<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<font size="2"><span style="font-size:11pt">> if I understand properly, the system() source opens /dev/log socket when<br>
machine does not run systemd, am I right?<br>
</span></font></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
You are right.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<a href="https://github.com/syslog-ng/syslog-ng/blob/531d70bfbcf19a97a5278f324d141386d568ce7f/modules/system-source/system-source.c#L253" id="LPlnk739853">https://github.com/syslog-ng/syslog-ng/blob/531d70bfbcf19a97a5278f324d141386d568ce7f/modules/system-source/system-source.c#L253</a><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
If you want to be sure, you can check the expanded source code with starting syslog-ng syslog-ng <args> --preprocess-into=/tmp/expanded-config.txt<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
or by calling</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
./syslog-ng-ctl config -p</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
to get the expanded config of a running instance.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
<font size="2"><span style="font-size:11pt"></span></font></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<font size="2"><span style="font-size:11pt">> Can I force syslog-ng to open /dev/log socket in this case or have I to<br>
configure it explicitly?</span></font></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Unfortunately currently there is no way to influence system() source this way. You need to add the unix-dgram source for /dev/log manually.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Br,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
  Antal<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar@fantomas.sk><br>
<b>Sent:</b> Wednesday, March 18, 2020 12:15<br>
<b>To:</b> syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu><br>
<b>Subject:</b> [syslog-ng] use /dev/log on systemd machines</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>
<br>
<br>
Hello,<br>
<br>
if I understand properly, the system() source opens /dev/log socket when<br>
machine does not run systemd, am I right?<br>
<br>
Can I force syslog-ng to open /dev/log socket in this case or have I to<br>
configure it explicitly?<br>
<br>
<br>
--<br>
Matus UHLAR - fantomas, uhlar@fantomas.sk ; <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=jc%2BKHiIzkrw%2Bv3jNifkwHFz5DVIqi6Py9BYubnOhbkM%3D&amp;reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=jc%2BKHiIzkrw%2Bv3jNifkwHFz5DVIqi6Py9BYubnOhbkM%3D&amp;reserved=0</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
I intend to live forever - so far so good.<br>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=vLapo1XL7o4WbGS%2BEb2rL8TWXQ8f%2BASCG5kuGNcOh%2BQ%3D&amp;reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=vLapo1XL7o4WbGS%2BEb2rL8TWXQ8f%2BASCG5kuGNcOh%2BQ%3D&amp;reserved=0</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=WMGDE8HMabOAzaxqZVqHlhjQymo7i8GX4hYYPtqX3YA%3D&amp;reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=WMGDE8HMabOAzaxqZVqHlhjQymo7i8GX4hYYPtqX3YA%3D&amp;reserved=0</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=%2FutxF2L2%2FMpHFvJRx3YmzmnVJbMKrv2YrVQzhBtsQEk%3D&amp;reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&amp;data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&amp;sdata=%2FutxF2L2%2FMpHFvJRx3YmzmnVJbMKrv2YrVQzhBtsQEk%3D&amp;reserved=0</a><br>
<br>
</div>
</span></font></div>
</body>
</html>