<div dir="ltr"><div><div><div><div><div><div><div><div>Hi,<br><br></div>can you run syslog-ng with --preprocess-into=/dev/stdout so that we can see what system() is being expanded to?<br><br></div>This is usually caused by the fact that either /dev/log is not opened at all or it is using SOCK_DGRAM instead of SOCK_STREAM. the syslog client built into glibc tries with both SOCK_STREAM and SOCK_DGRAM sockets, but logger does not use the glibc implementation. I saw logger with both socket types, however it seems as if it only uses the transport default to a given distribution&#39;s syslogd.<br><br></div>This can be caused by a couple of things:<br><br></div>1) maybe syslog-ng thinks you are running systemd and opens a different socket for this reason<br></div>2) a bug in the system() source<br></div>3) something completely different.<br><br></div>You might want to lsof the syslog-ng process only and see which socket it does open.<br><br></div>Bazsi<br><br><div><div><div><div><div><div><div><div><br></div></div></div></div></div></div></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Sat, Feb 20, 2016 at 11:24 AM, Árpád Magosányi <span dir="ltr">&lt;<a href="mailto:mag@magwas.rulez.org" target="_blank">mag@magwas.rulez.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
&quot;strace logger hello&quot; output contains this line:<br>
connect(3, {sa_family=AF_LOCAL, sun_path=&quot;/dev/log&quot;}, 110) = -1<br>
ECONNREFUSED (Connection refused)<br>
<br>
I see logs in /dev/xconsole, just cannot emit a log line with logger.<br>
What could be the cause?<br>
<br>
additional info:<br>
<br>
# cat /etc/syslog-ng/syslog-ng.conf<br>
@version: 3.3<br>
@include &quot;scl.conf&quot;<br>
# First, set some global options.<br>
options { chain_hostnames(off); flush_lines(0); use-dns(persist_only);<br>
dns-cache-hosts(/etc/hosts);use_fqdn(no);<br>
      owner(&quot;root&quot;); group(&quot;adm&quot;); perm(0640); stats_freq(0);<br>
time_reap(1000);<br>
      bad_hostname(&quot;^gconfd$&quot;);<br>
};<br>
source s_src {<br>
       system();<br>
       internal();<br>
};<br>
<br>
#destination d_net { tcp(&quot;91.143.88.140&quot; port(10000)<br>
tls(ca-dir(&quot;/etc/ssl&quot;) cert-file(&quot;/etc/ssl/newcert.pem&quot;)<br>
key_file(&quot;/etc/ssl/private/newkey.pem&quot;) )); };<br>
destination d_net { tcp(&quot;<a href="http://infra.edemokraciagep.org" rel="noreferrer" target="_blank">infra.edemokraciagep.org</a>&quot; port(10000)<br>
tls(ca-dir(&quot;/etc/ssl&quot;) peer-verify(optional-untrusted))); };<br>
<br>
destination d_messages { file(&quot;/var/log/messages&quot;);};<br>
<br>
destination d_xconsole { pipe(&quot;/dev/xconsole&quot;); };<br>
destination d_apache_console { pipe(&quot;/dev/apacheconsole&quot;); };<br>
<br>
<br>
filter apache_log { program(&quot;apache&quot;); };<br>
filter non_apache_log { not program(&quot;apache&quot;); };<br>
<br>
destination d_vhost_gepnarancs { file(&quot;/var/log/vhost_gepnarancs&quot;); };<br>
filter f_gepnarancs { program(&quot;apache:php:gepnarancs&quot;) or<br>
message(&quot;gepnarancs&quot;); };<br>
log { source(s_src); filter(f_gepnarancs);<br>
destination(d_vhost_gepnarancs); };<br>
<br>
log { source(s_src); destination(d_messages); };<br>
<br>
log { source(s_src); filter(non_apache_log) ; destination(d_xconsole); };<br>
<br>
log { source(s_src); filter(apache_log); destination(d_apache_console); };<br>
<br>
log { source(s_src); destination(d_net); };<br>
<br>
@include &quot;/etc/syslog-ng/conf.d/&quot;<br>
<br>
---------------------------------<br>
# lsof |grep /dev/xconsole<br>
syslog-ng  2608            root   15u     FIFO                0,5<br>
0t0      19564 /dev/xconsole<br>
cat        2641            root    3r     FIFO                0,5<br>
0t0      19564 /dev/xconsole<br>
---------------------------------<br>
# lsof |grep /dev/log<br>
[no output]<br>
---------------------------------<br>
# dpkg -l syslog-ng<br>
Desired=Unknown/Install/Remove/Purge/Hold<br>
|<br>
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend<br>
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)<br>
||/ Name<br>
Version                       Architecture                  Description<br>
+++-================================================-=============================-=============================-======================================================================================================<br>
ii  syslog-ng<br>
3.5.6-2                       all                           Enhanced<br>
system logging daemon (metapackage)<br>
--------------------------------<br>
# ls -l /dev/log<br>
srw-rw-rw- 1 root root 0 Feb 20 11:03 /dev/log<br>
--------------------------------<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>