Problem with syslogd

Lord of Gore lordofgore at logsoftgrup.ro
Tue Jan 9 11:23:55 UTC 2007 

Johan Pretorius wrote:
>>>>> I have RHEL 4 (currently 100% up2date) running on a Dell 2950. For 
>>>>> some reason the syslogd does not log any messages (actually no 
>>>>> messages were even logged with in the last 5 weeks). The syslog.conf 
>>>>> file is the standerd one (no changes made). Also syslogd seems to 
>>>>> run for a while and then dies (not running but pid file exists)
>>>>>
>>>>> A reboot does not fix this problem and I have no Idea where to start 
>>>>> looking for the problem. Any suggestions on how to fix/troubleshoot 
>>>>> this problem?
>>>>>           
>>>> Have you verified which, if any files have changed from the RPM defaults:
>>>>
>>>> rpm -V sysklogd
>>>>
>>>> Have you verified the package signature?
>>>>
>>>> rpm -K sysklogd
>>>>         
>>> This is the version I have installed: sysklogd-1.4.1-26_EL (rpm -qa | 
>>> grep sysklog) "rpm -V sysklogd" returns: "S.5....T. c /etc/syslog.conf"
>>> "rpm -K sysklogd" returns nothing (Can this be right?) "syslogd -v" 
>>> returns: "syslogd 1.4.1"
>>>       
>> This seems fine, as long as you have changed the syslog.conf file .. an explanation of the output of the rpm -V <package> >is available at: 
>> <http://www.rpm.org/max-rpm/s1-rpm-verify-output.html>
>>
>> The rpm -K command should only complain if there is is a signature mismatch.  This seems fine.
>>
>> You could try starting syslog with strace in front of it .. it will allow you to trace system calls and signals.
>>
>> Barry
>>     
>
> I've forced a reinstall of the package (rpm -V then returned nothing). Also starting it with an strace I get this:
>
> =======================================================================================================================
> [root at brutus ~]# strace syslogd
> execve("/sbin/syslogd", ["syslogd"], [/* 22 vars */]) = 0
> uname({sys="Linux", node="brutus.dunns.co.za", ...}) = 0
> brk(0)                                  = 0x89b8000
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=96827, ...}) = 0
> old_mmap(NULL, 96827, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f31000
> close(3)                                = 0
> open("/lib/tls/libc.so.6", O_RDONLY)    = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320^\234"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1454802, ...}) = 0
> old_mmap(NULL, 1223900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb94000
> old_mmap(0xcb9000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcb9000
> old_mmap(0xcbd000, 7388, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcbd000
> close(3)                                = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f30000
> mprotect(0xcb9000, 4096, PROT_READ)     = 0
> mprotect(0xfde000, 4096, PROT_READ)     = 0
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f30aa0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> munmap(0xb7f31000, 96827)               = 0
> getpid()                                = 12472
> chdir("/")                              = 0
> brk(0)                                  = 0x89b8000
> brk(0x89d9000)                          = 0x89d9000
> open("/var/run/syslogd.pid", O_RDONLY)  = -1 ENOENT (No such file or directory)
> rt_sigaction(SIGTERM, {0xdeb238, [TERM], SA_RESTORER|SA_RESTART, 0xbbb898}, {SIG_DFL}, 8) = 0
> clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f30ae8) = 12473
> rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> nanosleep({300, 0}, 0xbff187a4)         = ? ERESTART_RESTARTBLOCK (To be restarted)
> --- SIGTERM (Terminated) @ 0 (0) ---
> exit_group(0)                           = ?
> Process 12472 detached
> =======================================================================================================================
>
> Can't say it means much to me, but I see it says "/etc/ld.so.preload" is missing, might this be the problem?
>
> When I manually start syslogd and klogd then they seem to work. But with the init script it seems to be broken (might be running but not writing anything to the logfiles), although rpm -V says that there is nothing wrong with the init script.
>
> Any more suggestions?
>
>
> ____________________________________________________________________________
> This communication and any attachments are confidential and intended for the sole use of the
> intended recipient.  Any form of copying or disclosure of this communication to any third parties
> without permission is prohibited.  The contents of this communication and its attachments are
> not intended to be relied upon in law without subsequent written confirmation.  As such, Dunns
> Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
> of anyone acting, or not acting, on information contained therein.
>
> If you have received this communication in error please notify us immediately and destroy or
> delete it.
> ____________________________________________________________________________
>
>
>   
I'd check out /var/run/syslog.pid . I think you have a problem there. 
Check for permissions and other problems that would deny the syslog 
process to write the pid file.
 Strange though... I'd get concerned as to why this happened in the 
first place.

More information about the redhat-list mailing list