
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<font size="2"><span style="font-size:11pt">> if I understand properly, the system() source opens /dev/log socket when<br>

machine does not run systemd, am I right?<br>

</span></font></div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

You are right.<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<a href="https://github.com/syslog-ng/syslog-ng/blob/531d70bfbcf19a97a5278f324d141386d568ce7f/modules/system-source/system-source.c#L253" id="LPlnk739853">https://github.com/syslog-ng/syslog-ng/blob/531d70bfbcf19a97a5278f324d141386d568ce7f/modules/system-source/system-source.c#L253</a><br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

If you want to be sure, you can check the expanded source code with starting syslog-ng syslog-ng <args> --preprocess-into=/tmp/expanded-config.txt<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

or by calling</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

./syslog-ng-ctl config -p</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

to get the expanded config of a running instance.<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

<font size="2"><span style="font-size:11pt"></span></font></div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<font size="2"><span style="font-size:11pt">> Can I force syslog-ng to open /dev/log socket in this case or have I to<br>

configure it explicitly?</span></font></div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Unfortunately currently there is no way to influence system() source this way. You need to add the unix-dgram source for /dev/log manually.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Br,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

  Antal<br>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk><br>

<b>Sent:</b> Wednesday, March 18, 2020 12:15<br>

<b>To:</b> syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu><br>

<b>Subject:</b> [syslog-ng] use /dev/log on systemd machines</font>

<div> </div>

</div>

<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">

<div class="PlainText">CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>

<br>

<br>

Hello,<br>

<br>

if I understand properly, the system() source opens /dev/log socket when<br>

machine does not run systemd, am I right?<br>

<br>

Can I force syslog-ng to open /dev/log socket in this case or have I to<br>

configure it explicitly?<br>

<br>

<br>

--<br>

Matus UHLAR - fantomas, uhlar@fantomas.sk ; <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=jc%2BKHiIzkrw%2Bv3jNifkwHFz5DVIqi6Py9BYubnOhbkM%3D&amp;reserved=0">

https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=jc%2BKHiIzkrw%2Bv3jNifkwHFz5DVIqi6Py9BYubnOhbkM%3D&amp;reserved=0</a><br>

Warning: I wish NOT to receive e-mail advertising to this address.<br>

Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>

I intend to live forever - so far so good.<br>

______________________________________________________________________________<br>

Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=vLapo1XL7o4WbGS%2BEb2rL8TWXQ8f%2BASCG5kuGNcOh%2BQ%3D&amp;reserved=0">

https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=vLapo1XL7o4WbGS%2BEb2rL8TWXQ8f%2BASCG5kuGNcOh%2BQ%3D&amp;reserved=0</a><br>

Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=WMGDE8HMabOAzaxqZVqHlhjQymo7i8GX4hYYPtqX3YA%3D&amp;reserved=0">

https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=WMGDE8HMabOAzaxqZVqHlhjQymo7i8GX4hYYPtqX3YA%3D&amp;reserved=0</a><br>

FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=%2FutxF2L2%2FMpHFvJRx3YmzmnVJbMKrv2YrVQzhBtsQEk%3D&amp;reserved=0">

https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=%2FutxF2L2%2FMpHFvJRx3YmzmnVJbMKrv2YrVQzhBtsQEk%3D&amp;reserved=0</a><br>

<br>

</div>

</span></font></div>

</body>

</html>