Bug 22670 - sysklogd + logrotate drops messages occassionally
sysklogd + logrotate drops messages occassionally
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: sysklogd (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-12-21 11:02 EST by Need Real Name
Modified: 2007-04-18 12:30 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-03 20:09:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-12-21 11:02:54 EST
Every now and then you'll notice a log message or two being dropped when 
the system logs are rotated.  I notice it on my mail server (which is very 
busy most of the time); I've heard others mention it with WU-FTPD.

Consider: most programs write to the logs using the named pipe /dev/log.  
When sysklogd is restarted, it recreates /dev/log under a new inode.  This 
presents a race condition.  If, in the time between openning /dev/log and 
writing to it, the logs rotate, the sending program will use the old inode 
but sysklogd will only be listening on the new one.  Two common services 
which exhibit vulnerability to this race on a regular basis are Sendmail 
and WU-FTPD.

My proposed solution would be to add some method to instruct sysklogd to 
rotate the logs without openning a new /dev/log inode.  This could be done 
with an external signal; which would work well with the current logrotate 
scheme.  But I'm anal about precision .. I just *HATE* seeing a stray 
message from another day in my logs .. so what I've done locally is hack 
sysklogd to do the rotation all on its own, exactly at midnight.  My 
changes are extremely local and have no other schedule than local-
midnight, and use my local naming conventions, so I'm not providing them.
Comment 1 Jason Vas Dias 2005-06-03 20:09:00 EDT
Just closing out old bugs here - this one is definitely fixed
in current versions of syslogd.
syslogd preserves the open unix sockets when it receives SIGHUP,
and reopens all its log files.

Note You need to log in before you can comment on or make changes to this bug.