Did VictoriaLogs miss any logs during the reboot?

Leave a Comment / FreeBSD, Monitoring, Network monitoring, Open Source, syslog-ng, Victoria Logs / By /

Yesterday, I modified r730-01 by Running pkgbasify on FreeBSD 15.0 – as a consequence, my log collecting jail was offline. Did it miss any logs?

Let’s find out.

In this post:

  • FreeBSD 15.0
  • syslog-ng-4.11.0_2 (sending logs from FreshPorts production)
  • victoria-logs-1.50.0_2 (receiving logs in the logs jail

The period in question

Looking at /var/log/messages, I see:

Jun 29 17:58:06 r730-01 shutdown[72325]: reboot by dvl: 
Jun 29 17:58:06 r730-01 root[72379]: shutting down jail stage-nginx01
Jun 29 17:58:07 r730-01 root[72634]: jail stage-nginx01 has shut down
Jun 29 17:58:08 r730-01 root[72679]: shutting down jail test-nginx01
Jun 29 17:58:08 r730-01 kernel:  test-nginx01
...
Jun 29 17:59:08 r730-01 root[83022]: jail dns1 has shut down
Jun 29 17:59:09 r730-01 nrpe[2797]: Caught SIGTERM - shutting down...
Jun 29 17:59:09 r730-01 nrpe[2797]: Daemon shutdown
Jun 29 17:59:09 r730-01 kernel: .
Jun 29 17:59:09 r730-01 bacula-fd[2557]: Shutting down Bacula service: r730-01-fd ...
Jun 29 17:59:09 r730-01 ntpd[2546]: ntpd exiting on signal 15 (Terminated)
Jun 29 17:59:09 r730-01 ntpd[2546]: ntpd exiting on signal 15 (Terminated)
Jun 29 18:00:06 r730-01 syslogd: exiting on signal 15

With syslogd now stopped, there are no further logs until:

Jun 29 18:02:51 r730-01 syslogd: kernel boot file is /boot/kernel/kernel
Jun 29 18:02:51 r730-01 kernel: Jun 29 18:00:06 r730-01 syslogd: exiting on signal 15
Jun 29 18:02:51 r730-01 kernel: pflog0: promiscuous mode disabled
Jun 29 18:02:51 r730-01 kernel: tap0: link state changed to DOWN
Jun 29 18:02:51 r730-01 kernel: Waiting (max 60 seconds) for system process `vnlru' to stop... done
...
Jun 29 18:03:49 r730-01 kernel:  stage-nginx01.
Jun 29 18:05:11 r730-01 dvl[81436]: trying to start jail logs...
Jun 29 18:05:11 r730-01 dvl[81891]: jail logs has started

NOTE: I had not set the logs jail to start automatically. The above was me starting the jail from the command line.

What I’m looking for

I want to know if there are any logs between 18:00:06 and 

18:05:11

in VictoriaLogs.

If there are, it means VictoriaLogs caught up after being offline. More precisely, the log submitters kept track of what had and had not been sent during the downtime.

Here we go:

Victoria logs for 18:00:00 to 18:06:00 showing 4,223 entries - the graph at the top of the page has no gaps.
Victoria logs for 18:00:00 to 18:06:00 showing 4,223 entries – the graph at the top of the page has no gaps.

So now I know. At present, I’m using only syslog-ng to forward logs into VictoriaLogs. If I start using another tool, I’ll want to confirm it also has buffering.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Related Posts

Leave a Comment

Scroll to Top