[syslog-ng] ECONNREFUSED on /dev/log
Árpád Magosányi
mag at magwas.rulez.org
Sun Feb 21 22:35:48 CET 2016
On 02/20/2016 02:24 PM, Scheidler, Balázs wrote:
> Hi,
>
> can you run syslog-ng with --preprocess-into=/dev/stdout so that we
> can see what system() is being expanded to?
Output is attached
>
> 1) maybe syslog-ng thinks you are running systemd and opens a
> different socket for this reason
> 2) a bug in the system() source
> 3) something completely different.
>
> You might want to lsof the syslog-ng process only and see which socket
> it does open.
>
Are we talking about /run/systemd/journal/syslog ?
The system init is actually systemd. It is a debian 8 system, upgraded
from debian 6.
'logger -u /run/systemd/journal/syslog' does work.
As a workaround I did 'ln -s /run/systemd/journal/syslog /dev/log' .
I feel like it is just a temporary solution. Would it be better to
change syslog-ng.conf to read from /dev/log as well, or do the
symlinking in boot time?
Anyway, here is the lsof output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslog-ng 17901 root cwd DIR 254,17 4096 2 /
syslog-ng 17901 root rtd DIR 254,17 4096 2 /
syslog-ng 17901 root txt REG 254,17 15016 149028
/usr/sbin/syslog-ng
syslog-ng 17901 root mem REG 254,17 22952 2100025
/lib/x86_64-linux-gnu/libnss_dns-2.19.so
syslog-ng 17901 root mem REG 254,17 10480 2102165
/usr/lib/syslog-ng/3.5.6/liblinux-kmsg-format.so
syslog-ng 17901 root mem REG 254,17 51952 2102166
/usr/lib/syslog-ng/3.5.6/libsyslogformat.so
syslog-ng 17901 root mem REG 254,17 77904 2102155
/usr/lib/syslog-ng/3.5.6/libaffile.so
syslog-ng 17901 root mem REG 254,17 40624 2097689
/lib/x86_64-linux-gnu/libwrap.so.0.7.6
syslog-ng 17901 root mem REG 254,17 96920 2101490
/usr/lib/x86_64-linux-gnu/libnet.so.1.7.0
syslog-ng 17901 root mem REG 254,17 2062720 2098102
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
syslog-ng 17901 root mem REG 254,17 392312 2100757
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
syslog-ng 17901 root mem REG 254,17 27440 2102154
/usr/lib/syslog-ng/3.5.6/libsyslog-ng-crypto.so
syslog-ng 17901 root mem REG 254,17 112432 2102157
/usr/lib/syslog-ng/3.5.6/libafsocket-tls.so
syslog-ng 17901 root mem REG 254,17 47712 2100026
/lib/x86_64-linux-gnu/libnss_files-2.19.so
syslog-ng 17901 root mem REG 254,17 43592 2100028
/lib/x86_64-linux-gnu/libnss_nis-2.19.so
syslog-ng 17901 root mem REG 254,17 31632 2100024
/lib/x86_64-linux-gnu/libnss_compat-2.19.so
syslog-ng 17901 root mem REG 254,17 10440 2102161
/usr/lib/syslog-ng/3.5.6/libconfgen.so
syslog-ng 17901 root mem REG 254,17 14568 2102167
/usr/lib/syslog-ng/3.5.6/libsystem-source.so
syslog-ng 17901 root mem REG 254,17 72136 2097738
/lib/x86_64-linux-gnu/libgpg-error.so.0.13.0
syslog-ng 17901 root mem REG 254,17 84856 2100031
/lib/x86_64-linux-gnu/libresolv-2.19.so
syslog-ng 17901 root mem REG 254,17 924096 2097740
/lib/x86_64-linux-gnu/libgcrypt.so.20.0.3
syslog-ng 17901 root mem REG 254,17 141752 2097693
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
syslog-ng 17901 root mem REG 254,17 18640 2097405
/lib/x86_64-linux-gnu/libattr.so.1.1.0
syslog-ng 17901 root mem REG 254,17 145688 2097769
/lib/x86_64-linux-gnu/libsystemd.so.0.3.1
syslog-ng 17901 root mem REG 254,17 1738176 2100017
/lib/x86_64-linux-gnu/libc-2.19.so
syslog-ng 17901 root mem REG 254,17 137440 2100013
/lib/x86_64-linux-gnu/libpthread-2.19.so
syslog-ng 17901 root mem REG 254,17 48592 2101704
/usr/lib/x86_64-linux-gnu/libivykis.so.0.3.5
syslog-ng 17901 root mem REG 254,17 14664 2100020
/lib/x86_64-linux-gnu/libdl-2.19.so
syslog-ng 17901 root mem REG 254,17 448440 2097688
/lib/x86_64-linux-gnu/libpcre.so.3.13.1
syslog-ng 17901 root mem REG 254,17 19016 2097370
/lib/x86_64-linux-gnu/libcap.so.2.24
syslog-ng 17901 root mem REG 254,17 18840 2102113
/usr/lib/x86_64-linux-gnu/libevtlog.so.0.0.0
syslog-ng 17901 root mem REG 254,17 1107040 2100763
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1
syslog-ng 17901 root mem REG 254,17 6112 2097853
/usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.4200.1
syslog-ng 17901 root mem REG 254,17 14624 2097851
/usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.4200.1
syslog-ng 17901 root mem REG 254,17 89104 2100023
/lib/x86_64-linux-gnu/libnsl-2.19.so
syslog-ng 17901 root mem REG 254,17 31784 2100032
/lib/x86_64-linux-gnu/librt-2.19.so
syslog-ng 17901 root mem REG 254,17 582064 2102153
/usr/lib/syslog-ng/libsyslog-ng-3.5.6.so
syslog-ng 17901 root mem REG 254,17 140928 2100014
/lib/x86_64-linux-gnu/ld-2.19.so
syslog-ng 17901 root mem REG 254,17 16384 2097337
/var/lib/syslog-ng/syslog-ng.persist
syslog-ng 17901 root 0r CHR 1,3 0t0 1028
/dev/null
syslog-ng 17901 root 1w CHR 1,3 0t0 1028
/dev/null
syslog-ng 17901 root 2w CHR 1,3 0t0 1028
/dev/null
syslog-ng 17901 root 3u unix 0xffff8800d8b04000 0t0 1761378
/run/systemd/journal/syslog
syslog-ng 17901 root 4u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 5u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 6u REG 254,17 16384 2097337
/var/lib/syslog-ng/syslog-ng.persist
syslog-ng 17901 root 7r CHR 1,11 0t0 1034
/dev/kmsg
syslog-ng 17901 root 9u unix 0xffff880054b01000 0t0 1760410
/var/lib/syslog-ng/syslog-ng.ctl
syslog-ng 17901 root 10u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 11u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 12u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 13u 0000 0,9 0 6651
anon_inode
syslog-ng 17901 root 14w REG 254,17 60531 1048741
/var/log/messages
syslog-ng 17901 root 15u FIFO 0,5 0t0 19564
/dev/xconsole
-------------- next part --------------
@version: 3.5
@include "scl.conf"
#############################################################################
# Copyright (c) 2010-2012 BalaBit IT Ltd, Budapest, Hungary
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################
#
# This file is placed into /etc/syslog-ng in order to make it trivial to
# include in user written syslog-ng.conf files. It sets up 'scl-root' and
# /etc/syslog-ng, then includes all SCL supplied plugins.
#
@define scl-root "/usr/share/syslog-ng/include/scl"
@define include-path "/etc/syslog-ng:/usr/share/syslog-ng/include"
@include 'scl/system/plugin.conf'
#############################################################################
# Copyright (c) 2010-2012 BalaBit IT Ltd, Budapest, Hungary
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################
#
# This SCL module loads the "system-source" plugin explicitly (as it doesn't
# autoload right now). If the compiled plugin doesn't support your
# operating system, you can always define a block here to substitute for the
# compiled version.
#
# e.g. just create a "block source system { ... }" block in this file, and
# comment out the system-source module invocation. This way even if
# unsupported by the C version of the plugin, you can still use the system()
# source in your configuration file. Please if you have the need to do
# this, contact the syslog-ng developers and tell us about the omission.
#
# This is the mailing list address where developers are lurking:
# syslog-ng at lists.balabit.hu.
#
@module system-source
@include 'scl/pacct/plugin.conf'
#############################################################################
# Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################
block source pacct(file("/var/log/account/pacct") follow-freq(1)) {
@module pacctformat
file("`file`" follow-freq(`follow-freq`) format("pacct") tags(".pacct"));
};
@include 'scl/syslogconf/plugin.conf'
#############################################################################
# Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################
@module confgen context(root) name(syslogconf) exec("/usr/share/syslog-ng/include/scl/syslogconf/convert-syslogconf.awk < /etc/syslog.conf")
# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use-dns(persist_only); dns-cache-hosts(/etc/hosts);use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0); time_reap(1000);
bad_hostname("^gconfd$");
};
source s_src {
unix-dgram("/dev/log" so_rcvbuf(8192));
file("/dev/kmsg" program-override("kernel") flags(kernel) format(linux-kmsg));
;
internal();
};
#destination d_net { tcp("91.143.88.140" port(10000) tls(ca-dir("/etc/ssl") cert-file("/etc/ssl/newcert.pem") key_file("/etc/ssl/private/newkey.pem") )); };
destination d_net { tcp("infra.edemokraciagep.org" port(10000) tls(ca-dir("/etc/ssl") peer-verify(optional-untrusted))); };
destination d_messages { file("/var/log/messages");};
destination d_xconsole { pipe("/dev/xconsole"); };
destination d_apache_console { pipe("/dev/apacheconsole"); };
filter apache_log { program("apache"); }};
filter non_apache_log { not program("apache"); }};
destination d_vhost_gepnarancs { file("/var/log/vhost_gepnarancs"); };
filter f_gepnarancs { program("apache:php:gepnarancs") or message("gepnarancs"); }};
log { source(s_src); filter(f_gepnarancs); destination(d_vhost_gepnarancs); };
destination d_vhost_blogbox { file("/var/log/vhost_blogbox"); };
filter f_blogbox { program("apache:php:blogbox") or message("blogbox"); }};
log { source(s_src); filter(f_blogbox); destination(d_vhost_blogbox); };
destination d_vhost_yocotto { file("/var/log/vhost_yocotto"); };
filter f_yocotto { program("apache:php:yocotto") or message("yocotto"); }};
log { source(s_src); filter(f_yocotto); destination(d_vhost_yocotto); };
destination d_vhost_kibermedia { file("/var/log/vhost_kibermedia"); };
filter f_kibermedia { program("apache:php:kibermedia") or message("kibermedia") or message("participy"); }};
log { source(s_src); filter(f_kibermedia); destination(d_vhost_kibermedia); };
destination d_vhost_civilzone { file("/var/log/vhost_civilzone"); };
filter f_civilzone { program("apache:php:civilzone") or message("civilzone"); }};
log { source(s_src); filter(f_civilzone); destination(d_vhost_civilzone); };
log { source(s_src); destination(d_messages); };
log { source(s_src); filter(non_apache_log) ; destination(d_xconsole); };
log { source(s_src); filter(apache_log); destination(d_apache_console); };
log { source(s_src); destination(d_net); };
@include "/etc/syslog-ng/conf.d/"
More information about the syslog-ng
mailing list