Problem with syslogd
Lord of Gore
lordofgore at logsoftgrup.ro
Tue Jan 9 11:32:37 UTC 2007
Lord of Gore wrote:
> Johan Pretorius wrote:
>>>>>> I have RHEL 4 (currently 100% up2date) running on a Dell 2950.
>>>>>> For some reason the syslogd does not log any messages (actually
>>>>>> no messages were even logged with in the last 5 weeks). The
>>>>>> syslog.conf file is the standerd one (no changes made). Also
>>>>>> syslogd seems to run for a while and then dies (not running but
>>>>>> pid file exists)
>>>>>>
>>>>>> A reboot does not fix this problem and I have no Idea where to
>>>>>> start looking for the problem. Any suggestions on how to
>>>>>> fix/troubleshoot this problem?
>>>>>>
>>>>> Have you verified which, if any files have changed from the RPM
>>>>> defaults:
>>>>>
>>>>> rpm -V sysklogd
>>>>>
>>>>> Have you verified the package signature?
>>>>>
>>>>> rpm -K sysklogd
>>>>>
>>>> This is the version I have installed: sysklogd-1.4.1-26_EL (rpm -qa
>>>> | grep sysklog) "rpm -V sysklogd" returns: "S.5....T. c
>>>> /etc/syslog.conf"
>>>> "rpm -K sysklogd" returns nothing (Can this be right?) "syslogd -v"
>>>> returns: "syslogd 1.4.1"
>>>>
>>> This seems fine, as long as you have changed the syslog.conf file ..
>>> an explanation of the output of the rpm -V <package> >is available
>>> at: <http://www.rpm.org/max-rpm/s1-rpm-verify-output.html>
>>>
>>> The rpm -K command should only complain if there is is a signature
>>> mismatch. This seems fine.
>>>
>>> You could try starting syslog with strace in front of it .. it will
>>> allow you to trace system calls and signals.
>>>
>>> Barry
>>>
>>
>> I've forced a reinstall of the package (rpm -V then returned
>> nothing). Also starting it with an strace I get this:
>>
>> =======================================================================================================================
>>
>> [root at brutus ~]# strace syslogd
>> execve("/sbin/syslogd", ["syslogd"], [/* 22 vars */]) = 0
>> uname({sys="Linux", node="brutus.dunns.co.za", ...}) = 0
>> brk(0) = 0x89b8000
>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
>> directory)
>> open("/etc/ld.so.cache", O_RDONLY) = 3
>> fstat64(3, {st_mode=S_IFREG|0644, st_size=96827, ...}) = 0
>> old_mmap(NULL, 96827, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f31000
>> close(3) = 0
>> open("/lib/tls/libc.so.6", O_RDONLY) = 3
>> read(3,
>> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320^\234"..., 512) =
>> 512
>> fstat64(3, {st_mode=S_IFREG|0755, st_size=1454802, ...}) = 0
>> old_mmap(NULL, 1223900, PROT_READ|PROT_EXEC,
>> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb94000
>> old_mmap(0xcb9000, 16384, PROT_READ|PROT_WRITE,
>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcb9000
>> old_mmap(0xcbd000, 7388, PROT_READ|PROT_WRITE,
>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcbd000
>> close(3) = 0
>> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1, 0) = 0xb7f30000
>> mprotect(0xcb9000, 4096, PROT_READ) = 0
>> mprotect(0xfde000, 4096, PROT_READ) = 0
>> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f30aa0,
>> limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
>> limit_in_pages:1, seg_not_present:0, useable:1}) = 0
>> munmap(0xb7f31000, 96827) = 0
>> getpid() = 12472
>> chdir("/") = 0
>> brk(0) = 0x89b8000
>> brk(0x89d9000) = 0x89d9000
>> open("/var/run/syslogd.pid", O_RDONLY) = -1 ENOENT (No such file or
>> directory)
>> rt_sigaction(SIGTERM, {0xdeb238, [TERM], SA_RESTORER|SA_RESTART,
>> 0xbbb898}, {SIG_DFL}, 8) = 0
>> clone(child_stack=0,
>> flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
>> child_tidptr=0xb7f30ae8) = 12473
>> rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
>> rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
>> rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
>> nanosleep({300, 0}, 0xbff187a4) = ? ERESTART_RESTARTBLOCK (To
>> be restarted)
>> --- SIGTERM (Terminated) @ 0 (0) ---
>> exit_group(0) = ?
>> Process 12472 detached
>> =======================================================================================================================
>>
>>
>> Can't say it means much to me, but I see it says "/etc/ld.so.preload"
>> is missing, might this be the problem?
>>
>> When I manually start syslogd and klogd then they seem to work. But
>> with the init script it seems to be broken (might be running but not
>> writing anything to the logfiles), although rpm -V says that there is
>> nothing wrong with the init script.
>>
>> Any more suggestions?
>>
>>
>> ____________________________________________________________________________
>>
>> This communication and any attachments are confidential and intended
>> for the sole use of the
>> intended recipient. Any form of copying or disclosure of this
>> communication to any third parties
>> without permission is prohibited. The contents of this communication
>> and its attachments are
>> not intended to be relied upon in law without subsequent written
>> confirmation. As such, Dunns
>> Stores (Pty) Ltd accept no responsibility or liability (including
>> negligence) for the consequences
>> of anyone acting, or not acting, on information contained therein.
>>
>> If you have received this communication in error please notify us
>> immediately and destroy or
>> delete it.
>> ____________________________________________________________________________
>>
>>
>>
>>
> I'd check out /var/run/syslog.pid . I think you have a problem there.
> Check for permissions and other problems that would deny the syslog
> process to write the pid file.
syslogd.pid, sorry
> Strange though... I'd get concerned as to why this happened in the
> first place.
>
Anyway if this doesn't do the trick start syslog in debug mode (syslog
-d ...) and see what happens.
More information about the redhat-list
mailing list