syslog problem

Hi all,
a server of mine is having a strange behaviour: the syslogd daemon crashes
after a while it has been started, and of course I cannot gain system
information without it. I've tried to start the daemon manually with the -d
option, and the only thing I see is a few lines like the following:
Calling select, active file descriptors (max 3): 3

Any idea or clue about how to understand what is happening?
Thanks,
Luca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: syslog problem

.... ciao:

: on "9-6-2006" "Luca Ferrari" writ:
: the syslogd daemon crashes

at one time i had a similar problem with klogd. the first thing i did
was to determine "when" it 'had' stopped running.

in your case, i think it important to discover if the daemon has
"been" stopped, or, as you say, "crashed". i used cron to test for a pid
every minute. in my case, i noticed a specific time when the failure
occurred. that's a good thing to notice ...


--
.... i'm a man, but i can change,
if i have to , i guess ...

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: syslog problem

Hello list

It all started with that I noticed apache was starting and stopping
very slow. I then started debugging it, first with -X for debug in
apache bin but I didnt get any output from that so I tryed with the
very usefull strace util. I noticed it got an hang when trying to read
from /dev/random. Why apache whould read from this file when I shut it
down I dont know.
I then tried to cat /dev/random and found nothing! /dev/random was
empty... I waited one minute and tried catting it again and found
about 10 random chars..
I then went off to google and found out that /dev/random can run empty
if the kernel random entropy pool is empty, this is logic, I also
found out that read access to /dev/random is locked as long as the
entropy pool is empty, also logic.
But the question is why is it soo slow? I have never had problem with
this on any Linux/*nix servers before. And if I manage to empty
/dev/random on another server it usually dont take more than a few
seconds to fill it up again.

Do any of you have any tips to make this process to fill up
/dev/random goo any faster? Is it "bad" to make a symlink to
/dev/urandom insteed?


In front thanks
Lars
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: syslog problem

Lars Solberg wrote:

> It all started with that I noticed apache was starting and stopping
> very slow. I then started debugging it, first with -X for debug in
> apache bin but I didnt get any output from that so I tryed with the
> very usefull strace util. I noticed it got an hang when trying to read
> from /dev/random. Why apache whould read from this file when I shut it
> down I dont know.
> I then tried to cat /dev/random and found nothing! /dev/random was
> empty... I waited one minute and tried catting it again and found
> about 10 random chars..
> I then went off to google and found out that /dev/random can run empty
> if the kernel random entropy pool is empty, this is logic, I also
> found out that read access to /dev/random is locked as long as the
> entropy pool is empty, also logic.
> But the question is why is it soo slow? I have never had problem with
> this on any Linux/*nix servers before. And if I manage to empty
> /dev/random on another server it usually dont take more than a few
> seconds to fill it up again.

One thing which will make a big difference is if the system has a
dedicated RNG (/dev/hwrng, major 10, minor 183) such as that found in
the i810 or AMD 768.

In the absence of that, the system needs a reasonable source of
entropy. If the server is only lightly loaded, common sources of
entropy such as disk access won't produce data very quickly.

Also, older kernels overestimated the entropy of certain sources, so
will produce data faster.

> Do any of you have any tips to make this process to fill up
> /dev/random goo any faster? Is it "bad" to make a symlink to
> /dev/urandom insteed?

Making /dev/random a symlink to /dev/urandom is a bad idea of you need
to use generate secure keys. If possible, it's preferable to configure
individual applications to use /dev/urandom instead of /dev/random for
less significant keys. E.g. SSL session keys don't need to be as
secure as a long-lived GPG/SSL private key.

--
Glynn Clements
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: syslog problem

On Wednesday 06 September 2006 17:15 terry white's cat, walking on the
keyboard, wrote:
> ... ciao:
> : on "9-6-2006" "Luca Ferrari" writ:
> : the syslogd daemon crashes
>
> at one time i had a similar problem with klogd. the first thing i did
> was to determine "when" it 'had' stopped running.
>
> in your case, i think it important to discover if the daemon has
> "been" stopped, or, as you say, "crashed". i used cron to test for a pid
> every minute. in my case, i noticed a specific time when the failure
> occurred. that's a good thing to notice ...


I've found the problem: the daemon.log file was too big (and there's no rotate
on it), thus the first application that tried to log on such file caused
syslogd to crash.

Thanks,
Luca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html