scMerlin Does tailtaintdns have a log file?

[Ripshod]

Whilst troubleshooting a wif issue for another member I started having problems accessing the gui (huge lag/pageloads). htop showed tailtaintdns running rampant. Disabling the watchdog restored normal behaviour (of course), but does tailtaintdns have a log file I can download over SFTP to peruse and possibly fix an issue?
For those interested I was investigating various wifi settings. If I re-enable the watchdog things run fine.......... until I reboot.
If I kill the watchdog it will restart with the same problem.

 

[Viktor Jaep]

Whilst troubleshooting a wif issue for another member I started having problems accessing the gui (huge lag/pageloads). htop showed tailtaintdns running rampant. Disabling the watchdog restored normal behaviour (of course), but does tailtaintdns have a log file I can download over SFTP to peruse and possibly fix an issue?
For those interested I was investigating various wifi settings. If I re-enable the watchdog things run fine.......... until I reboot.
If I kill the watchdog it will restart with the same problem.

The word "tailtaintdns" literally comes up with zero results on google. That's the first I'd heard of this as well. Hum...

 

[Ripshod]

I have a hunch, but it means i'll be afk for a while working this out.
I'll post back when I have an answer.

 

[JGrana]

This was a JackYAZ function that watched syslog, looking for the kernel message that dnsmasq caught a fatal signal (usually 11). The function then restarts dnsmasq (service_restartdnsmasq).
One possibility - there is some kind of configuration problem with your DNS settings. If dnsmasq does restart (as the script will do) and dnsmasq catches another fatal signal then again, tailtaintdns will restart it.
On and on…
Look at /tmp/syslog.log for “Tainted” messages. If there are tons related to dnsmasq, check all your dns settings/hostnames,etc.

 

[Ripshod]

Something went daft on my network. dnsmasq was reporting it had run out of IPv6's so DHCPOFFER was stuck. in turn this caused a loop in the tailtaintdns watchdog.
I don't know why it happened as I reloaded a backup from 2 days ago (had to, only way to recover). If it happens again in 2 days then I know I have a problem. In the meantime lets hear some ideas.
I'll catch some logs next time if this happens again.

 

[Viktor Jaep]

This was a JackYAZ function that watched syslog, looking for the kernel message that dnsmasq caught a fatal signal (usually 11).

Was this included in one of his scripts or more of a standalone tool?

 

[Ripshod]

Was this included in one of his scripts or more of a standalone tool?

It's part of scMerlin.
I'm currently watching dnsmasq advertising IPv6 on my guest network. I think this is the cause.

 

[dave14305]

It’s a relatively simple script. The only thing suspicious is that it reads /tmp/syslog.log and Scribe users may have to see how that file looks (symlink) when it freaks out.

scMerlin/tailtaintdns at master · AMTM-OSR/scMerlin

scMerlin allows you to easily control the most common services/scripts on your router. scMerlin also augments your router's WebUI with a Sitemap and dynamic submenus for the main left menu of A...

github.com

#!/bin/sh
# shellcheck disable=SC2039
# shellcheck disable=SC3048
trap '' SIGHUP

tailfile="/tmp/syslog.log"

renice 15 $$
tail -F "$tailfile" | while read -r line; do
if echo "$line" | grep -q "Comm: dnsmasq Tainted:"; then logger "dnsmasq tainted detected, restarting dnsmasq"; service restart_dnsmasq; fi
done

renice 0 $$

 

[JGrana]

It’s a relatively simple script. The only thing suspicious is that it reads /tmp/syslog.log and Scribe users may have to see how that file looks (symlink) when it freaks out.

scMerlin/tailtaintdns at master · AMTM-OSR/scMerlin

scMerlin allows you to easily control the most common services/scripts on your router. scMerlin also augments your router's WebUI with a Sitemap and dynamic submenus for the main left menu of A...

github.com

#!/bin/sh
# shellcheck disable=SC2039
# shellcheck disable=SC3048
trap '' SIGHUP

tailfile="/tmp/syslog.log"

renice 15 $$
tail -F "$tailfile" | while read -r line; do
if echo "$line" | grep -q "Comm: dnsmasq Tainted:"; then logger "dnsmasq tainted detected, restarting dnsmasq"; service restart_dnsmasq; fi
done

renice 0 $$

Yes, I was thinking the same thing. Dnsmasq is so widely used but as a result (IMHO) a little “fragile”. I have had numerous dnsmasq fatal 11 over the years. Nothing new there ;-) dnsmasq v 2.86 had lots of issues (traps) with YazDHCP for some reason.
v2.91 seems fairly stable.

 

[Ripshod]

a little “fragile”

You're not kidding. I've made a filter for dhcp/dns log messages, and it's being flooded

Dec 31 17:11:57 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:57 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:58 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:58 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:59 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:11:59 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:00 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:00 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:01 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied
Dec 31 17:12:01 ripshod dnsmasq[9463]: failed to create listening socket for fe80::70cf:84ff:fe00:379a%br54: Permission denied

How the heck can dnsmasq not have permission.
This got me paranoid so I checked my ssd - everything fine there.

*edit* disabled it now. IPv6 is now officially unsupported on my guest network.

 

[Ripshod]

@Martinski a question re scribe, if you'll indulge me. Does syslog-ng filter and create logfiles constantly in the background, or are the files created when accessing the GUI (uiScribe)?
When doing the dnsmasq/tailtaintdns investigations, I had a filter for dns messages and after a relatively short time that logfile grew quite large, and seriously slowed the system log pageload. I've also seen messages for the dns in the main messages while the page loads, then they move to the dns logfile once the page eventually loads.
I may have answered my own question there.

 

[Ripshod]

After a reset and rebuild about 13hrs ago my "messages" log file has grown to over 400MB, so when I finish work I'll attempt to decipher that for y'all.

 

[Martinski]

@Martinski a question re scribe, if you'll indulge me. Does syslog-ng filter and create logfiles constantly in the background, ...

Yes, that's correct. The responsibility to filter the system log entries and create separate log files based on content-specific rules falls on syslog-ng, and it does that with a process running in the background. I don't know the minute details, but that's the gist of its core functionality.

... or are the files created when accessing the GUI (uiScribe)?

The uiScribe add-on, OTOH, simply reads the individual filtered log files to display them on the WebUI page; and now, starting with the latest 1.4.10 version, uiScribe can also rotate the log files on demand.

When doing the dnsmasq/tailtaintdns investigations, I had a filter for dns messages and after a relatively short time that logfile grew quite large, and seriously slowed the system log pageload...

After a reset and rebuild about 13hrs ago my "messages" log file has grown to over 400MB, so when I finish work I'll attempt to decipher that for y'all.

Have you tried setting the "logrotate" cron job in Scribe to run every 6 hours?

With the latest Scribe 3.2.6 version, the default directives for the "messages" log file specify a log rotation interval of 24 hours, with a 1.0MB minimum size and 4.0MB maximum size, which means that if you have the "logrotate" cron job scheduled to run every 24 hours at 12:05 AM, the log file can grow much larger than the specified maximum size before the 24-hour interval is reached.

I'm thinking of adding a 4-hour interval for the cron job to handle those scenarios where a log file grows too large within just a handful of hours.

 

[Ripshod]

I'm thinking of adding a 4-hour interval for the cron job to handle those scenarios where a log file grows too large within just a handful of hours.

That makes so much common sense I missed it.
Manual rotation of individual logs, and all logs isn't working right now for me.

 

[Martinski]

That makes so much common sense I missed it.
Manual rotation of individual logs, and all logs isn't working right now for me.

Keep in mind that the manual log rotation follows the current directives specified via the global defaults (A01global), which can be overridden by a separate logrotate configuration file associated with an individual log file. The key point is that "Rotate Log" and "Rotate All" make calls to logrotate using the conditional rules and directives currently in place. The same behavior applies to the scheduled cron job set in Scribe.

Regarding your "messages" log file, take a look at its own logrotate config file ("/opt/etc/logrotate.d/messages"). Have you made any changes from the original installation?

If not, the default maximum size should be set at 4.0MB, which means that if the log file is currently much larger than that, the "Rotate Log" button should trigger a log rotation.

If it's not working, try the "Clear Log" button, which is essentially a call to "force log rotation."

But before you clear the log using uiScribe, make a debug run of logrotate by going to the Scribe CLI Menu, select "su. scribe utilities" and then select "ld. Show logrotate debug info" You should then see a debug log indicating the rotation directives that would apply IF logrotate were to be called for each log file. Take special note of the lines targeting the "messages" log file.

 

[Ripshod]

@Martinski thank you. CRON is set every 6hrs. I'll be watching this closely.

 

[Martinski]

@Martinski thank you. CRON is set every 6hrs. I'll be watching this closely.

FYI,

There's a new 'develop' branch v3.2.7_26010323 version for Scribe that includes 3-hour and 4-hour intervals for the logrotate crob job schedule. If the log file grows too large before the 6-hour interval is reached, you can try a lower interval.

Scribe - Scribe v3.2.6 [2025-Dec-22] - Entware syslog-ng and logrotate installer for Asuswrt-Merlin

Yep, the message has already been modified accordingly. That line in the .asp must set a record for length! If I follow, this message will show if the timeout is triggered. That would also happen if the file is too big (takes too long) to load. And, can the log file ever not exist for...

www.snbforums.com