Syslog-ng constantly crashing

Started by KernelKat, August 04, 2020, 10:30:16 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 07, 2020, 09:16:27 PM #15
Quote from: erickufrin on August 07, 2020, 07:51:33 PM
Once I disable "circular logging" syslog-ng is able to start and I am seeing log events now.

I dont know what the remifications of disabling that are? Can anyone shed light?

FWIW once disabling circular logging, syslogd now shows as being stopped.
What are your other settings looking like? I have mine disabled but syslog-ng still won't start. Ar you using anything else like IPS/IDS or other 3rd party or is this a vanillia install? Trying to figure out what is breaking mine.
August 08, 2020, 02:55:40 AM #16
Its holding steady right now since this morning.

I use a remote syslog server.... Most everything is pretty vanilla at the moment because I am battling a multi-wan issue and wanted to "start over".
August 10, 2020, 08:43:37 PM #17
Quote from: erickufrin on August 08, 2020, 02:55:40 AM
Its holding steady right now since this morning.

I use a remote syslog server.... Most everything is pretty vanilla at the moment because I am battling a multi-wan issue and wanted to "start over".

I may just have to reinstall vanilla and go from there. shurg. idk what else to try and do at this point.
August 10, 2020, 10:16:57 PM #18
Quote from: KernelKat on August 10, 2020, 08:43:37 PM
I may just have to reinstall vanilla and go from there. shurg. idk what else to try and do at this point.

Do you actually have a remote syslog server set up?  If so do you have anything being routed to it?  I have one running on an Rpi with one logging target for logged firewall rules.  Aside from that I too am mostly vanilla...I use NUT (UPS support), NTP server, Shaper, vnStat, and this shouldn't matter, but disabled all network acceleration (which should be default).
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
August 11, 2020, 05:19:04 AM #19
Quote from: gpb on August 10, 2020, 10:16:57 PM
Quote from: KernelKat on August 10, 2020, 08:43:37 PM
I may just have to reinstall vanilla and go from there. shurg. idk what else to try and do at this point.

Do you actually have a remote syslog server set up?  If so do you have anything being routed to it?  I have one running on an Rpi with one logging target for logged firewall rules.  Aside from that I too am mostly vanilla...I use NUT (UPS support), NTP server, Shaper, vnStat, and this shouldn't matter, but disabled all network acceleration (which should be default).

Yea, that I do. It's been getting all my logs from other devices before going to splunk so that aspect I know works. Think I might just go back to 20.1 or try rolling back some of my snapshots first see what results I get.
August 12, 2020, 09:04:15 PM #20
Hi KernelKat,

Resetting the logfiles seemed to fix it.

I can now start syslog-ng again.

OPNSense 20.7

August 12, 2020, 09:58:51 PM #21
There is also a patch which comes with 20.7.1 tomorrow, maybe this will fix it
August 12, 2020, 09:59:16 PM #22
Quote from: CraigS on August 12, 2020, 09:04:15 PM
Hi KernelKat,

Resetting the logfiles seemed to fix it.

I can now start syslog-ng again.

OPNSense 20.7

That likely explains why I don't have the issue because I also did this (via command line deleted all log files) trying to debug the logging target issue in RC1 (fixed in 20.7).  Good find!
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
August 13, 2020, 08:35:04 AM #23
This is strange, I re-enabled circular logging in order to test if clearing the logs fixed the problem and it didn't. The syslogd service started and the syslog-ng one remained stopped - it was the other way around when circular logging was disabled.


I was then reading the text for the log file size and decided to increase it - I changed it to 10240 as I have the room, and after saving then once again clearing the logs now both syslogd and syslogd-ng are running.
Print
Go Up Pages 1 2
User actions