Werner Flamme
2011-09-14 15:01:28 UTC
Hi everyone,
on SLES 11 SP1 we saw a very strange behaviour of syslog-ng yesterday.
First, we saw that the / filesystem became too crowded. We decided to
move several logfiles (the host is a logserver) to a directory on
another filesystem. So, syslog-ng was stopped, /var/log/loghosts was
moved to the other filesystem (from ext3 to xfs), the config was changed
to point to the new location, and syslog-ng was started.
Instead of writing to the logfiles, everything went into
/var/log/messages, which became > 1 M very fast. It was all error
notices, that syslog-ng could not write to the new destination:
permission denied, error 13. Syslog-ng runs as root, so this is a
strange text...
Since the move of the directory was complete with all rights, I couldn't
imagine any reason. Touching the mentioned files and manually writing
into the files was no problem. The only solutin was to move the files
back to the old place, change syslog-ngs config back, and everyhting was
fine. When we changed only one logfile's location, syslog-ng refused to
write to it.
What might that be? Nowhere in the docs of syslog-ng I find a notice,
that only files on the / filesystem can be used (this would be unclever,
since /var often is on another filesystem). Or that syslog-ng does not
write to files on XFS. We use syslog-ng-2.0.9-27.28.3.
How can I convince syslog-ng to log to
/zdisk/data80/var/log/loghosts/$HOST/filename instead of
/var/log/loghosts/$HOST/filename? Having /var/log/loghosts as a symlink
pointing to /zdisk/data80/var/log/loghosts did not help, so it can't be
the path length.
Regards,
Werner
on SLES 11 SP1 we saw a very strange behaviour of syslog-ng yesterday.
First, we saw that the / filesystem became too crowded. We decided to
move several logfiles (the host is a logserver) to a directory on
another filesystem. So, syslog-ng was stopped, /var/log/loghosts was
moved to the other filesystem (from ext3 to xfs), the config was changed
to point to the new location, and syslog-ng was started.
Instead of writing to the logfiles, everything went into
/var/log/messages, which became > 1 M very fast. It was all error
notices, that syslog-ng could not write to the new destination:
permission denied, error 13. Syslog-ng runs as root, so this is a
strange text...
Since the move of the directory was complete with all rights, I couldn't
imagine any reason. Touching the mentioned files and manually writing
into the files was no problem. The only solutin was to move the files
back to the old place, change syslog-ngs config back, and everyhting was
fine. When we changed only one logfile's location, syslog-ng refused to
write to it.
What might that be? Nowhere in the docs of syslog-ng I find a notice,
that only files on the / filesystem can be used (this would be unclever,
since /var often is on another filesystem). Or that syslog-ng does not
write to files on XFS. We use syslog-ng-2.0.9-27.28.3.
How can I convince syslog-ng to log to
/zdisk/data80/var/log/loghosts/$HOST/filename instead of
/var/log/loghosts/$HOST/filename? Having /var/log/loghosts as a symlink
pointing to /zdisk/data80/var/log/loghosts did not help, so it can't be
the path length.
Regards,
Werner