Syslog-ng constantly crashing

[KernelKat]

This afternoon I can't get syslog-ng to come back online to forward to splunk. I've tried disabling syslog, upgrading to the latest version. Any other ideas? All I am seeing is core dumps.

[mimugmail]

Can you Upload them somewhere?

[KernelKat]

How do I pull the core dumps? I feel so stupid I didn't even think about that.

[gpb]

Not 100% sure but I have a syslog-ng.core file in /usr/.  Guessing that's it.

EDIT: not "/usr"..."/var/db".

[KernelKat]

Can you Upload them somewhere?

Uploaded!

Not 100% sure but I have a syslog-ng.core file in /usr/.  Guessing that's it.

Found it. /var/db

https://filebin.net/ew8rz8m7gxkdcf4s

[gpb]

Sorry 'bout that...I updated my post to reflect that...why I put "usr" I have no idea.  :/

[pilotboy72]

This afternoon I can't get syslog-ng to come back online to forward to splunk. I've tried disabling syslog, upgrading to the latest version. Any other ideas? All I am seeing is core dumps.

I'm seeing the same thing.  I can't seem to start the syslog-ng service.  This is what I see in the logs when I try to start the service:
kernel: pid 78934 (syslog-ng), jid 0, uid 0: exited on signal 11 (core dumped)


I have a core file for this attempt to start syslog-ng.  Let me know if there is someplace I should upload it.

[KernelKat]

This afternoon I can't get syslog-ng to come back online to forward to splunk. I've tried disabling syslog, upgrading to the latest version. Any other ideas? All I am seeing is core dumps.

I'm seeing the same thing.  I can't seem to start the syslog-ng service.  This is what I see in the logs when I try to start the service:
kernel: pid 78934 (syslog-ng), jid 0, uid 0: exited on signal 11 (core dumped)


I have a core file for this attempt to start syslog-ng.  Let me know if there is someplace I should upload it.

You can  upload to any online fil host site and then post link here ;)

[rackenthogg]

I have the same problem after upgrade to 20.7. Syslog-ng cannot start, restarts won't help, the error message is always the same:  kernel: pid xxxx (syslog-ng), jid 0, uid 0: exited on signal 11 (core dumped)

Coredump attached:
https://filebin.net/b08o90rzoo9sfsxk

[clopmz]

Same problem here. Syslog-ng always crashing when is configured to send remote logs.

[mfpck]

same here - but it also not always is able to even come up during booting...

[KernelKat]

Keep posting those core dumps all maybe we will find some solutions :)

Has anyone tried removing syslog-ng and then reinstalling the same or different version? I'm not well versed in BSD so I'm still learning.

[Taomyn]

I'm seeing the same, did try to reinstall syslog-ng and it seemed to work:

2020-08-06T13:26:42   pkg-static[60590]: syslog-ng327 reinstalled: 3.27.1_1 -> 3.27.1_1

But I just needed to reboot the firewall and it syslog-ng crashes on start again:

2020-08-07T10:32:51   kernel: pid 93417 (syslog-ng), jid 0, uid 0: exited on signal 11 (core dumped)

I'd upload the core dump, but I need it to be secure as a brief look at the file I already see some information I'd rather not see on public servers e.g. FQDN of the firewall, so who knows what else is buried in the file

[erickufrin]

Same problem here. syslog-ng not working.

[erickufrin]

Once I disable "circular logging" syslog-ng is able to start and I am seeing log events now.

I dont know what the remifications of disabling that are? Can anyone shed light?

FWIW once disabling circular logging, syslogd now shows as being stopped.