why Heiko found the problem disappeared after removing his custom > syslog-ng.conf (if you still have the custom file somewhere, Heiko, > maybe you could check if it had unix-dgram?) > > I have changed my syslog-ng.conf to use unix-stream (the unix-dgram > must > be a carry-over from an earlier DL configuration), and am hoping that > the problem will not recur. > > BTW does anyone know what is /dev/tty10, is it working and how does one > get to see it? I guess this is why I specified the additional > destination logfile, because I had no idea where the console messages > were going. > > Dominic > > ----------------------------------------------------------------------- > ------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Devil-linux-develop mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-develop |
From: Serge L. <fi...@in...> - 2009-11-21 19:57:15
|
On 11/21/2009 04:26 AM, Heiko Zuerker wrote: > Hey, > > I just upgraded all my VMs to the latest and greatest DL and about half of > them had syslog-ng crash after not even a minute. > The syslog-ng doesn't even get reloaded during the upgrade, it's simply not > running when the files are changed. :-( > I'll refert back to unix-dgram and see what happens in the next upgrade. > Serge, do you remember why you switched it from unix-dgram to unix-stream? > Sure. There were 2 reasons - the first one is the explanation from syslog-ng 1.6 documentation about messages loosing probability: unix-stream() and unix-dgram() These two drivers behave similarly: they open the given AF_UNIX socket and start listening on it for messages. unix-stream() is primarily used on Linux and uses SOCK_STREAM semantics (connection oriented, no messages are lost); while unix-dgram() is used on BSDs and uses SOCK_DGRAM semantics: this may result in lost local messages if the system is overloaded. http://www.cs.utah.edu/~clake/docs/syslog-ng-1.6/#id2525653 and the second one is multiline messages handling ( I got the same result from my experiments (JBOSS sends multiline messages), but in the message below Bazsi explains the reason of the difference) > In short, when multiline log messages sent via /dev/log socket they are > splitted into multiple log entries. Only first entry will have proper > timestamp and facility. > > This behavior differs from sysklogd and metalog, where multiple lines are > concatenated. > Even syslog-ng itself concatenates them when used via udp socket. > > Tested on syslog-ng-2.1.3. I guess this depends on whether you are using unix-stream() or unix-dgram(). The first concatenates it, the 2nd doesn't. Simply because unix-dgram knows about the size of the datagrams whereas unix-stream doesn't. https://lists.balabit.hu/pipermail/syslog-ng/2009-September/013330.html I switched to "unix-stream" because the both of them work pretty well and "stream" looks to be a bit more attractive. If the problem is in this option let's revert it to "dgram". Serge |
From: Heiko Z. <he...@zu...> - 2009-11-21 20:16:45
|
> -----Original Message----- > From: Serge Leschinsky [mailto:fi...@in...] > Sent: Saturday, November 21, 2009 1:57 PM > To: dev...@li... > Subject: Re: [Devil-linux-develop] syslog-ng version > > On 11/21/2009 04:26 AM, Heiko Zuerker wrote: > > Hey, > > > > I just upgraded all my VMs to the latest and greatest DL and about > half of > > them had syslog-ng crash after not even a minute. > > The syslog-ng doesn't even get reloaded during the upgrade, it's > simply not > > running when the files are changed. > > :-( > > > I'll refert back to unix-dgram and see what happens in the next > upgrade. > > Serge, do you remember why you switched it from unix-dgram to unix- > stream? > > > Sure. > There were 2 reasons - the first one is the explanation from syslog-ng > 1.6 > documentation about messages loosing probability: > > unix-stream() and unix-dgram() > > These two drivers behave similarly: they open the given AF_UNIX socket > and start > listening on it for messages. unix-stream() is primarily used on Linux > and uses > SOCK_STREAM semantics (connection oriented, no messages are lost); > while > unix-dgram() is used on BSDs and uses SOCK_DGRAM semantics: this may > result in > lost local messages if the system is overloaded. > > http://www.cs.utah.edu/~clake/docs/syslog-ng-1.6/#id2525653 > > and the second one is multiline messages handling ( I got the same > result from > my experiments (JBOSS sends multiline messages), but in the message > below Bazsi > explains the reason of the difference) > > > In short, when multiline log messages sent via /dev/log socket they > are > > splitted into multiple log entries. Only first entry will have proper > > timestamp and facility. > > > > This behavior differs from sysklogd and metalog, where multiple lines > are > > concatenated. > > Even syslog-ng itself concatenates them when used via udp socket. > > > > Tested on syslog-ng-2.1.3. > > I guess this depends on whether you are using unix-stream() or > unix-dgram(). > > The first concatenates it, the 2nd doesn't. Simply because unix-dgram > knows about the size of the datagrams whereas unix-stream doesn't. > > https://lists.balabit.hu/pipermail/syslog-ng/2009-September/013330.html > > > I switched to "unix-stream" because the both of them work pretty well > and > "stream" looks to be a bit more attractive. If the problem is in this > option > let's revert it to "dgram". Thanks for the explanation, that makes a lot of sense. I changed it back to dgram in CVS for now, so we can see if the next DL upgrades behave better or if the problem lies somewhere else. Heiko |
From: Heiko Z. <he...@zu...> - 2009-11-22 14:10:12
|
> I changed it back to dgram in CVS for now, so we can see if the next DL > upgrades behave better or if the problem lies somewhere else. Unix-stream was not the problem, I just upgraded a VM and syslog-ng died again. Heiko |
From: Dominic R. <dl...@ed...> - 2009-11-22 17:20:13
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Heiko Zuerker wrote: <blockquote cite="mid:000001ca6b7d$79a8f380$6cfada80$@org" type="cite"> <blockquote type="cite"> <pre wrap="">I changed it back to dgram in CVS for now, so we can see if the next DL upgrades behave better or if the problem lies somewhere else. </pre> </blockquote> <pre wrap=""><!----> Unix-stream was not the problem, I just upgraded a VM and syslog-ng died again. </pre> </blockquote> Whatever the underlying cause I guess it is connected with the reload command. Do we have any instances of the crash happening after syslog-ng restart rather than reload? Maybe at upgrade the script could just use syslog-ng restart instead of reload?<br> <br> Dominic </body> </html> |
From: Heiko Z. <he...@zu...> - 2009-11-22 18:14:29
|
I looked through the script but couldn't find anything which would cause a reload. It may be a good idea if somebody else double checks. In the systems you experience the crashes, do you have anything running in a chroot jail (bind, postfix,etc.) ? Heiko From: Dominic Raferd [mailto:dl...@ed...] Sent: Sunday, November 22, 2009 11:20 AM To: dev...@li... Subject: Re: [Devil-linux-develop] syslog-ng version Heiko Zuerker wrote: I changed it back to dgram in CVS for now, so we can see if the next DL upgrades behave better or if the problem lies somewhere else. Unix-stream was not the problem, I just upgraded a VM and syslog-ng died again. Whatever the underlying cause I guess it is connected with the reload command. Do we have any instances of the crash happening after syslog-ng restart rather than reload? Maybe at upgrade the script could just use syslog-ng restart instead of reload? Dominic |
From: Dominic R. <dl...@ed...> - 2009-11-22 20:36:54
|
I have syslog-ng reload messages in my log at the times of upgrades (and at no other times except when I did a reload manually). See below some extracts from the syslog-ng's log (discontinuities shown by '[snip]'): Oct 25 10:19:43 src@Samba syslog-ng[2229]: syslog-ng shutting down; version='3.0.4' [this is shutdown] Oct 25 11:22:19 src@Samba aufs 2-standalone.tree-31-20091012 [this is start of reboot with (I think) new version of DL 1.4RC2] -- [snip] -- Oct 25 11:22:27 src@Samba xinetd[7703]: xinetd Version 2.3.14 started with no options compiled in. Oct 25 11:22:27 src@Samba xinetd[7703]: Started working: 1 available service Oct 25 10:22:34 src@Samba ntpdate[7712]: step time server 192.33.96.102 offset -3601.043559 sec Oct 25 10:22:35 src@Samba syslog-ng[7318]: Configuration reload request received, reloading configuration; -- [snip] -- Oct 25 10:22:41 src@Samba ctnetlink v0.93: registering with nfnetlink. Oct 25 10:22:47 src@Samba login[8865]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Oct 25 10:22:47 src@Samba login[8896]: ROOT LOGIN on 'tty1' Oct 25 10:23:34 src@Samba nmbd[7629]: [2009/10/25 10:23:34, 0] nmbd/nmbd.c:71(terminate) Oct 25 10:23:34 src@Samba nmbd[7629]: Got SIGTERM: going down... Oct 27 12:09:58 src@Samba syslog-ng[7318]: segfault at 10 ip b77237e5 sp bf866120 error 4 in syslog-ng[b76fa000+4f000] -- [snip] -- Nov 9 19:04:53 src@Samba syslog-ng[2213]: syslog-ng shutting down; version='3.0.4' [this is shutdown] Nov 9 19:08:37 src@Samba kernel: : aufs 2-standalone.tree-31-20091012 [this is reboot with (I think) another DL 1.4RC2 upgrade] -- [snip] -- Nov 9 19:08:46 src@Samba xinetd[7610]: xinetd Version 2.3.14 started with no options compiled in. Nov 9 19:08:46 src@Samba xinetd[7610]: Started working: 1 available service Nov 9 19:08:53 src@Samba ntpdate[7619]: step time server 91.194.67.1 offset -0.999261 sec Nov 9 19:08:54 src@Samba syslog-ng[7225]: Configuration reload request received, reloading configuration; -- [snip] -- Nov 9 19:09:00 src@Samba kernel: : nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or Nov 9 19:09:00 src@Samba kernel: : sysctl net.netfilter.nf_conntrack_acct=1 to enable it. Nov 9 19:09:00 src@Samba kernel: : ctnetlink v0.93: registering with nfnetlink. Nov 9 19:09:07 src@Samba login[8786]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Nov 9 19:09:07 src@Samba login[8816]: ROOT LOGIN on 'tty1' Nov 10 06:24:05 src@Samba kernel: : syslog-ng[7225]: segfault at 10 ip b772c8d5 sp bf95e070 error 4 in syslog-ng[b7703000+4f000] I just noticed from these logs that the syslog-ng reloads are immediately preceded by ntpdate updates which push the time backwards (in the first case by over 1 hour and in the second case by 1 second). Could this be upsetting syslog-ng and forcing the reload? But syslog-ng appears to carry on working for a while, although it has stopped working long before it segfaults; in both cases there is a long gap between the preceding log entry and the segfault (and this should certainly not happen because lots of cron jobs should be running in the meantime and registering the log). I have to admit I don't really know what chroot jails are, but I do have 'Use the chroot jails' set to 'Yes' in DL setup, I do use postfix, and because I use samba at each upgrade I do have winbind running. However winbind fills the log with messages and doesn't seem to help me so I get rid of it (by substituting a modified /etc/init.d/samba) - so it only runs shortly after an upgrade and not thereafter. Hope this gives someone a clue as to what is going on. Dominic Heiko Zuerker wrote: > > I looked through the script but couldn’t find anything which would > cause a reload. > > It may be a good idea if somebody else double checks. > > In the systems you experience the crashes, do you have anything > running in a chroot jail (bind, postfix,etc.) ? > > Heiko > > *From:* Dominic Raferd [mailto:dl...@ed...] > *Sent:* Sunday, November 22, 2009 11:20 AM > *To:* dev...@li... > *Subject:* Re: [Devil-linux-develop] syslog-ng version > > Heiko Zuerker wrote: > > I changed it back to dgram in CVS for now, so we can see if the next DL > > upgrades behave better or if the problem lies somewhere else. > > > > > Unix-stream was not the problem, I just upgraded a VM and syslog-ng died > again. > > > Whatever the underlying cause I guess it is connected with the reload > command. Do we have any instances of the crash happening after > syslog-ng restart rather than reload? Maybe at upgrade the script > could just use syslog-ng restart instead of reload? > > Dominic > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > ------------------------------------------------------------------------ > > _______________________________________________ > Devil-linux-develop mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > |
From: Heiko Z. <he...@zu...> - 2009-11-29 20:48:35
|
I think it's finally fixed. The /etc/init.d/jail script changed the syslog-ng.conf and then reloaded the config. This also explained why it only seemed to happen after upgrades and not after normal reboots. I took that section completely out, since all the relevant changes are supposed to be done by upgrade-config anyway. I'll uploaded a new version if my nightly build finishes successfully. Heiko |