rsyslog no se inicia: el pid ya existe

tag-icon tag-icon debian rsyslog debian-buster
rsyslog no se inicia: el pid ya existe

Estaba intentando configurar rsyslog para reenviar registros de un archivo específico a un servidor syslog y terminé purgando toda la configuración (el servicio rsyslog estaba bloqueado, no se iniciaba).

así que limpié todo e instalé todo desde cero nuevamente... y ahora falla cuando intento iniciarlo.

aquí está la versión del sistema operativo:

~# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

aquí está la versión de rsyslog

~# rsyslogd -v
rsyslogd  8.2212.0 (aka 2022.12) compiled with:
    PLATFORM:               x86_64-pc-linux-gnu
    PLATFORM (lsb_release -d):      
    FEATURE_REGEXP:             Yes
    GSSAPI Kerberos 5 support:      No
    FEATURE_DEBUG (debug build, slow code): No
    32bit Atomic operations supported:  Yes
    64bit Atomic operations supported:  Yes
    memory allocator:           system default
    Runtime Instrumentation (slow code):    No
    uuid support:               Yes
    systemd support:            No
    Config file:                /etc/rsyslog.conf
    PID file:               /var/run/rsyslogd.pid
    Number of Bits in RainerScript integers: 64

See https://www.rsyslog.com for more information.

Aquí está mi rsyslog.conf

~# cat /etc/rsyslog.conf 
#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#           For more information see
#           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*         /var/log/auth.log
*.*;auth,authpriv.none      -/var/log/syslog
#cron.*             /var/log/cron.log
daemon.*            -/var/log/daemon.log
kern.*              -/var/log/kern.log
lpr.*               -/var/log/lpr.log
mail.*              -/var/log/mail.log
user.*              -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info           -/var/log/mail.info
mail.warn           -/var/log/mail.warn
mail.err            /var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
    auth,authpriv.none;\
    news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
    auth,authpriv.none;\
    cron,daemon.none;\
    mail,news.none      -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg             :omusrmsg:*

y por último el servicio systemd (que es un enlace suave a /lib/systemd/system/rsyslog.service)

~# cat /etc/systemd/system/syslog.service 
[Unit]
Description=System Logging Service
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=man:rsyslog.conf(5)
Documentation=https://www.rsyslog.com/doc/

[Service]
Type=notify
ExecStart=/usr/sbin/rsyslogd -n 
StandardOutput=null
Restart=on-failure

# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
#LimitNOFILE=16384

[Install]
WantedBy=multi-user.target
Alias=syslog.service

cuando corro /usr/sbin/rsyslogd -nme estoy poniendo

~# /usr/sbin/rsyslogd -n
rsyslogd: pidfile '/var/run/rsyslogd.pid' and pid 6260 already exist.
If you want to run multiple instances of rsyslog, you need to specify
different pid files for them (-i option).
rsyslogd: run failed with error -3000 (see rsyslog.h or try https://www.rsyslog.com/e/3000 to learn what that number means)

estado del servicio dice:

~# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2022-12-22 08:05:56 CET; 8s ago
     Docs: man:rsyslogd(8)
           man:rsyslog.conf(5)
           https://www.rsyslog.com/doc/
  Process: 6464 ExecStart=/usr/sbin/rsyslogd -n (code=exited, status=1/FAILURE)
 Main PID: 6464 (code=exited, status=1/FAILURE)

Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Main process exited, code=exited, status=1/FAILURE
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Failed with result 'exit-code'.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: Failed to start System Logging Service.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Service RestartSec=100ms expired, scheduling restart.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 5.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: Stopped System Logging Service.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Start request repeated too quickly.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: rsyslog.service: Failed with result 'exit-code'.
Dec 22 08:05:56 TW-3CXNFA-B systemd[1]: Failed to start System Logging Service.

Estoy un poco atascado aquí... Busqué en Google el mensaje "pid ya existe" y muchos otros pero no me llevó a ninguna parte :(

Agradecería un pequeño empujón aquí, por favor :( ¿Alguna idea de lo que debo hacer?

----------- EDITAR ------------

Probé esto según los consejos de ustedes...

editó (r)syslog.service y agregó -iNONE como parámetro

~# cat /etc/systemd/system/syslog.service 
[Unit]
Description=System Logging Service
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=man:rsyslog.conf(5)
Documentation=https://www.rsyslog.com/doc/

[Service]
Type=notify
ExecStart=/usr/sbin/rsyslogd -n -iNONE
StandardOutput=null
Restart=on-failure

#Increase the default a bit in order to allow many simultaneous
#files to be monitored, we might need a lot of fds.
#LimitNOFILE=16384

[Install]
WantedBy=multi-user.target
Alias=syslog.service

recargó el demonio -> systemctl daemon-reload(sin mensajes de error)

detuvo a ambossystemctl stop syslog.socket rsyslog.service

comprobó el estado de ambos

~# systemctl status syslog.socket rsyslog.service
● syslog.socket - Syslog Socket
   Loaded: loaded (/lib/systemd/system/syslog.socket; static; vendor preset: disabled)
   Active: inactive (dead) since Thu 2022-12-22 14:57:32 CET; 18s ago
     Docs: man:systemd.special(7)
           https://www.freedesktop.org/wiki/Software/systemd/syslog
   Listen: /run/systemd/journal/syslog (Datagram)

Dec 22 10:17:58 TW-3CXNFA-B systemd[1]: Listening on Syslog Socket.
Dec 22 14:57:32 TW-3CXNFA-B systemd[1]: syslog.socket: Succeeded.
Dec 22 14:57:32 TW-3CXNFA-B systemd[1]: Closed Syslog Socket.

● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2022-12-22 14:57:32 CET; 18s ago
     Docs: man:rsyslogd(8)
           man:rsyslog.conf(5)
           https://www.rsyslog.com/doc/
  Process: 22681 ExecStart=/usr/sbin/rsyslogd -n -iNONE (code=exited, status=0/SUCCESS)
 Main PID: 22681 (code=exited, status=0/SUCCESS)

Dec 22 14:56:59 TW-3CXNFA-B systemd[1]: Starting System Logging Service...
Dec 22 14:57:32 TW-3CXNFA-B systemd[1]: rsyslog.service: Succeeded.
Dec 22 14:57:32 TW-3CXNFA-B systemd[1]: Stopped System Logging Service.

ambos están inactivos. Luego verifiqué si hay algún PID activo (todo bien)

~# ps axu | grep rsyslog
root     22747  0.0  0.0   6072   888 pts/0    S+   14:59   0:00 grep rsyslog

verificado si existe el archivo pid ls /var/run/ | grep syslog(ninguno)

Luego inicié el servicio que resultó en el mensaje de tiempo de espera.

~# systemctl start rsyslog
Job for rsyslog.service failed because a timeout was exceeded.
See "systemctl status rsyslog.service" and "journalctl -xe" for details.

comprobando el estado

~# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: activating (start) since Thu 2022-12-22 15:03:16 CET; 1min 26s ago
     Docs: man:rsyslogd(8)
           man:rsyslog.conf(5)
           https://www.rsyslog.com/doc/
 Main PID: 22896 (rsyslogd)
    Tasks: 4 (limit: 1136)
   Memory: 824.0K
   CGroup: /system.slice/rsyslog.service
           └─22896 /usr/sbin/rsyslogd -n -iNONE

Dec 22 15:03:16 TW-3CXNFA-B systemd[1]: Starting System Logging Service...

más diario:

~# journalctl -xe
-- A stop job for unit rsyslog.service has finished.
-- 
-- The job identifier is 25478 and the job result is done.
Dec 22 15:03:16 TW-3CXNFA-B systemd[1]: Starting System Logging Service...
-- Subject: A start job for unit rsyslog.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit rsyslog.service has begun execution.
-- 
-- The job identifier is 25478.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: rsyslog.service: Start operation timed out. Terminating.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: rsyslog.service: Failed with result 'timeout'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- The unit rsyslog.service has entered the 'failed' state with result 'timeout'.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: Failed to start System Logging Service.
-- Subject: A start job for unit rsyslog.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit rsyslog.service has finished with a failure.
-- 
-- The job identifier is 25478 and the job result is failed.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: rsyslog.service: Service RestartSec=100ms expired, scheduling restart.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 2.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- Automatic restarting of the unit rsyslog.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: Stopped System Logging Service.
-- Subject: A stop job for unit rsyslog.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A stop job for unit rsyslog.service has finished.
-- 
-- The job identifier is 25554 and the job result is done.
Dec 22 15:04:46 TW-3CXNFA-B systemd[1]: Starting System Logging Service...
-- Subject: A start job for unit rsyslog.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit rsyslog.service has begun execution.
-- 
-- The job identifier is 25554.
Dec 22 15:05:01 TW-3CXNFA-B CRON[22955]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 22 15:05:01 TW-3CXNFA-B CRON[22956]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Dec 22 15:05:01 TW-3CXNFA-B CRON[22955]: pam_unix(cron:session): session closed for user root

¿Qué me falta?

Respuesta1

La ubicación predeterminada del archivo PID para rsyslog es /var/run/rsyslogd.pid(como se describe en man rsyslogd). catese archivo para saber qué hay dentro.

Compruebe si ese PID es realmente rsyslogd(algo así como ps axu | grep $(cat /var/run/rsyslogd.pid)y ps axu | grep rsyslogd). Si se está ejecutando, elimínelo como se sugiere y elimine un archivo PID. Este es el problema cuando el administrador del servicio piensa que el servicio no se está ejecutando, cuando sí lo está (por ejemplo, no se pudo detener).

Si el PID existe pero no es así rsyslogd, no lo elimine. Probablemente no esté relacionado y esa acción probablemente cause más daño que bien. Simplemente elimine el archivo PID rsyslog. Esto podría haber sucedido porque rsyslog creó el archivo, colocó su PID allí y luego se detuvo, luego el sistema reutilizó ese PID para otra cosa.

Ahora, cuando el servicio esclaramente no está funcionandoyno hay ningún archivo PID engañoso, intente iniciarlo nuevamente usando el administrador de servicios, observando el inicio /var/log/daemon.logy otros archivos de registro ( messages, syslog) y verificando si hay errores durante el inicio.

Interesante es que desde Debian 11 está configurado paranopara escribir cualquier archivo PID (el inicio es como /usr/sbin/rsyslogd -n -iNONE).

Respuesta2

Creo que este es un error reportado a través del siguiente enlace:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815862

Esto parece contrario a la intuición... pero los pasos reales a seguir son detener DOS unidades systemd, y no solo rsyslog.serviceo eliminar el PID de rsyslog:

systemctl stop syslog.socket rsyslog.service

información relacionada