Arch Linux

Leonid.I

Member

From: Aethyr

Registered: 2009-03-22

Posts: 999

Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

Hi,

I am quite puzzled by this one...

I just upgraded syslog-ng to the latest 3.2.1, and after a reboot noticed that nothing is logged to {kernel,messages}.log.
For instance, here is messages.log and kernel.log:

Dec 11 12:54:09 svibor kernel: Not activating Mandatory Access Control now since /sbin/tomoyo-init doesn't exist.
Dec 11 12:54:09 svibor init: Switching to runlevel: 6
Dec 11 12:54:10 svibor ntpd[25213]: ntpd exiting on signal 15
Dec 11 13:06:16 svibor init: Entering runlevel: 3
Dec 11 13:06:20 svibor ntpd[1267]: ntpd 4.2.6p2@1.2194-o Sun Oct 17 00:31:12 UTC 2010 (1)

Dec 11 12:54:09 svibor kernel: Not activating Mandatory Access Control now since /sbin/tomoyo-init doesn't exist.

Notice, no boot-related kernel messages in either file. However, syslog-ng did start:

Dec 11 13:06:16 svibor syslog-ng[1032]: syslog-ng starting up; version='3.2.1'

I saw this after seeing no log from an nmap scan. Upon restarting syslog, messages appeared, but with an hour delay:

Dec 11 13:53:52 svibor kernel: Initializing cgroup subsys cpuset
Dec 11 13:53:52 svibor kernel: Initializing cgroup subsys cpu
Dec 11 13:53:52 svibor kernel: Linux version 2.6.36-ARCH (tobias@T-POWA-LX) (gcc
 version 4.5.1 20101125 (prerelease) (GCC) ) #1 SMP PREEMPT Fri Dec 10 20:01:53
UTC 2010

So, I was wondering, whether somebody else observed something like this

Thx.
L.

Last edited by Leonid.I (2010-12-11 19:38:11)

---

Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

falconindy

Developer

From: New York, USA

Registered: 2009-10-22

Posts: 4,111

Website

Re: Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

syslog-ng's config file changed. Have you merged your .pacnew file?

edit: forgot to mention obligatory "works for me"

Last edited by falconindy (2010-12-11 19:42:36)

---

blog | ±github

Leonid.I

Member

From: Aethyr

Registered: 2009-03-22

Posts: 999

Re: Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

Thanks for replying

edit: forgot to mention obligatory "works for me"

syslog-ng's config file changed. Have you merged your .pacnew file?

Really? Hmm...

~> find /etc/ -name *.pac*
find: `/etc/cups/ssl': Permission denied
find: `/etc/polkit-1/localauthority': Permission denied
/etc/rkhunter.conf.pacnew
/etc/texmf/web2c/updmap.cfg.pacnew

~> tail /var/log/pacman.log 
[2010-12-11 12:46] :: Generating image '/boot/kernel26-lts-fallback.img'...SUCCESS
[2010-12-11 12:46] ==> SUCCESS
[2010-12-11 12:46] upgraded kernel26-lts (2.6.32.26-1 -> 2.6.32.27-1)
[2010-12-11 12:46] upgraded man-pages (3.31-1 -> 3.32-1)
[2010-12-11 12:46] upgraded syslog-ng (3.1.2-1 -> 3.2.1-1)
[2010-12-11 12:46] upgraded udev (164-2 -> 164-3)
[2010-12-11 12:46] upgraded usbutils (0.91-3 -> 0.91-4)
[2010-12-11 12:46] upgraded xulrunner (1.9.2.13-1 -> 1.9.2.13-2)

Strangely, I can't reproduce this again

---

Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

falconindy

Developer

From: New York, USA

Registered: 2009-10-22

Posts: 4,111

Website

Re: Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

Well, a .pacnew wouldn't have been created if you never changed /etc/syslog-ng.conf. The following section from pacman(8) applies:

       original=X, current=X, new=Y
           The current file is the same as the original but the new one differs. Since the user did not ever modify the file, and the new one may
           contain improvements or bugfixes, install the new file.

So your problem is the result of something else... Anything out of the ordinary or non-stock about your setup? VPS? Systemd? Gas powered potato shredder?

---

blog | ±github

Leonid.I

Member

From: Aethyr

Registered: 2009-03-22

Posts: 999

Re: Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

Well, a .pacnew wouldn't have been created if you never changed /etc/syslog-ng.conf. The following section from pacman(8) applies:

       original=X, current=X, new=Y
           The current file is the same as the original but the new one differs. Since the user did not ever modify the file, and the new one may
           contain improvements or bugfixes, install the new file.

So your problem is the result of something else... Anything out of the ordinary or non-stock about your setup? VPS? Systemd? Gas powered potato shredder?

Yeah, I have never touched syslog-ng.conf -- the old (=new) config worked fine. My system is a completely stock arch install with only [core] and [extra] repos enabled.

I am starting to blame /var/lib/syslog-ng/syslog-ng.persist. Indeed, this file seems to contain some sort of runtime data. It is not destroyed when syslog is stopped or the system restarts, and thus could have survived from 3.1.2... This might also be a reason why the broblem went away after another syslog restart... I am surprised that noone noticed...

BTW, falconindy, congratulations on your TU acceptance

---

Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

vcap

Member

Registered: 2009-09-10

Posts: 9

Re: Wierd syslog-ng logging after upgrading 3.1.2-1 -> 3.2.1-1

Same thing here. After upgrade and reboot, no kernel messages in the logs (everything else was logged, though).

"/etc/rc.d/syslog-ng restart" seems to fix it.