HPE Community
Operating System - HP-UX
1846598 Members
1866 Online
110256 Solutions
New Discussion

Re: Syslogd records same message repeatedly

 
Steven Hargus_3
Advisor

‎06-27-2006 12:47 AM

‎06-27-2006 12:47 AM

Syslogd records same message repeatedly

I have a server set up to receive syslog messages from many other servers. After switching this server from an HP-UX 11iV1 server to a 11iV2 server, I am now seeing:

1. syslogd running at 100% cpu
2. The same messages repeated endlessly in syslog, with the same timestamp. New messages coming in are added to this loop.
3. All syslog messages from remote servers are marked as coming from the syslog server itself (the fourth field is always the hostname of the syslog server, not the remote server as it was on the V1 server).

Does anyone have any ideas?

Thanks in advance...
0 Kudos
Reply
8 REPLIES 8
DCE
Honored Contributor

‎06-27-2006 01:16 AM

‎06-27-2006 01:16 AM

Re: Syslogd records same message repeatedly


Have you stopped and restarted the syslogd? It sounds like a runaway process at this point.

/sbin/init.d/syslog stop
/sbin/init.d/syslog start

After restarting does it still use 100% CPU?

0 Kudos
Reply
Steven Hargus_3
Advisor

‎06-27-2006 01:35 AM

‎06-27-2006 01:35 AM

Re: Syslogd records same message repeatedly

After restarting the daemon I still get the same repeated messages. CPU utilization of syslogd starts out low, then ramps up linearly until it hits 100% again.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎06-27-2006 01:45 AM

‎06-27-2006 01:45 AM

Re: Syslogd records same message repeatedly

Hi Steven,

You might try the most recent syslogd cumulative - here:

https://www6.itrc.hp.com/service/patch/patchDetail.do?patchid=PHCO_34253&sel={hpux:11.23,}&BC=main|search|

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
DCE
Honored Contributor

‎06-27-2006 02:10 AM

‎06-27-2006 02:10 AM

Re: Syslogd records same message repeatedly


Is the system fully patched? There could be an issue with the syslogd that is resolved in the current ptaches.

0 Kudos
Reply
TwoProc
Honored Contributor

‎06-27-2006 02:15 AM

‎06-27-2006 02:15 AM

Re: Syslogd records same message repeatedly

FWIW -

Steven,

Tell Lucky :-) that we got it working the following manner:

We started this syslog server project on HPUX and ended up running it on Linux, with no problems. It accepts messages from all the other flavors of Unix equally well.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Steven Hargus_3
Advisor

‎06-27-2006 04:40 AM

‎06-27-2006 04:40 AM

Re: Syslogd records same message repeatedly

Rebooted the server, and that seems to have fixed the problem. I have no idea what was wrong, but it's working now...

0 Kudos
Reply
Steven Hargus_3
Advisor

‎06-28-2006 02:45 AM

‎06-28-2006 02:45 AM

Re: Syslogd records same message repeatedly

The same thing happened again this morning. Had to reboot the server again to get it to clear up.

I have the March 2006 11iV2 patch bundle loaded. I can look into the latest patch for syslog.

The problem starts at midnight according to the performance graphs (the CPU load suddenly gets very high).

I have a script that moves the syslog into a log archive directory that runs at that time. This is what the script is doing:

# Stop syslogd for a moment...
/sbin/init.d/syslogd stop > /dev/null
if [ $? -ne 0 ];
then
echo "Problem stopping syslog."
exit
fi

# Move system-wide syslog to log archive
if [ -r /var/adm/syslog/syslog.log ];
then
mv /var/adm/syslog/syslog.log ${SYSLOG}
fi

# Move system-wide mail log to log archive
if [ -r /var/adm/syslog/mail.log ];
then
mv /var/adm/syslog/mail.log ${MAILLOG}
fi

# Start syslog up again.
/sbin/init.d/syslogd start > /dev/null
if [ $? -ne 0 ];
then
echo "Problem starting syslog."
exit
fi

I could rewrite this to not shut down syslog, but instead copy the syslog.log to the log archive directory then zero out the existing syslog, but I am still curious why the current script is not working...
0 Kudos
Reply
DCE
Honored Contributor

‎06-28-2006 02:52 AM

‎06-28-2006 02:52 AM

Re: Syslogd records same message repeatedly



In order for the script to work you may have to stop the syslog daemons on all of the client servers at midnight as well (one of them could be attempting to write to it at midnight). Try it with the copy and zeroing out of the file instead of the move.........

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.