Subject: Re: syslogd oddities
To: None <mrg@eterna.com.au>
From: Daniel Brown <dbrown@ccdc.cam.ac.uk>
List: port-sparc
Date: 07/09/1998 13:47:18
Matthew,
I did wonder about this, but the scripts are run on <log-file>.0
Here's an example, from the log of time stamps (obscurely sent from Solaris
boxes at uucp.info...)
(from marklog, not rotated throughout)
Jul 8 18:07:33 sun9.ccdc.cam.ac.uk -- MARK --
Jul 8 18:11:04 sun10.ccdc.cam.ac.uk -- MARK --
Jul 8 18:11:32 sun27.ccdc.cam.ac.uk -- MARK --
Jul 8 18:16:28 131.111.113.101 -- MARK --
Jul 8 18:21:59 sun3 -- MARK --
Jul 8 18:41:59 sun3 -- MARK --
<*snip*> - just sun3
Jul 9 10:41:59 sun3 -- MARK --
Jul 9 11:01:59 sun3 -- MARK --
(cut to /var/log/messages) - Manual restart of syslogd
Jul 9 11:20:42 sun3 syslogd: exiting on signal 15
Jul 9 11:20:42 sun3 syslogd: restart
(meanwhile, back in marklog)
Jul 9 11:22:34 sun22.ccdc.cam.ac.uk -- MARK --
Jul 9 11:24:49 sun16.ccdc.cam.ac.uk -- MARK --
Jul 9 11:25:32 sun25.ccdc.cam.ac.uk -- MARK --
> can you do this:
> - run ktrace on the syslogd to find out what is it doing...
> - use fstat (or lsof if you have that installed) to find out
> what fd/inode syslogd is writing too/reading from..
>
> does syslogd recvfrom() packets ? does the inode being written
> correspond to the inode of the log file? (ie, have you somehow
> gotten syslogd writting to a file that has been renamed, or deleted?)
The impression I get is that the packets aren't making it out of recvfrom. I'll
do the above next time my log files go quiet... Thanks :-)
Dan.
P.S. The syslogd diff was a small one, to ensure that time stamps were written,
no matter what...
$NetBSD: syslogd.c,v 1.16 1997/10/17 13:49:37 lukem Exp $
(line 552)
/* don't output marks to recently written files */
#if 0
if ((flags & MARK) && (now - f->f_time) < MarkInterval / 2)
continue;
#endif