<div dir="ltr">Hello,<br>Any help?<br>If it is available online, please help me with a link as I am unable to find anything useful over internet.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 6, 2020 at 3:04 PM Abhi Arora <<a href="mailto:engr.abhiarora@gmail.com">engr.abhiarora@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>"ls -l /dev/log" returns:<br>> lrwxrwxrwx 1 root root 28 Sep 30 13:28 /dev/log -> /run/systemd/journal/dev-log<br></div><div><br></div>"lsof" returns a huge list of open files. I am putting few related to sysnlog<div><br></div><div>> 363     /usr/sbin/syslog-ng     /dev/null<br>363     /usr/sbin/syslog-ng     socket:[6284]<br>363     /usr/sbin/syslog-ng     socket:[6284]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventpoll]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     socket:[6522]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     anon_inode:[eventfd]<br>363     /usr/sbin/syslog-ng     /var/lib/syslog-ng/syslog-ng.persist<br>363     /usr/sbin/syslog-ng     socket:[6537]<br>363     /usr/sbin/syslog-ng     /proc/kmsg<br>363     /usr/sbin/syslog-ng     anon_inode:[timerfd]<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 6, 2020 at 2:39 PM Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 06.02.20 12:30, Abhi Arora wrote:<br>
>I don't see service start fail messages. However, even with the latest<br>
>date, syslog doesn't show any logs from my applications. However,<br>
>journalctl is showing the logs after a latest date update.<br>
><br>
>source s_src { unix-dgram("/dev/log"); internal();<br>
>             file("/proc/kmsg" program_override("kernel"));<br>
>};<br>
<br>
try "ls -l /dev/log" <br>
in this case:<br>
<br>
lrwxrwxrwx 1 root root 28 apr 14  2018 /dev/log -> /run/systemd/journal/dev-log<br>
<br>
is the log redirected to journald <br>
and in this case:<br>
<br>
srw-rw-rw- 1 root root 0 Dec 16 06:54 /dev/log<br>
<br>
you can verify it's used by syslog-ng:<br>
<br>
# lsof /dev/log<br>
COMMAND    PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME<br>
syslog-ng 1747 root   14u  unix 0x00000000364c47ad      0t0 1544 /dev/log type=DGRAM<br>
<br>
>On Thu, Feb 6, 2020 at 12:21 PM Nagy Gábor <<a href="mailto:gabor.hl@gmail.com" target="_blank">gabor.hl@gmail.com</a>> wrote:<br>
><br>
>> I think you need to add /dev/log to unix-dgram.<br>
>><br>
>> source s_src { unix-dgram("/dev/log");<br>
>> internal();<br>
>>              file("/proc/kmsg" program_override("kernel"));<br>
>> };<br>
>><br>
>> Regards,<br>
>> Gábor<br>
>><br>
>><br>
>> ______________________________________________________________________________<br>
>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>> Documentation:<br>
>> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
>><br>
>><br>
<br>
>______________________________________________________________________________<br>
>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
"Where do you want to go to die?" [Microsoft]<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
</blockquote></div>