[RHEL6] rsyslogd aborted and after that past messages were logged in maillog.

Solution Verified - Updated -

Issue

  • rsyslogd had aborted since 10:03 on 29'th August at our customer's site.
$ cat date
Tue Sep 11 14:00:39 JST 2012
$ 
$ tail -n 3 var/log/messages
Aug 29 01:01:59 XXXXX xinetd[1851]: EXIT: shell status=0 pid=15571 duration=0(sec)
Aug 29 01:03:41 XXXXX kernel: eth0: NIC Link is Up 10000 Mbps
Aug 29 01:03:41 XXXXX kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
  • Parts of messages on 29'th August were logged again after rsyslogd restart in messages.
$ grep "Aug 29 0[01]" var/log/messages.2 
Aug 29 00:56:01 XXXXX xinetd[1851]: START: telnet pid=15285 from=::ffff:192.168.30.210
Aug 29 00:56:45 XXXXX xinetd[1851]: START: telnet pid=15295 from=::ffff:192.168.30.210
Aug 29 00:57:01 XXXXX xinetd[1851]: EXIT: telnet status=0 pid=15285 duration=60(sec)
Aug 29 00:57:31 XXXXX xinetd[1851]: EXIT: telnet status=0 pid=15295 duration=46(sec)
Aug 29 01:01:59 XXXXX xinetd[1851]: START: shell pid=15571 from=::ffff:192.168.30.210
Aug 29 01:01:59 XXXXX rshd[15573]: root@192.168.30.210 as root: cmd='cat /etc/hosts.allow'
Aug 29 01:01:59 XXXXX xinetd[1851]: EXIT: shell status=0 pid=15571 duration=0(sec)
Aug 29 01:03:41 XXXXX kernel: eth0: NIC Link is Up 10000 Mbps
Aug 29 01:03:41 XXXXX kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Aug 29 01:03:45 XXXXX ntpd[1859]: Listening on interface #7 eth0, fe80::250:56ff:feae:3860#123 Enabled
$ cat var/log/messages
Aug 28 23:59:01 XXXXX kernel: Kernel logging (proc) stopped.
Sep 11 10:23:27 XXXXX kernel: imklog 4.6.2, log source = /proc/kmsg started.
Sep 11 10:23:27 XXXXX rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="7832" x-info="http://www.rsyslog.com"] (re)start
Aug 29 00:56:45 XXXXX xinetd[1851]: START: telnet pid=15295 from=::ffff:192.168.30.210
Aug 29 00:57:01 XXXXX xinetd[1851]: EXIT: telnet status=0 pid=15285 duration=60(sec)
Aug 29 00:57:31 XXXXX xinetd[1851]: EXIT: telnet status=0 pid=15295 duration=46(sec)
Aug 29 01:01:59 XXXXX xinetd[1851]: START: shell pid=15571 from=::ffff:192.168.30.210
Aug 29 01:01:59 XXXXX rshd[15573]: root@192.168.30.210 as root: cmd='cat /etc/hosts.allow'
Aug 29 01:01:59 XXXXX xinetd[1851]: EXIT: shell status=0 pid=15571 duration=0(sec)
Aug 29 01:03:41 XXXXX kernel: eth0: NIC Link is Up 10000 Mbps
Aug 29 01:03:41 XXXXX kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
  • Messages on 1'st July were logged again after 10:04:16 on 29'th August in maillog.
$ grep 'Jul  1 09:25:04' maillog-qmail_20120829._xxx_.txt -B 4 -A 4
Aug 29 10:04:16 XXXXX smtpd: 1346202256.914006 tcpserver: pid 22354 from 192.168.100.171
Aug 29 10:04:16 XXXXX smtpd: 1346202256.914211 tcpserver: ok 22354 XXXXX:192.168.20.65:25 :192.168.100.171::58069
Aug 29 10:04:16 XXXXX smtpd: 1346202256.949129 tcpserver: end 22354 status 0
Aug 29 10:04:16 XXXXX smtpd: 1346202256.949161 tcpserver: status: 0/120
Jul  1 09:25:04 XXXXX smtpd: 1341102304.344436 tcpserver: status: 0/120
Jul  1 09:25:06 XXXXX smtpd: 1341102306.108272 tcpserver: status: 1/120
Jul  1 09:25:06 XXXXX smtpd: 1341102306.108515 tcpserver: pid 4908 from 192.168.20.249
Jul  1 09:25:06 XXXXX smtpd: 1341102306.108733 tcpserver: ok 4908 XXXXX:192.168.20.65:25 :192.168.20.249::49035
Jul  1 09:25:06 XXXXX smtpd: 1341102306.109427 tcpserver: end 4908 status 256

Environment

  • Red Hat Enterprise Linux 6.2
  • rsyslog-4.6.2-12.el6.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In