Thanks for the "Postfix Monitoring" howto btw falko! Posting here however goes without having to ask some troubling questions. I installed to a FC3 box and it worked great! However now after about two or three days I have to restart syslog. What happens is I get an email from pflogsumm with no data, I find the logging has died. Once I restart syslog, it all starts up again. Now that is what is confusing to me since we took out that /var/log/maillog path in the syslog.conf. Looking at what is driving it I do a 'lsof /var/log/maillog' Code: lsof /var/log/maillog COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME mailgraph 15174 root 4r REG 3,3 277599 3981346 /var/log/maillog syslogd 16365 root 3w REG 3,3 277599 3981346 /var/log/maillog Last time this died and I lsof'd it I only saw mailgraph which always appears to be just reading the log. So any pointers on what's happening or suggestions as to the workaround? Thanks, Warren
Do you find any error messages about syslog dying in your logs? Does it happen on the same time of day each time?
No error messages at all. And yes it does seem to happen at 4am every morning. I guess it seemed to run longer than that, but only because I didn't notice it soon enough.
I got to thinking... Is it possible that the new log rotate is conflicting with this daily syslog restart?
Please check all cron jobs on your system to see if there's one that runs at 4.00h every morning. Have a look at crontab -l and also at /etc/crontab.
To be precise I guess it is at 4:02h, and here is what runs from cron.daily: Code: 00-logwatch 0anacron logrotate rpm tetex.cron yum.cron 00-makewhatis.cron certwatch prelink slocate.cron tmpwatch 00webalizer clean.quarantine rkunter squirrelmail.cron update_phishing_sites Another twist: I didn't restart syslog this past weekend and the cronjob emailed reports at 7:00h; Saturday with data, Sunday no data, and Monday with data. Curently nothing is logging to /var/log/maillog and expect no data again. Is something buffering for a later write or am I supposed to see a live logging if I were to tail it?
I guess it's either 00-logwatch or logrotate that "interferes" with syslog. Maybe you can change the script(s) to do a syslog restart.
