On 06.02.20 12:30, Abhi Arora wrote:
I don't see service start fail messages. However, even with the latest date, syslog doesn't show any logs from my applications. However, journalctl is showing the logs after a latest date update.
source s_src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" program_override("kernel")); };
try "ls -l /dev/log" in this case: lrwxrwxrwx 1 root root 28 apr 14 2018 /dev/log -> /run/systemd/journal/dev-log is the log redirected to journald and in this case: srw-rw-rw- 1 root root 0 Dec 16 06:54 /dev/log you can verify it's used by syslog-ng: # lsof /dev/log COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslog-ng 1747 root 14u unix 0x00000000364c47ad 0t0 1544 /dev/log type=DGRAM
On Thu, Feb 6, 2020 at 12:21 PM Nagy Gábor <gabor.hl@gmail.com> wrote:
I think you need to add /dev/log to unix-dgram.
source s_src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" program_override("kernel")); };
Regards, Gábor
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft]