[syslog-ng] CentOS 7.2 // Syslog-ng (syslog-ng_3.6.4)
James Elstone
james at elstone.net
Mon Jan 9 23:35:13 UTC 2017
Hi Vijay,
Indeed looks like it reads the configuration OK.
While FreeBSD is my cup of tea, have you checked "sockstat" and "netstat" to check relevant listener ports are not in use before running manually, although I would have thought that binding errors would have been seen during startup...
Have you had a look at the CentOS rc.d / service scripts for syslog-ng to look for any obvious issues, e.g. do they exist, are executable, who does the service run as and do they have access to write a pid file, service logfiles, etc?
Beyond that I am out of immediate ideas; others on this forum will be more knowledgeable than I in CentOS and syslog-ng installation, but they seem to lurk during GMT business hours which is about 10 hours away...
Is there a CentOS forum you might cross posting in also in the meantime; it sounds like a path issue or that the service is missing all together? Are you sure the service is called syslog-ng?
Kr,
James
On 9 January 2017 22:55:05 GMT+00:00, vijay amruth <vijayamruth at gmail.com> wrote:
>Thank you James. This is what I get from and it seems good but I can't
>get
>to start...
>
>
>
>[root at slc ~]# sudo syslog-ng -Fvd
>[2017-01-09T15:51:50.709879] Starting to read include file;
>filename='/usr/local/etc/scl.conf', depth='1'
>[2017-01-09T15:51:50.709971] Global value changed; define='scl-root',
>value='/usr/local/share/include/scl'
>[2017-01-09T15:51:50.709989] Global value changed;
>define='include-path',
>value='/usr/local/etc:/usr/local/share/include'
>[2017-01-09T15:51:50.710098] Adding include file;
>filename='/usr/local/share/include/scl/graphite/plugin.conf'
>[2017-01-09T15:51:50.710104] Adding include file;
>filename='/usr/local/share/include/scl/nodejs/plugin.conf'
>[2017-01-09T15:51:50.710107] Adding include file;
>filename='/usr/local/share/include/scl/pacct/plugin.conf'
>[2017-01-09T15:51:50.710110] Adding include file;
>filename='/usr/local/share/include/scl/rewrite/cc-mask.conf'
>[2017-01-09T15:51:50.710112] Adding include file;
>filename='/usr/local/share/include/scl/syslogconf/plugin.conf'
>[2017-01-09T15:51:50.710116] Adding include file;
>filename='/usr/local/share/include/scl/system/plugin.conf'
>[2017-01-09T15:51:50.710123] Starting to read include file;
>filename='/usr/local/share/include/scl/graphite/plugin.conf', depth='2'
>[2017-01-09T15:51:50.710181] Reading path for candidate modules;
>path='/usr/local/lib/syslog-ng'
>[2017-01-09T15:51:50.710217] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='linux-kmsg-format.so',
>module='linux-kmsg-format'
>[2017-01-09T15:51:50.710357] Registering candidate plugin;
>module='linux-kmsg-format', context='format', name='linux-kmsg',
>preference='0'
>[2017-01-09T15:51:50.710381] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='sdjournal.so',
>module='sdjournal'
>[2017-01-09T15:51:50.710497] Registering candidate plugin;
>module='sdjournal', context='source', name='systemd-journal',
>preference='0'
>[2017-01-09T15:51:50.710571] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afsocket-notls.so',
>module='afsocket-notls'
>[2017-01-09T15:51:50.710674] Registering candidate plugin;
>module='afsocket-notls', context='source', name='unix-stream',
>preference='0'
>[2017-01-09T15:51:50.710682] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='unix-stream',
>preference='0'
>[2017-01-09T15:51:50.710686] Registering candidate plugin;
>module='afsocket-notls', context='source', name='unix-dgram',
>preference='0'
>[2017-01-09T15:51:50.710690] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='unix-dgram',
>preference='0'
>[2017-01-09T15:51:50.710694] Registering candidate plugin;
>module='afsocket-notls', context='source', name='tcp', preference='0'
>[2017-01-09T15:51:50.710697] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='tcp',
>preference='0'
>[2017-01-09T15:51:50.710702] Registering candidate plugin;
>module='afsocket-notls', context='source', name='tcp6', preference='0'
>[2017-01-09T15:51:50.710706] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='tcp6',
>preference='0'
>[2017-01-09T15:51:50.710710] Registering candidate plugin;
>module='afsocket-notls', context='source', name='udp', preference='0'
>[2017-01-09T15:51:50.710714] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='udp',
>preference='0'
>[2017-01-09T15:51:50.710718] Registering candidate plugin;
>module='afsocket-notls', context='source', name='udp6', preference='0'
>[2017-01-09T15:51:50.710722] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='udp6',
>preference='0'
>[2017-01-09T15:51:50.710726] Registering candidate plugin;
>module='afsocket-notls', context='source', name='syslog',
>preference='0'
>[2017-01-09T15:51:50.710730] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='syslog',
>preference='0'
>[2017-01-09T15:51:50.710735] Registering candidate plugin;
>module='afsocket-notls', context='source', name='network',
>preference='0'
>[2017-01-09T15:51:50.710751] Registering candidate plugin;
>module='afsocket-notls', context='destination', name='network',
>preference='0'
>[2017-01-09T15:51:50.710754] Registering candidate plugin;
>module='afsocket-notls', context='source', name='systemd-syslog',
>preference='0'
>[2017-01-09T15:51:50.710784] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afstomp.so', module='afstomp'
>[2017-01-09T15:51:50.710863] Registering candidate plugin;
>module='afstomp', context='destination', name='stomp', preference='0'
>[2017-01-09T15:51:50.710883] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afmongodb.so',
>module='afmongodb'
>[2017-01-09T15:51:50.711020] Registering candidate plugin;
>module='afmongodb', context='destination', name='mongodb',
>preference='0'
>[2017-01-09T15:51:50.711073] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='graphite.so', module='graphite'
>[2017-01-09T15:51:50.711160] Registering candidate plugin;
>module='graphite', context='template-func', name='graphite_output',
>preference='0'
>[2017-01-09T15:51:50.711177] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='basicfuncs.so',
>module='basicfuncs'
>[2017-01-09T15:51:50.711255] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='grep',
>preference='0'
>[2017-01-09T15:51:50.711262] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='if', preference='0'
>[2017-01-09T15:51:50.711266] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='or', preference='0'
>[2017-01-09T15:51:50.711269] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='echo',
>preference='0'
>[2017-01-09T15:51:50.711273] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='length',
>preference='0'
>[2017-01-09T15:51:50.711276] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='substr',
>preference='0'
>[2017-01-09T15:51:50.711280] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='strip',
>preference='0'
>[2017-01-09T15:51:50.711283] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='sanitize',
>preference='0'
>[2017-01-09T15:51:50.711287] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='lowercase',
>preference='0'
>[2017-01-09T15:51:50.711290] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='uppercase',
>preference='0'
>[2017-01-09T15:51:50.711293] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='replace-delimiter',
>preference='0'
>[2017-01-09T15:51:50.711297] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='padding',
>preference='0'
>[2017-01-09T15:51:50.711300] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='+', preference='0'
>[2017-01-09T15:51:50.711304] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='-', preference='0'
>[2017-01-09T15:51:50.711307] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='*', preference='0'
>[2017-01-09T15:51:50.711310] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='/', preference='0'
>[2017-01-09T15:51:50.711313] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='%', preference='0'
>[2017-01-09T15:51:50.711317] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='ipv4-to-int',
>preference='0'
>[2017-01-09T15:51:50.711325] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='indent-multi-line',
>preference='0'
>[2017-01-09T15:51:50.711328] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='context-length',
>preference='0'
>[2017-01-09T15:51:50.711344] Registering candidate plugin;
>module='basicfuncs', context='template-func', name='env',
>preference='0'
>[2017-01-09T15:51:50.711359] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='dbparser.so', module='dbparser'
>[2017-01-09T15:51:50.711497] Registering candidate plugin;
>module='dbparser', context='parser', name='db-parser', preference='0'
>[2017-01-09T15:51:50.711663] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='system-source.so',
>module='system-source'
>[2017-01-09T15:51:50.711745] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afuser.so', module='afuser'
>[2017-01-09T15:51:50.711816] Registering candidate plugin;
>module='afuser',
>context='destination', name='usertty', preference='0'
>[2017-01-09T15:51:50.711836] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='cryptofuncs.so',
>module='cryptofuncs'
>[2017-01-09T15:51:50.711918] Registering candidate plugin;
>module='cryptofuncs', context='template-func', name='uuid',
>preference='0'
>[2017-01-09T15:51:50.711939] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='pseudofile.so',
>module='pseudofile'
>[2017-01-09T15:51:50.712028] Registering candidate plugin;
>module='pseudofile', context='destination', name='pseudofile',
>preference='0'
>[2017-01-09T15:51:50.712057] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='syslog-ng-crypto.so',
>module='syslog-ng-crypto'
>[2017-01-09T15:51:50.712114] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='affile.so', module='affile'
>[2017-01-09T15:51:50.712211] Registering candidate plugin;
>module='affile',
>context='source', name='file', preference='0'
>[2017-01-09T15:51:50.712219] Registering candidate plugin;
>module='affile',
>context='source', name='pipe', preference='0'
>[2017-01-09T15:51:50.712223] Registering candidate plugin;
>module='affile',
>context='destination', name='file', preference='0'
>[2017-01-09T15:51:50.712226] Registering candidate plugin;
>module='affile',
>context='destination', name='pipe', preference='0'
>[2017-01-09T15:51:50.712244] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afprog.so', module='afprog'
>[2017-01-09T15:51:50.712313] Registering candidate plugin;
>module='afprog',
>context='source', name='program', preference='0'
>[2017-01-09T15:51:50.712320] Registering candidate plugin;
>module='afprog',
>context='destination', name='program', preference='0'
>[2017-01-09T15:51:50.712334] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='syslogformat.so',
>module='syslogformat'
>[2017-01-09T15:51:50.712401] Registering candidate plugin;
>module='syslogformat', context='format', name='syslog', preference='0'
>[2017-01-09T15:51:50.712409] Registering candidate plugin;
>module='syslogformat', context='parser', name='syslog-parser',
>preference='0'
>[2017-01-09T15:51:50.712423] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afamqp.so', module='afamqp'
>[2017-01-09T15:51:50.712495] Registering candidate plugin;
>module='afamqp',
>context='destination', name='amqp', preference='0'
>[2017-01-09T15:51:50.712513] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='afsocket.so', module='afsocket'
>[2017-01-09T15:51:50.712614] Registering candidate plugin;
>module='afsocket', context='source', name='unix-stream', preference='0'
>[2017-01-09T15:51:50.712621] Registering candidate plugin;
>module='afsocket', context='destination', name='unix-stream',
>preference='0'
>[2017-01-09T15:51:50.712625] Registering candidate plugin;
>module='afsocket', context='source', name='unix-dgram', preference='0'
>[2017-01-09T15:51:50.712628] Registering candidate plugin;
>module='afsocket', context='destination', name='unix-dgram',
>preference='0'
>[2017-01-09T15:51:50.712631] Registering candidate plugin;
>module='afsocket', context='source', name='tcp', preference='0'
>[2017-01-09T15:51:50.712634] Registering candidate plugin;
>module='afsocket', context='destination', name='tcp', preference='0'
>[2017-01-09T15:51:50.712638] Registering candidate plugin;
>module='afsocket', context='source', name='tcp6', preference='0'
>[2017-01-09T15:51:50.712641] Registering candidate plugin;
>module='afsocket', context='destination', name='tcp6', preference='0'
>[2017-01-09T15:51:50.712644] Registering candidate plugin;
>module='afsocket', context='source', name='udp', preference='0'
>[2017-01-09T15:51:50.712647] Registering candidate plugin;
>module='afsocket', context='destination', name='udp', preference='0'
>[2017-01-09T15:51:50.712650] Registering candidate plugin;
>module='afsocket', context='source', name='udp6', preference='0'
>[2017-01-09T15:51:50.712653] Registering candidate plugin;
>module='afsocket', context='destination', name='udp6', preference='0'
>[2017-01-09T15:51:50.712656] Registering candidate plugin;
>module='afsocket', context='source', name='syslog', preference='0'
>[2017-01-09T15:51:50.712659] Registering candidate plugin;
>module='afsocket', context='destination', name='syslog', preference='0'
>[2017-01-09T15:51:50.712662] Registering candidate plugin;
>module='afsocket', context='source', name='network', preference='0'
>[2017-01-09T15:51:50.712665] Registering candidate plugin;
>module='afsocket', context='destination', name='network',
>preference='0'
>[2017-01-09T15:51:50.712696] Registering candidate plugin;
>module='afsocket', context='source', name='systemd-syslog',
>preference='0'
>[2017-01-09T15:51:50.712715] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='confgen.so', module='confgen'
>[2017-01-09T15:51:50.712784] Reading shared object for a candidate
>module;
>path='/usr/local/lib/syslog-ng', fname='csvparser.so',
>module='csvparser'
>[2017-01-09T15:51:50.712848] Registering candidate plugin;
>module='csvparser', context='parser', name='csv-parser', preference='0'
>[2017-01-09T15:51:50.712907] Finishing include;
>filename='/usr/local/share/include/scl/graphite/plugin.conf', depth='2'
>[2017-01-09T15:51:50.712924] Starting to read include file;
>filename='/usr/local/share/include/scl/nodejs/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713000] Finishing include;
>filename='/usr/local/share/include/scl/nodejs/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713014] Starting to read include file;
>filename='/usr/local/share/include/scl/pacct/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713063] Finishing include;
>filename='/usr/local/share/include/scl/pacct/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713076] Starting to read include file;
>filename='/usr/local/share/include/scl/rewrite/cc-mask.conf', depth='2'
>[2017-01-09T15:51:50.713128] Global value changed;
>define='balabit.credit-card-regexp',
>value='(?P<1>:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})'
>[2017-01-09T15:51:50.713161] Finishing include;
>filename='/usr/local/share/include/scl/rewrite/cc-mask.conf', depth='2'
>[2017-01-09T15:51:50.713173] Starting to read include file;
>filename='/usr/local/share/include/scl/syslogconf/plugin.conf',
>depth='2'
>[2017-01-09T15:51:50.713302] Module loaded and initialized
>successfully;
>module='confgen'
>[2017-01-09T15:51:50.713313] Finishing include;
>filename='/usr/local/share/include/scl/syslogconf/plugin.conf',
>depth='2'
>[2017-01-09T15:51:50.713328] Starting to read include file;
>filename='/usr/local/share/include/scl/system/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713463] Module loaded and initialized
>successfully;
>module='system-source'
>[2017-01-09T15:51:50.713474] Finishing include;
>filename='/usr/local/share/include/scl/system/plugin.conf', depth='2'
>[2017-01-09T15:51:50.713486] Finishing include;
>filename='/usr/local/etc/scl.conf', depth='1'
>[2017-01-09T15:51:50.713607] system(): json-parser() is missing,
>skipping
>the automatic JSON parsing of messages submitted via syslog(3), Please
>install the json module;
>[2017-01-09T15:51:50.713751] Module loaded and initialized
>successfully;
>module='afsocket-notls'
>[2017-01-09T15:51:50.713967] Module loaded and initialized
>successfully;
>module='affile'
>[2017-01-09T15:51:50.714034] Finishing include; content='source confgen
>system', depth='1'
>[2017-01-09T15:51:50.714242] Compiling #unnamed sequence [log] at
>[/usr/local/etc/syslog-ng.conf:23:2]
>[2017-01-09T15:51:50.714248] Compiling s_local reference [source] at
>[/usr/local/etc/syslog-ng.conf:23:2]
>[2017-01-09T15:51:50.714252] Compiling s_local sequence [source] at
>[/usr/local/etc/syslog-ng.conf:9:1]
>[2017-01-09T15:51:50.714255] Compiling #unnamed junction [log] at
>[/usr/local/etc/syslog-ng.conf:9:17]
>[2017-01-09T15:51:50.714257] Compiling #unnamed sequence [log]
>at
>[source confgen system:2:5]
>[2017-01-09T15:51:50.714260] Compiling #unnamed sequence
>[source]
>at [source confgen system:2:5]
>[2017-01-09T15:51:50.714262] Compiling #unnamed junction
>[log]
>at [source confgen system:2:13]
>[2017-01-09T15:51:50.714265] Compiling #unnamed sequence
>[log] at [source confgen system:4:5]
>[2017-01-09T15:51:50.714267] Compiling #unnamed
>sequence
>[source] at [source confgen system:4:5]
>[2017-01-09T15:51:50.714270] Compiling #unnamed
>junction
>[log] at [source confgen system:4:13]
>[2017-01-09T15:51:50.714272] Compiling #unnamed
>single
>[log] at [source confgen system:4:14]
>[2017-01-09T15:51:50.714276] Compiling #unnamed
>sequence
>[rewrite] at [source confgen system:6:5]
>[2017-01-09T15:51:50.714278] Compiling #unnamed
>single
>[log] at [source confgen system:6:15]
>[2017-01-09T15:51:50.714281] Compiling #unnamed single
>[log]
>at [source confgen system:8:1]
>[2017-01-09T15:51:50.714284] Compiling #unnamed single [log] at
>[/usr/local/etc/syslog-ng.conf:11:2]
>[2017-01-09T15:51:50.714288] Compiling d_local reference
>[destination] at
>[/usr/local/etc/syslog-ng.conf:27:2]
>[2017-01-09T15:51:50.714290] Compiling d_local sequence
>[destination]
>at [/usr/local/etc/syslog-ng.conf:18:1]
>[2017-01-09T15:51:50.714293] Compiling #unnamed junction [log] at
>[/usr/local/etc/syslog-ng.conf:18:22]
>[2017-01-09T15:51:50.714295] Compiling #unnamed single [log] at
>[/usr/local/etc/syslog-ng.conf:19:2]
>[2017-01-09T15:51:50.714410] Module loaded and initialized
>successfully;
>module='syslogformat'
>[2017-01-09T15:51:50.714689] Module loaded and initialized
>successfully;
>module='linux-kmsg-format'
>[2017-01-09T15:51:50.714794] Running application hooks; hook='1'
>[2017-01-09T15:51:50.714800] Running application hooks; hook='3'
>[2017-01-09T15:51:50.714823] syslog-ng starting up; version='3.6.4'
>
>On Mon, Jan 9, 2017 at 2:46 PM, James Elstone <james at elstone.net>
>wrote:
>
>> Hi Vijay,
>>
>> Try running it from a command line manually; syslog-ng --help-all
>details
>> the options, but try "syslog-ng -Fvd" and it should be quiet verbose
>as to
>> why it won't start...
>>
>> At least that will confirm your configuration file is OK!
>>
>> Kr,
>>
>> James
>>
>>
>> On 9 January 2017 22:00:23 GMT+00:00, vijay amruth
><vijayamruth at gmail.com>
>> wrote:
>>>
>>> Hello guys, Happy new year!!
>>> Hope you are doing great.
>>>
>>> I've installed (compiled ) syslog-ng on CentOS Linux 7 (Core) but
>after I
>>> got through the install which is all good, I cant get it to start,
>all it
>>> says is :
>>>
>>> systemctl status syslog-ng
>>> ● syslog-ng.service
>>> Loaded: not-found (Reason: No such file or directory)
>>> Active: inactive (dead)
>>> [vch at slc ~]$ sudo systemctl enable syslog-ng
>>> Failed to execute operation: No such file or directory
>>> [vch at slc ~]$ sudo systemctl start syslog-ng
>>> Failed to start syslog-ng.service: Unit syslog-ng.service failed to
>load:
>>> No such file or directory.
>>>
>>>
>>> Rsyslog is not running, I can't think of any, I am I missing some
>simple
>>> ?????? Any help is appreciated.
>>> --
>>> Thanks,
>>> Vijay Amrut.
>>>
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>
>
>
>--
>Thanks,
>Vijay Amrut.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170109/01a61525/attachment-0001.html>
More information about the syslog-ng
mailing list