<div dir="ltr">I would to correct myself. The journalctl has old logs. I thought they are latest logs. So journalctl isn't logging the log if date is older than the date on last shutdown. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 6, 2020 at 11:55 AM Abhi Arora <<a href="mailto:engr.abhiarora@gmail.com">engr.abhiarora@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Looks like putting the following was causing some trouble:<div><br></div><div><div>source s_src { unix-dgram(); internal();</div><span style="color:rgb(80,0,80)"><div> file("/proc/kmsg" program_override("kernel"));<br>};</div><div><br></div><div>I tired running "journalctl" and it has all the logs. However, /var/log/syslog doesn't have the logs if date is older than the date on last shutdown. Any help?</div></span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 6, 2020 at 11:46 AM Abhi Arora <<a href="mailto:engr.abhiarora@gmail.com" target="_blank">engr.abhiarora@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I tried checking journctld logs.<div><br></div><div>Running the following command returned: journalctl</div><div><br></div><div>Feb 04 12:42:57 f1 systemd[1]: Starting System Logger Daemon "scl" instance...<br>Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.093710] Error opening control socket, bind() failed; socket='/var/run/syslog-ng/syslog-ng.ctl', erro<br>r='No such file or directory (2)'<br>Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.098856] Error opening configuration file; filename='--control', error='No such file or directory (2)<br>'<br>Feb 04 12:42:57 f1 systemd[1]: [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng@scl.service: Main process exited, code=exited, status=1/FAILURE[[0m<br>Feb 04 12:42:57 f1 systemd[1]: [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng@scl.service: Failed with result 'exit-code'.[[0m<br>Feb 04 12:42:57 f1 systemd[1]: [[0;1;31m[[0;1;39m[[0;1;31mFailed to start System Logger Daemon "scl" instance.[[0m<br>:<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020 at 9:28 PM Abhi Arora <<a href="mailto:engr.abhiarora@gmail.com" target="_blank">engr.abhiarora@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<br>Is there anything I can to debug it? Any pointer to debug it and find the root cause?<div>Should I modify my syslog conf file to</div><div><br></div><div>source s_src { unix-dgram(); internal();</div><div> file("/proc/kmsg" program_override("kernel"));<br>};<br></div><div>?</div><div>Can you help me more with "bypass journald by making sure /dev/log points to syslog-ng."?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020 at 1:57 PM Balazs Scheidler <<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">But you are using journal source, so it might be related to that.<div dir="auto"><br></div><div dir="auto">I am not sure weather you rely on journald or not, but as a workaround you could just use a unix-dgram() source and bypass journald by making sure /dev/log points to syslog-ng.</div><div dir="auto"><br></div><div dir="auto">Journald based logging is pretty slow and unless you have a usecase for it, it might be easier to bypass it completely. Makes the local logging path much simpler.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 4, 2020, 13:23 Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 04.02.20 13:59, Abhi Arora wrote:<br>
>Continuing my previous email....<br>
>> Can you share your configuration, please?<br>
>I have shared over my last email<br>
<br>
well, gmail does not have a good interface to mailing list.<br>
(html mail with very bad plaintext conversion.<br>
<br>
>> Are you using system() source?<br>
>I didn't get you. Please elaborate. You mean source code system() library<br>
>function. If that you mean, then no we don't use it.<br>
<br>
However I saw there:<br>
<br>
source s_src { systemd_journal(); internal();<br>
file("/proc/kmsg" program_override("kernel"));<br>
};<br>
<br>
No, you don't use system() source, it looks like:<br>
<br>
source s_src {<br>
system();<br>
...<br>
};<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" rel="noreferrer" target="_blank">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
2B|!2B, that's a question!<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>