Re: syslog-ng logging stopped

[Peter Boosten]

That probably means that it's not syslog-ng causing the problems.
Maybe some firewall rule?

Peter

--  
HTTP://www.boosten.org

On 12 mrt 2011, at 22:40, Len Conrad <lcon...@go2france.com> wrote:



---------- Original Message ----------------------------------
From: Iñigo Ortiz de Urbina <inigoortizdeurb...@gmail.com>
Date:  Fri, 11 Mar 2011 23:12:49 +0100

Whats in dmesg and /var/log/? You shared extensive and excellent
troubleshooting info but didnt spot none of these.

Keep us updated im sure im not the only one puzzled :)

On 3/11/11, Len Conrad <lcon...@go2france.com> wrote:
uname -a
FreeBSD 7.0-RELEASE

syslog-ng --version
syslog-ng 2.0.10

change date on syslog-ng.conf is  "Apr 20  2009"

syslog-ng been running untouched for that long. Millions of lines/ 
per day
log from 10 source machine.

about 00:20 today Friday,  all syslogging to syslog-ng stopped.

sockstat -4 shows udp/tcp 514 listening

chkrootkit  shows nothing wrong

stop syslog-ng

then pkg_delete, and then

cd /usr/ports/sysutils/syslog-ng2

make && make install

start it,

no change

I rebooted the syslog server.  no change

trafshow -i bce0 -n

then filter 514

... shows 100KBs arriving from our syslog clients.

tshark capture "port 514" on syslog-ng box shows plenty of  
traffic arriving
with untouched pf rules active,

pfctl -d   no change so pfctl -e

df shows plenty of disk space for /var

suggestions?

Len


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"



--
Iñigo Ortiz de Urbina Cazenave
http://www.twitter.com/ioc32

=============

dmesg -a | less showed nothing

/var/log/console.log showed nothing

/var/log/messages showed nothing

btw, I later replaced syslog-ng with syslogd, listening UDP:514.  no  
lines in messages, maillog.

Len






_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org 
"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"