Too much syslog-ng processes

Software SW help
1

Hi,

I’ve configured syslog-ng to send logs to a remote server.

I put the a forward.conf in /etc/syslog-ng.d:

destination d_pi {
        tcp6(
                "[my_server_ip6]"
                port(514)
                log_fifo_size(100000)
                ts_format("rfc3339")
                tls(
                        cert_file("/etc/syslog-ng.d/ssl/syslog.crt")
                        key_file("/etc/syslog-ng.d/ssl/syslog.key")
                        ca_dir("/etc/syslog-ng.d/ssl")
        );
};
log { source(src); source(kernel); destination(d_pi); };

And it works.
But…

After a few days, my syslog server is saturated (too much connections), and the culprit is my router.

 # ps|grep -v grep|grep syslog-ng
 5553 root      4628 S    {syslog-ng} supervising syslog-ng
 5554 root     13896 S    /usr/sbin/syslog-ng
 6102 root      4628 S    {syslog-ng} supervising syslog-ng
 6103 root     25008 S    /usr/sbin/syslog-ng
 6153 root      4628 S    {syslog-ng} supervising syslog-ng
 6155 root     32560 S    /usr/sbin/syslog-ng
 7109 root      4628 S    {syslog-ng} supervising syslog-ng
 7110 root     27844 S    /usr/sbin/syslog-ng
13009 root      4628 S    {syslog-ng} supervising syslog-ng
13011 root     11196 S    /usr/sbin/syslog-ng
13369 root      4628 S    {syslog-ng} supervising syslog-ng
13370 root     13848 S    /usr/sbin/syslog-ng
14413 root      4628 S    {syslog-ng} supervising syslog-ng
14414 root      8348 S    /usr/sbin/syslog-ng
15814 root      4628 S    {syslog-ng} supervising syslog-ng
15815 root      8360 S    /usr/sbin/syslog-ng
17539 root      4628 S    {syslog-ng} supervising syslog-ng
17540 root     15648 S    /usr/sbin/syslog-ng
17946 root      4628 S    {syslog-ng} supervising syslog-ng
17947 root      8348 S    /usr/sbin/syslog-ng
18046 root      4628 S    {syslog-ng} supervising syslog-ng
18047 root      8348 S    /usr/sbin/syslog-ng
19368 root      4628 S    {syslog-ng} supervising syslog-ng
19369 root      8348 S    /usr/sbin/syslog-ng
20767 root      4628 S    {syslog-ng} supervising syslog-ng
20768 root      8348 S    /usr/sbin/syslog-ng
21093 root      4628 S    {syslog-ng} supervising syslog-ng
21094 root     17888 S    /usr/sbin/syslog-ng
21681 root      4628 S    {syslog-ng} supervising syslog-ng
21682 root      8348 S    /usr/sbin/syslog-ng
21962 root      4628 S    {syslog-ng} supervising syslog-ng
21963 root      8352 S    /usr/sbin/syslog-ng
24847 root      4628 S    {syslog-ng} supervising syslog-ng
24849 root     11616 S    /usr/sbin/syslog-ng
26368 root      4628 S    {syslog-ng} supervising syslog-ng
26369 root     10704 S    /usr/sbin/syslog-ng
27004 root      4628 S    {syslog-ng} supervising syslog-ng
27005 root      8348 S    /usr/sbin/syslog-ng
27190 root      4628 S    {syslog-ng} supervising syslog-ng
27191 root      8360 S    /usr/sbin/syslog-ng
28383 root      4628 S    {syslog-ng} supervising syslog-ng
28384 root      8360 S    /usr/sbin/syslog-ng
29015 root      4628 S    {syslog-ng} supervising syslog-ng
29016 root      8348 S    /usr/sbin/syslog-ng
30910 root      4628 S    {syslog-ng} supervising syslog-ng
30912 root     12720 S    /usr/sbin/syslog-ng
32098 root      4628 S    {syslog-ng} supervising syslog-ng
32099 root      8348 S    /usr/sbin/syslog-ng

When I stop syslog-ng (/etc/init.d/syslog-ng stop), the processes remains. I have to killall them.

After restarting, I have just a single process.

# ps|grep -v grep|grep syslog
23218 root      4628 S    {syslog-ng} supervising syslog-ng
23219 root      8336 S    /usr/sbin/syslog-ng

And idea?

Thanks,
Benoit

2

Hi,
I think that this bug should be fixed in next release 3.8.5 ( commit https://gitlab.labs.nic.cz/turris/turris-os-packages/commit/085485090604b208b7aca07bd8e00ad1675a318d )

Fix:
in file /etc/init.d/syslog-ng

replace
procd_set_param command /usr/sbin/syslog-ng
with
procd_set_param command /usr/sbin/syslog-ng -F
procd_set_param respawn

1 Like
3

Patch applied. Seems OK.
(No more “supervising” process.)

Thanks :slight_smile: