Problem with syslogd

Johan Pretorius jpretorius at dunns.co.za
Tue Jan 9 07:24:53 UTC 2007 

>>>> I have RHEL 4 (currently 100% up2date) running on a Dell 2950. For 
>>>> some reason the syslogd does not log any messages (actually no 
>>>> messages were even logged with in the last 5 weeks). The syslog.conf 
>>>> file is the standerd one (no changes made). Also syslogd seems to 
>>>> run for a while and then dies (not running but pid file exists)
>>>>
>>>> A reboot does not fix this problem and I have no Idea where to start 
>>>> looking for the problem. Any suggestions on how to fix/troubleshoot 
>>>> this problem?
>>>
>>> Have you verified which, if any files have changed from the RPM defaults:
>>>
>>> rpm -V sysklogd
>>>
>>> Have you verified the package signature?
>>>
>>> rpm -K sysklogd
>>
>> This is the version I have installed: sysklogd-1.4.1-26_EL (rpm -qa | 
>> grep sysklog) "rpm -V sysklogd" returns: "S.5....T. c /etc/syslog.conf"
>> "rpm -K sysklogd" returns nothing (Can this be right?) "syslogd -v" 
>> returns: "syslogd 1.4.1"
>
>This seems fine, as long as you have changed the syslog.conf file .. an explanation of the output of the rpm -V <package> >is available at: 
><http://www.rpm.org/max-rpm/s1-rpm-verify-output.html>
>
>The rpm -K command should only complain if there is is a signature mismatch.  This seems fine.
>
>You could try starting syslog with strace in front of it .. it will allow you to trace system calls and signals.
>
>Barry

I've forced a reinstall of the package (rpm -V then returned nothing). Also starting it with an strace I get this:

=======================================================================================================================
[root at brutus ~]# strace syslogd
execve("/sbin/syslogd", ["syslogd"], [/* 22 vars */]) = 0
uname({sys="Linux", node="brutus.dunns.co.za", ...}) = 0
brk(0)                                  = 0x89b8000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=96827, ...}) = 0
old_mmap(NULL, 96827, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f31000
close(3)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320^\234"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1454802, ...}) = 0
old_mmap(NULL, 1223900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb94000
old_mmap(0xcb9000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcb9000
old_mmap(0xcbd000, 7388, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcbd000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f30000
mprotect(0xcb9000, 4096, PROT_READ)     = 0
mprotect(0xfde000, 4096, PROT_READ)     = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f30aa0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f31000, 96827)               = 0
getpid()                                = 12472
chdir("/")                              = 0
brk(0)                                  = 0x89b8000
brk(0x89d9000)                          = 0x89d9000
open("/var/run/syslogd.pid", O_RDONLY)  = -1 ENOENT (No such file or directory)
rt_sigaction(SIGTERM, {0xdeb238, [TERM], SA_RESTORER|SA_RESTART, 0xbbb898}, {SIG_DFL}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f30ae8) = 12473
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({300, 0}, 0xbff187a4)         = ? ERESTART_RESTARTBLOCK (To be restarted)
--- SIGTERM (Terminated) @ 0 (0) ---
exit_group(0)                           = ?
Process 12472 detached
=======================================================================================================================

Can't say it means much to me, but I see it says "/etc/ld.so.preload" is missing, might this be the problem?

When I manually start syslogd and klogd then they seem to work. But with the init script it seems to be broken (might be running but not writing anything to the logfiles), although rpm -V says that there is nothing wrong with the init script.

Any more suggestions?


____________________________________________________________________________
This communication and any attachments are confidential and intended for the sole use of the
intended recipient.  Any form of copying or disclosure of this communication to any third parties
without permission is prohibited.  The contents of this communication and its attachments are
not intended to be relied upon in law without subsequent written confirmation.  As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us immediately and destroy or
delete it.
____________________________________________________________________________

More information about the redhat-list mailing list