OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: qmgr logging breaks
From: Dylan Griffiths (Dylan_Gbigfoot.com)
Date: Sun Feb 06 2000 - 23:40:42 CST

FWIW:

> > This has happened once before, but I never managed to find a reason. A
> > restart of Postfix fixed the problem then. This time I'm keeping
> > Postfix running in this state for a while. Any ideas of what I could
> > do to find out what is happening?

Restarting Postfix fixed problem. What does Postfix do during
initialization that has to do with Syslog? It initializes its token.
 
> I suspect that the Linux syslog client does not maintain state from
> openlog() (the logging tag and the logging class) so that when it
> has to re-connect to syslogd it just invents a tag, which is wrong.

Wieste points out that the state is somehow not saved, requiring the
restart. He says the Linux implementation is broken because he assumes the
admin understood syslogd hard restarts will drop token info (soft is a HUP,
hard is a kill -9 or TERM).

>> You mean "restarted" as in stopped, then started? As opposed to
>> merely HUP'ing it?
>Yes. I needed to enable network logging (which is off by default), so
>I had to restart syslogd with "-r".

Restarting syslogd is the culprit. I've had no problem with losing my
"states" across many log rotations (daily, which involve HUPing any daemons
that write to log files, such as syslogd). The Linux Syslogd is not at
fault this time. I'll chock this one up to temporary insanity on the part
of the sysadmin :-) 

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread!