[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: [syslog-ng] syslog-ng 3.0.1 dies on reload with program()
From: Bartosz Lis <bartoszl () ics ! p ! lodz ! pl>
Date: 2009-05-04 10:46:18
Message-ID: 200905041246.18424.bartoszl () ics ! p ! lodz ! pl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
I had the same problem as Jan Rekorajski with syslog-ng 3.0.1 and 2.0.10:
> Hi,
> Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains
> log { destination { program() } } directive set. 100% repeatable.
>
> Here are the relevant config lines:
>
> destination d_sshguard { program("/usr/sbin/sshguard -a 6"); };
> # A desperate experiment
> #destination d_sshguard { program("read"); };
>
> log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
pstree revealed that the command /usr/sbin/sshguard was run by a shell (in my
case pdksh). To make the shell go out of my way I've put exec before
/usr/sbin/sshguard . See my syslog-ng.conf :
destination d_sshguard { program("exec /usr/sbin/sshguard" template("$DATE
$FULLHOST $MESSAGE\n")); }
Since I've changed this and restarted syslog-ng, it survives killing it with
HUP, now.
Furthermore, pstree revealed that killing syslog-ng with HUP makes it restart
sshguard. Bazsi suggested that some pocess sends either SIGINT or SIGTERM to
syslog-ng's process group. In my opinion it is the shell to do that. When
syslog-ng reloads its configuration it destroys FIFO to sshguard. This action
awakes the shell and triggers it to send some destructive signal to its
process group.
Regards,
--
Bartosz Lis @ Institute of Comp. Science, Technical University of Lodz, Poland
bartoszl @ ics.p.lodz.pl
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Courier [Adobe]'; font-size:10pt; \
font-weight:400; font-style:normal;">Hello,<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I had the same \
problem as Jan Rekorajski with syslog-ng 3.0.1 and 2.0.10:<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>> Hi,<br> > Syslog-ng 3.0.1 dies on reload (kill \
-HUP pid) when config file contains<br> > log { destination { program() } } \
directive set. 100% repeatable.<br> > <br>
> Here are the relevant config lines:<br>
> <br>
> destination d_sshguard { program("/usr/sbin/sshguard -a 6"); };<br>
> # A desperate experiment<br>
> #destination d_sshguard { program("read"); };<br>
> <br>
> log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>pstree revealed that the command /usr/sbin/sshguard was \
run by a shell (in my case pdksh). To make the shell go out of my way I've put exec \
before /usr/sbin/sshguard . See my syslog-ng.conf :<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>destination d_sshguard { program("exec /usr/sbin/sshguard" \
template("$DATE $FULLHOST $MESSAGE\n")); }<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Since I've changed \
this and restarted syslog-ng, it survives killing it with HUP, now. <br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Furthermore, pstree revealed that killing syslog-ng with \
HUP makes it restart sshguard. Bazsi suggested that some pocess sends either SIGINT \
or SIGTERM to syslog-ng's process group. In my opinion it is the shell to do that. \
When syslog-ng reloads its configuration it destroys FIFO to sshguard. This action \
awakes the shell and triggers it to send some destructive signal to its process \
group.<br> <p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>Regards,<br> <p style="-qt-paragraph-type:empty; \
margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; \
-qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>-- <br> Bartosz Lis @ \
Institute of Comp. Science, Technical University of Lodz, Poland<br> bartoszl @ \
ics.p.lodz.pl</p></body></html>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic