9 April 2019
rsyslog is the default Debian logging daemon and what's deployed fleet-wide at Wikimedia Foundation.


rsyslog "stuck"

rsyslog has been observed for getting stuck from time to time (e.g. its tls listener stops responding). In these situations a restart "fixes" the problem, however before doing a restart it is important to capture the daemon' status:

  timeout 30s strace -f -p $(pidof rsyslogd) -s 65535 -o rsyslog_$(date -Im).strace
  lsof -p $(pidof rsyslogd) > rsyslog_$(date -Im).lsof
  gdb -p $(pidof rsyslogd) --batch -ex gcore
  gdb -p $(pidof rsyslogd) --batch -ex 'thread apply all bt full' > rsyslog_$(date -Im).threaddump
  systemctl restart rsyslog