syslog-ng /appears/ to spawn a zombie "sh" process. This zombie process vanishes when syslog-ng is stopped and reappears when it is restarted. The following is the process list from top: top - 16:54:08 up 1 day, 21:46, 2 users, load average: 2.00, 2.10, 2.07 Tasks: 44 total, 3 running, 41 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0% user, 0.3% system, 99.7% nice, 0.0% idle Mem: 904440k total, 689316k used, 215124k free, 229184k buffers Swap: 457812k total, 0k used, 457812k free, 312212k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ Command 1147 root 19 19 15048 14m 772 R 99.9 1.7 2741:28 setiathome 1146 root 19 19 16264 15m 828 R 99.7 1.8 2675:23 setiathome 1 root 8 0 488 488 432 S 0.0 0.1 0:05.76 init 2 root 9 0 0 0 0 S 0.0 0.0 0:00.00 keventd 3 root 19 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd_CPU0 4 root 18 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd_CPU1 5 root 9 0 0 0 0 S 0.0 0.0 0:00.00 kswapd 6 root 9 0 0 0 0 S 0.0 0.0 0:00.00 bdflush 7 root 9 0 0 0 0 S 0.0 0.0 0:03.29 kupdated 8 root 9 0 0 0 0 S 0.0 0.0 0:00.01 ahc_dv_0 9 root 9 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0 10 root 9 0 0 0 0 S 0.0 0.0 0:00.30 kreiserfsd 34 root 9 0 896 896 604 S 0.0 0.1 0:00.03 devfsd 958 root 9 0 224 224 180 S 0.0 0.0 0:06.16 svscan 961 root 9 0 188 188 156 S 0.0 0.0 0:00.01 supervise 962 root 9 0 188 188 156 S 0.0 0.0 0:00.01 supervise 963 qmaill 9 0 192 192 156 S 0.0 0.0 0:00.00 multilog 964 qmaild 9 0 624 624 552 S 0.0 0.1 0:00.02 tcpserver 967 root 9 0 188 188 156 S 0.0 0.0 0:00.00 supervise 968 root 9 0 188 188 156 S 0.0 0.0 0:00.00 supervise 969 qmails 9 0 324 324 264 S 0.0 0.0 0:00.07 qmail-send 970 qmaill 9 0 244 244 200 S 0.0 0.0 0:00.01 multilog 972 root 9 0 280 280 220 S 0.0 0.0 0:00.01 qmail-lspawn 973 qmailr 9 0 272 272 216 S 0.0 0.0 0:00.00 qmail-rspawn 974 qmailq 9 0 276 276 232 S 0.0 0.0 0:00.00 qmail-clean 975 root 9 0 3404 3404 3308 S 0.0 0.4 0:13.10 apache2 1190 root 9 0 1200 1200 1080 S 0.0 0.1 0:00.22 sshd 1242 root 9 0 1004 1004 804 S 0.0 0.1 0:00.02 login 1243 root 9 0 352 352 300 S 0.0 0.0 0:00.00 agetty 1244 root 9 0 352 352 300 S 0.0 0.0 0:00.00 agetty 1245 root 9 0 352 352 300 S 0.0 0.0 0:00.00 agetty 1246 root 9 0 352 352 300 S 0.0 0.0 0:00.00 agetty 1247 root 9 0 352 352 300 S 0.0 0.0 0:00.00 agetty 1248 apache 9 0 2884 2884 2640 S 0.0 0.3 0:00.00 apache2 1249 apache 9 0 3432 3432 3324 S 0.0 0.4 0:00.00 apache2 1250 apache 9 0 3428 3428 3324 S 0.0 0.4 0:00.00 apache2 1251 apache 9 0 3428 3428 3324 S 0.0 0.4 0:00.01 apache2 1252 apache 9 0 3428 3428 3324 S 0.0 0.4 0:00.00 apache2 1253 apache 9 0 3428 3428 3324 S 0.0 0.4 0:00.00 apache2 1254 root 9 0 1276 1276 1028 S 0.0 0.1 0:00.03 bash 12728 root 9 0 1768 1768 1508 S 0.0 0.2 0:00.78 sshd 12731 root 9 0 1316 1316 1052 S 0.0 0.1 0:00.03 bash 21020 root 9 0 592 592 480 S 0.0 0.1 0:00.00 syslog-ng 21038 root 9 0 936 936 764 R 0.0 0.1 0:00.05 top Reproducible: Always Steps to Reproduce: 1. 2. 3. Portage 2.0.47-r10 (default-x86-1.4, gcc-3.2.2, glibc-2.3.1-r4) ================================================================= System uname: 2.4.20-gentoo-r2 i686 AMD Athlon(tm) MP 1800+ GENTOO_MIRRORS="http://gentoo.oregonstate.edu/ http://distro.ibiblio.org/pub/Linux/distributions/gentoo" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR_OVERLAY="" USE="x86 oss apm arts avi crypt encode gif imlib java jpeg kde libg++ libwww mikmod mpeg ncurses nls oggvorbis opengl pdflib png qt quicktime sdl spell svga truetype xml2 xmms xv zlib gdbm berkdb slang readline mysql gpm perl python -cups -gtk -gnome innodb tcpd pam ssl 3dnow sse mmx samba apache2 -pcmcia -alsa -motif -nas -X" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -pipe" CXXFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -pipe" ACCEPT_KEYWORDS="x86" MAKEOPTS="-j2" AUTOCLEAN="yes" SYNC="rsync://rsync.gentoo.org/gentoo-portage" FEATURES="sandbox ccache distcc" The following is my syslog-ng config file: options { long_hostnames(off); sync(0); }; #source where to read log source src { unix-stream("/dev/log"); internal(); }; source kernsrc { file("/proc/kmsg"); }; #define destinations destination authlog { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination user { file("/var/log/user.log"); }; destination mail { file("/var/log/mail.log"); }; destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty12"); }; destination mailprog { program("/usr/bin/email.sh"); }; destination xconsole { pipe("/dev/xconsole"); }; #create filters filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_failed { match("failed"); }; filter f_denied { match("denied"); }; #connect filter and destination log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(kernsrc); filter(f_kern); destination(kern); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; #mail log failed to back to me log { source(src); filter(f_failed); filter(f_denied); destination(mailprog); }; #default log log { source(src); destination(console_all); };
Wouldn't you know that the one time I restart syslog-ng to get a process list for the bug, it doesn't create a zombie process. Okay, every other time syslog-ng has started, a zombie process pops up. Honest. :) The only difference between this time and the last time I found the problem is that I updated gentoo-sources to the latest version. I did not, however, make a new kernel yet so I doubt that has anything to do with it.
What does /usr/bin/email.sh look like on your system, Charles?
email.sh doesn't exist on my system, in any directory. It's worth noting that I have thus far done close to zero setup with qmail, if that has anything to do with it.
Well, I'm betting that's the problem. The way I see it, you have a choice: 1. You can configure syslog-ng yourself - just the way *you* like it. 2. You can re-merge syslog-ng and run etc-update to get the default gentoo syslog-ng.conf that will be installed with syslog-ng-1.6.0_rc1-r1 that will probably solve your problem. I recommend 2 because it's way less work. ;-)
I'm going to close this as "FIXED" so save agriffis some work. Charles, if things don't work out for you, please go ahead and re-open.
