[rsyslog] computer hang-up and WorkDirectory

david at lang.hm david at lang.hm
Wed Nov 4 15:27:03 CET 2009 

ok, looking at this I don't see that you have any commands that would use 
the work directory.

now when you say the client computer locks up do you mean the following?

you have a server writing logs
you have a seperate client sending logs to the server
you shut down the server
later the client machine stops responding.

is this config for the client or for the server?

one possible explination for the freeze you are seeing is that if you have 
the client configured to send via TCP (the @@ option) and the server does 
not accept the message, the client will queue the message, when the client 
queue fills up it will not accept any more messages. many processes 
(including login) will block until syslog accepts the message causeing the 
machine to 'freeze' or 'lock up'

does this match what you are seeing?

if so, turning the server back on should un-freeze the client machines.


if this is the case you need to decide your priorities

how critical is it to get the logs off the machine? in some cases they are 
a real security issue and you must get them off (in which case you really 
should be using relp, not tcp, but that's a different discussion that 
rainer did a write-up on), and your only real answer is to setup multiple 
servers so that one is always up.

in other cases you are willing to spill over to disk and risk having an 
intruder tamper with the logs before they get sent off to another machine 
and set the main queu type to disk assisted mode

in other cases you are willing to loose logs rather than freezing the 
machine and can configure rsyslog to accept messages, even when it can't 
do anything with them to avoid this sort of lockup.

Daivd Lang


On Wed, 4 Nov 2009, Miguel Angel Nieto wrote:

> $ModLoad immark.so # provides --MARK-- message capability
> $ModLoad imuxsock.so # provides support for local system logging (e.g.
> via logger command)
> $ModLoad imklog.so # kernel logging (formerly provided by rklogd)
>
> $WorkDirectory /var/log/queue
> $MainMsgQueueFileName mainq
>
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "TVC" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "TVB" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "TTD" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "KCD" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "LPT" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "ABT" @@10.10.0.100
> & ~
> $ActionQueueType LinkedList
> $ActionQueueFileName dbq
> $ActionQueueMaxDiskSpace 1g
> $ActionQueueSaveOnShutdown on
> $ActionResumeRetryCount -1
> :msg, contains, "XET" @@10.10.0.100
> & ~
>
> *.* 							/var/log/syslog
> kern.*                                                 /dev/console
> *.info;mail.none;authpriv.none;cron.none                -/var/log/messages
> authpriv.*                                              /var/log/secure
> mail.*                                                  -/var/log/maillog
> cron.*                                                  -/var/log/cron
> uucp,news.crit                                          -/var/log/spooler
> local7.*                                                /var/log/boot.log
>
>
> 2009/11/4  <david at lang.hm>:
>> On Wed, 4 Nov 2009, Miguel Angel Nieto wrote:
>>
>>> I have a problem with the attached client-configuration. When I stop
>>> the server, the client computer hangs-up some minutes later and didn't
>>> write logs on $WorkDirectory /var/log/queue.
>>
>> this list strips attachments, please re-send with the config in the body of
>> the message.
>>
>> david Lang
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com
>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com
>>
>>
>
>
>
>

More information about the rsyslog mailing list