Bug 22670 - sysklogd + logrotate drops messages occassionally
Summary: sysklogd + logrotate drops messages occassionally
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sysklogd
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-12-21 16:02 UTC by Need Real Name
Modified: 2007-04-18 16:30 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-06-04 00:09:00 UTC
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2000-12-21 16:02:54 UTC
Every now and then you'll notice a log message or two being dropped when 
the system logs are rotated.  I notice it on my mail server (which is very 
busy most of the time); I've heard others mention it with WU-FTPD.

Consider: most programs write to the logs using the named pipe /dev/log.  
When sysklogd is restarted, it recreates /dev/log under a new inode.  This 
presents a race condition.  If, in the time between openning /dev/log and 
writing to it, the logs rotate, the sending program will use the old inode 
but sysklogd will only be listening on the new one.  Two common services 
which exhibit vulnerability to this race on a regular basis are Sendmail 
and WU-FTPD.

My proposed solution would be to add some method to instruct sysklogd to 
rotate the logs without openning a new /dev/log inode.  This could be done 
with an external signal; which would work well with the current logrotate 
scheme.  But I'm anal about precision .. I just *HATE* seeing a stray 
message from another day in my logs .. so what I've done locally is hack 
sysklogd to do the rotation all on its own, exactly at midnight.  My 
changes are extremely local and have no other schedule than local-
midnight, and use my local naming conventions, so I'm not providing them.

Comment 1 Jason Vas Dias 2005-06-04 00:09:00 UTC
Just closing out old bugs here - this one is definitely fixed
in current versions of syslogd.
syslogd preserves the open unix sockets when it receives SIGHUP,
and reopens all its log files.


Note You need to log in before you can comment on or make changes to this bug.