[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with syslogd

Lord of Gore wrote:
Johan Pretorius wrote:
I have RHEL 4 (currently 100% up2date) running on a Dell 2950. For some reason the syslogd does not log any messages (actually no messages were even logged with in the last 5 weeks). The syslog.conf file is the standerd one (no changes made). Also syslogd seems to run for a while and then dies (not running but pid file exists)

A reboot does not fix this problem and I have no Idea where to start looking for the problem. Any suggestions on how to fix/troubleshoot this problem?
Have you verified which, if any files have changed from the RPM defaults:

rpm -V sysklogd

Have you verified the package signature?

rpm -K sysklogd
This is the version I have installed: sysklogd-1.4.1-26_EL (rpm -qa | grep sysklog) "rpm -V sysklogd" returns: "S.5....T. c /etc/syslog.conf" "rpm -K sysklogd" returns nothing (Can this be right?) "syslogd -v" returns: "syslogd 1.4.1"
This seems fine, as long as you have changed the syslog.conf file .. an explanation of the output of the rpm -V <package> >is available at: <http://www.rpm.org/max-rpm/s1-rpm-verify-output.html>

The rpm -K command should only complain if there is is a signature mismatch. This seems fine.

You could try starting syslog with strace in front of it .. it will allow you to trace system calls and signals.


I've forced a reinstall of the package (rpm -V then returned nothing). Also starting it with an strace I get this:

[root brutus ~]# strace syslogd
execve("/sbin/syslogd", ["syslogd"], [/* 22 vars */]) = 0
uname({sys="Linux", node="brutus.dunns.co.za", ...}) = 0
brk(0)                                  = 0x89b8000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=96827, ...}) = 0
old_mmap(NULL, 96827, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f31000
close(3)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320^\234"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1454802, ...}) = 0
old_mmap(NULL, 1223900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb94000 old_mmap(0xcb9000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcb9000 old_mmap(0xcbd000, 7388, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcbd000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f30000
mprotect(0xcb9000, 4096, PROT_READ)     = 0
mprotect(0xfde000, 4096, PROT_READ)     = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f30aa0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f31000, 96827)               = 0
getpid()                                = 12472
chdir("/")                              = 0
brk(0)                                  = 0x89b8000
brk(0x89d9000)                          = 0x89d9000
open("/var/run/syslogd.pid", O_RDONLY) = -1 ENOENT (No such file or directory) rt_sigaction(SIGTERM, {0xdeb238, [TERM], SA_RESTORER|SA_RESTART, 0xbbb898}, {SIG_DFL}, 8) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f30ae8) = 12473
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({300, 0}, 0xbff187a4) = ? ERESTART_RESTARTBLOCK (To be restarted)
--- SIGTERM (Terminated) @ 0 (0) ---
exit_group(0)                           = ?
Process 12472 detached

Can't say it means much to me, but I see it says "/etc/ld.so.preload" is missing, might this be the problem?

When I manually start syslogd and klogd then they seem to work. But with the init script it seems to be broken (might be running but not writing anything to the logfiles), although rpm -V says that there is nothing wrong with the init script.

Any more suggestions?

____________________________________________________________________________ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us immediately and destroy or
delete it.

I'd check out /var/run/syslog.pid . I think you have a problem there. Check for permissions and other problems that would deny the syslog process to write the pid file.
syslogd.pid, sorry
Strange though... I'd get concerned as to why this happened in the first place.

Anyway if this doesn't do the trick start syslog in debug mode (syslog -d ...) and see what happens.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]