<div dir="ltr"><div>Hi,</div><div><br></div><div>Steve, this is spot on. Thanks a lot for helping out Darren :) I am not sure why systemd support was compiled in, it should be auto-detected if the systemd-devel package is installed.<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 28, 2024 at 8:09 PM Steve Bernacki <<a href="mailto:steve@copacetic.net">steve@copacetic.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Darren,<br>
<br>
In your syslog-ng.service definition, change:<br>
<br>
Type=notify<br>
<br>
to<br>
<br>
Type=simple<br>
<br>
and $ sudo systemctl daemon-reload to reload the unit.<br>
<br>
This is occurring because Type=notify requires syslog-ng to tell systemd <br>
that it has started successfully, and your self-compiled syslog-ng <br>
wasn't compiled with systemd support (--enable-systemd).<br>
<br>
Steve<br>
<br>
On 2/28/2024 10:35 AM, Darren Fuller wrote:<br>
> Hello,<br>
><br>
> I have installed syslog-ng OSE from source on Amazon Linux 2023 <br>
> distribution (as there is no EPEL available on that distribution nor <br>
> are there any precompiled binaries for it)<br>
><br>
> When i start up syslog-ng in the local terminal with syslog-ng -Fedv , <br>
> it runs fine forever.. But when i start it with systemd : <br>
> systemctl start syslog-ng, the command times out (but does start in <br>
> the background) and then it the service restarts every two minutes or so.<br>
><br>
> I am stumped. any thoughts? where have i gone wrong?<br>
><br>
> appreciate any assistance you can offer.<br>
><br>
> thanks,<br>
> Darren<br>
><br>
><br>
> More information:<br>
> ------------<br>
> i compiled with the following and saw no errors:<br>
><br>
> > ./configure --disable-smtp --disable-http --disable-python <br>
> --disable-json<br>
> > make<br>
> > make install<br>
> ------------<br>
> I created the systemd service file as so:<br>
><br>
> > cat /etc/systemd/system/syslog-ng.service<br>
> [Unit]<br>
> Description=System Logger Daemon<br>
> Documentation=man:syslog-ng(8)<br>
> After=network.target<br>
><br>
> [Service]<br>
> Type=notify<br>
> PIDFile=/run/syslogd.pid<br>
> ExecStart=/usr/local/sbin/syslog-ng -F -p /run/syslogd.pid<br>
> ExecReload=/bin/kill -HUP $MAINPID<br>
> StandardOutput=null<br>
> Restart=on-failure<br>
><br>
> [Install]<br>
> WantedBy=multi-user.target<br>
> ------------<br>
><br>
> My config is here:<br>
> ------------<br>
> > cat /usr/local/etc/syslog-ng.conf<br>
> @include “scl.conf”<br>
> source s_local {<br>
> system();<br>
> internal();<br>
> };<br>
> destination d_local {<br>
> file(“/var/log/messages”);<br>
> file(“/var/log/messages-kv.log” template(“$ISODATE $HOST <br>
> $(format-welf --scope all-nv-pairs)\n”) frac-digits(3));<br>
> };<br>
> log {<br>
> source(s_local);<br>
> destination(d_local);<br>
> };<br>
> @include /etc/syslog-ng.d/*.conf<br>
><br>
> > cat /etc/syslog.d/syslognet.conf<br>
> options {<br>
> long_hostnames(off);<br>
> sync(0);<br>
> keep_hostname(yes);<br>
> owner(“splunk”);<br>
> group(“splunk”);<br>
> perm(0640);<br>
> create_dirs(yes);<br>
> dir_perm(0750);<br>
> };<br>
> source s_tcp_net {<br>
> tcp(ip(0.0.0.0) port(41514));<br>
> };<br>
> source s_tls_net {<br>
> network (<br>
> ip(0.0.0.0) port(42514)<br>
> transport(“tls”)<br>
> tls(<br>
> key-file(“/path/to/syslog-ng.key”)<br>
> cert-file(“/path/to/syslog-ng.crt”)<br>
> peer-verify(no)<br>
> )<br>
> );<br>
> };<br>
> destination d_net {<br>
> file(“/data/syslog/app/${SOURCEIP}/${YEAR}${MONTH}${DAY}-app-data.log”);<br>
> };<br>
> log {<br>
> source(s_tcp_net);<br>
> source(s_tls_net);<br>
> destination(d_net);<br>
> };<br>
><br>
> ------------<br>
> Here is what i see when i start it with systemd:<br>
><br>
> > systemctl start syslog-ng<br>
> Job for syslog-ng.service failed because a timeout was exceeded.<br>
> See “systemctl status syslog-ng.service” and “journalctl -xeu <br>
> syslog-ng.service” for details.<br>
><br>
> > systemctl status syslog-ng.service<br>
> syslog-ng.service - System Logger Daemon<br>
> Loaded: loaded (/etc/systemd/system/syslog-ng.service; enabled; <br>
> preset: enabled)<br>
> Active: activating (start) since Wed 2024-02-28 15:25:01 UTC; 35s ago<br>
> Docs: man:syslog-ng(8)<br>
> Main PID: 488557 (syslog-ng)<br>
> Tasks: 4 (limit: 2322)<br>
> Memory: 2.5M<br>
> CPU: 39ms<br>
> CGroup: /system.slice/syslog-ng.service<br>
> └─488557 /usr/local/sbin/syslog-ng -F -p /run/syslogd.pid<br>
> Feb 28 15:25:01 ip-172-31-7-110.ca-central-1.compute.internal <br>
> systemd[1]: Starting syslog-ng.service - System Logger Daemon...<br>
> ------------<br>
><br>
> And here is what's in /var/log/messages showing the restart:<br>
><br>
> > cat /var/log/messages | grep syslog-ng<br>
> Feb 28 14:38:24 ip-172-31-7-110 syslog-ng[447117]: syslog-ng shutting <br>
> down; version=‘4.6.0’<br>
> Feb 28 14:38:25 ip-172-31-7-110 syslog-ng[447177]: syslog-ng starting <br>
> up; version=‘4.6.0’<br>
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection <br>
> accepted; fd=‘26’, client=‘AF_INET(<a href="http://1.2.3.4:27717" target="_blank">1.2.3.4:27717</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection <br>
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:2300)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection <br>
> accepted; fd=‘28’, client=‘AF_INET(<a href="http://1.2.3.4:31585" target="_blank">1.2.3.4:31585</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection <br>
> accepted; fd=‘29’, client=‘AF_INET(<a href="http://1.2.3.4:17761" target="_blank">1.2.3.4:17761</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447177]: syslog-ng shutting <br>
> down; version=‘4.6.0’<br>
> Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447234]: syslog-ng starting <br>
> up; version=‘4.6.0’<br>
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection <br>
> accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:7213)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection <br>
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:9268)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection <br>
> accepted; fd=‘27’, client=‘AF_INET(<a href="http://1.2.3.4:13128" target="_blank">1.2.3.4:13128</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection <br>
> accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:3928)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:41:25 ip-172-31-7-110 syslog-ng[447234]: syslog-ng shutting <br>
> down; version=‘4.6.0’<br>
> Feb 28 14:41:26 ip-172-31-7-110 syslog-ng[447385]: syslog-ng starting <br>
> up; version=‘4.6.0’<br>
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection <br>
> accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:1382)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection <br>
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:5430)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection <br>
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:6373)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection <br>
> accepted; fd=‘28’, client=‘AF_INET(<a href="http://1.2.3.4:26287" target="_blank">1.2.3.4:26287</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447385]: syslog-ng shutting <br>
> down; version=‘4.6.0’<br>
> Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447443]: syslog-ng starting <br>
> up; version=‘4.6.0’<br>
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection <br>
> accepted; fd=‘25’, client=‘AF_INET(<a href="http://1.2.3.4:15165" target="_blank">1.2.3.4:15165</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection <br>
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:6967)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection <br>
> accepted; fd=‘27’, client=‘AF_INET(<a href="http://1.2.3.4:27444" target="_blank">1.2.3.4:27444</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection <br>
> accepted; fd=‘28’, client=‘AF_INET(<a href="http://1.2.3.4:20758" target="_blank">1.2.3.4:20758</a>)’, <br>
> local=‘AF_INET(0.0.0.0:41514)’<br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">Bazsi</div>