From: Ross Vandegrift (ross@willow.seitz.com)
Date: Tue Jan 27 2004 - 17:14:38 CET
On Mon, Jan 26, 2004 at 10:28:14PM +0100, Martin Schulze wrote:
> Could you run tcpdump / ethereal on the log host using port 514/udp
> to ensure that messages from the hosts you are missing are indeed
> send to the log host and just not processed by syslogd?
(Minor update - the VPN server messages are being logged correctly, just
under a different name than I thought. Too many names for one host...)
Sure - I'm definitely seeing the packets show up:
10:54:52.603067 hedge.seitz.com.syslog > sequoia.seitz.com.syslog: udp 98 (DF)
10:54:52.604140 hedge.seitz.com.syslog > sequoia.seitz.com.syslog: udp 42 (DF)
hedge.seitz.com is the outgoing mail relay.
I can verify that some of hedge's messages are getting through:
sequoia:/var/log# grep hedge syslog | tail -n 2
Jan 27 10:56:32 hedge ucd-snmp[424]: [smux_accept] accepted fd 4 from 127.0.0.1:3357
Jan 27 10:56:42 hedge ucd-snmp[424]: [smux_accept] accepted fd 4 from 127.0.0.1:3359
But mail messages are still weird (it looks like they came back for a
while overnight, but are gone again):
sequoia:/var/log/mail# grep hedge mail.log | tail -n 2
Jan 27 01:01:14 hedge sm-mta[26840]: i0R5hhAP026840: from=<BUTLER@seitz.com>, size=5499, class=0, nrcpts=1, msgid=<6FB400F58D1@hal.seitz.com>, proto=ESMTP, daemon=MTA, relay=hal.seitz.com [146.145.147.120]
Jan 27 10:18:11 hedge sm-mta[2415]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
I just sent an email from our main server, for relaying through hedge,
and then ran the above command. It's now close to 11:00 and the above
message is still the last from hedge in the mail.log.
> Not sure why they would not be processed, though. If they show up
> in the network dump you should run syslogd -d and send it a SIGHUP
> to continue with debug output (better redirect it into a file) so
> you can see incoming messages as they are processed.
Ok, it looks like syslogd isn't receiving the messages. I've got the
debug output in syslogdebug.log and "grep 'logmsg: mail.*hedge'
syslogdebug.log" comes out empty.
I have no idea what's going on. If I reenable local logging on hedge,
all the mail messages are correctly logged. I suppose it's possible
that the packets are being lost somehow, but why would only mail
messages be lost?
Thanks so much for your help!
-- Ross Vandegrift ross@willow.seitz.com A Pope has a Water Cannon. It is a Water Cannon. He fires Holy-Water from it. It is a Holy-Water Cannon. He Blesses it. It is a Holy Holy-Water Cannon. He Blesses the Hell out of it. It is a Wholly Holy Holy-Water Cannon. He has it pierced. It is a Holey Wholly Holy Holy-Water Cannon. He makes it official. It is a Canon Holey Wholly Holy Holy-Water Cannon. Batman and Robin arrive. He shoots them.
This archive was generated by hypermail 2.1.7 : Tue Jan 27 2004 - 19:45:27 CET