Thank you very much for  the guidance

 

After spawning the syslog-ng, I have noticed that  there are two processes related to syslog-ng.  Is this right?

 

TOR #-> /sbin/syslog-ng

TOR #-> ps | grep syslog-ng

5545 root     {syslog-ng} supervising syslog-ng

5546 root     /sbin/syslog-ng

 

 

Please find the output of syslog-ng --module-registry.

Below Module  system-source status is ok

 

Also there is   “source    systemd-journal”.  Should I have to disable systemd-journal in configure  to resolve system()  issue

 

TOR#-> syslog-ng --module-registry

Module: json-plugin

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The json module provides JSON parsing & formatting support for syslog-ng.

Plugins:

  parser          json-parser

  template-func   format_json

 

Module: kvformat

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The kvformat module provides key-value format (such as WELF) support for syslog-ng.

Plugins:

  parser          kv-parser

  parser          linux-audit-parser

  template-func   format-welf

 

Module: pseudofile

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The pseudofile module provides the pseudofile() destination for syslog-ng

Plugins:

  destination     pseudofile

 

Module: linux-kmsg-format

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The linux-kmsg-format module provides support for parsing linux 3.5+ /dev/kmsg-format messages.

Plugins:

  format          linux-kmsg

 

Module: csvparser

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The csvparser module provides parsing support for CSV and other separated value formats for syslog-ng.

Plugins:

  parser          csv-parser

 

Module: system-source

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The system-source module provides support for determining the system log sources at run time.

Plugins:

Module: afamqp

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The afamqp module provides AMQP destination support for syslog-ng.

Plugins:

  destination     amqp

 

Module: cryptofuncs

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The cryptofuncs module provides cryptographic template functions.

Plugins:

  template-func   uuid

  template-func   hash

  template-func   sha1

  template-func   sha256

  template-func   sha512

  template-func   md4

  template-func   md5

Module: basicfuncs

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The basicfuncs module provides various template functions for syslog-ng.

Plugins:

  template-func   grep

  template-func   if

  template-func   or

  template-func   echo

  template-func   length

  template-func   substr

  template-func   strip

  template-func   sanitize

  template-func   lowercase

  template-func   uppercase

  template-func   replace-delimiter

  template-func   padding

  template-func   +

  template-func   -

  template-func   *

  template-func   /

  template-func   %

template-func   ipv4-to-int

  template-func   indent-multi-line

  template-func   context-length

  template-func   env

  template-func   template

 

Module: afuser

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The afuser module provides the usertty() destination for syslog-ng

Plugins:

  destination     usertty

 

Module: afprog

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The afprog module provides program source & destination drivers for syslog-ng.

Plugins:

  source          program

  destination     program

Module: graphite

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The graphite module provides graphite output for syslog-ng.

Plugins:

  template-func   graphite_output

 

Module: afstomp

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The afstomp module provides STOMP destination support for syslog-ng.

Plugins:

  destination     stomp

 

Module: afsocket

Status: ok

Version: 3.7.2

Core-Revision:

Description:

The afsocket module provides socket based transports for syslog-ng, such as the udp(), tcp() and syslog() drivers. This module is compiled with SSL support.

Plugins:

  source          unix-stream

  destination     unix-stream

  source          unix-dgram

  destination     unix-dgram

  source          tcp

  destination     tcp

  source          tcp6

  destination     tcp6

  source          udp

  destination     udp

  source          udp6

  destination     udp6

  source          syslog

  destination     syslog

  source          network

  destination     network

  source          systemd-syslog

 

Module: syslogformat

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The syslogformat module provides support for parsing RFC3164 and RFC5424 format syslog messages.

Plugins:

  format          syslog

  parser          syslog-parser

 

Module: confgen

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The confgen module provides support for dynamically generated configuration file snippets for syslog-ng, used for the SCL system() driver for example

Plugins:

 

Module: dbparser

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The db-parser() module implements sample database based parsing for syslog-ng.

Plugins:

  parser          db-parser

 

Module: sdjournal

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The systemd-journal module provides systemd journal source drivers for syslog-ng where it is available.

Plugins:

  source          systemd-journal

 

Module: affile

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The affile module provides file source & destination support for syslog-ng.

Plugins:

  source          file

  source          pipe

  destination     file

  destination     pipe

Module: afmongodb

Status: ok

Version: 3.7.2

Core-Revision:

Description:

  The afmongodb module provides MongoDB destination support for syslog-ng.

Plugins:

  destination     mongodb

 

From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Saturday, February 27, 2016 12:15 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Error while spawning the syslog-ng : "source plugin system not found "

 

No not necessarily, it is a built-in source that detects your local log transport and generates config accordingly.

This module is shipped with syslog-ng and should always be available. By rereading your error messages it seems unrelated to the systemd issue, sorry for sidetracking you.

This can be a generic failure in loading plugins. If you start syslog-ng with --module-registry you should see all plugins available to syslog-ng. What is the output there? Look for the system source plugin specifically.

On the other hand, system() is just a convinience wrapper over unix-dgram and unix-dgram drivers. So in most cases it can simply be replaced by

source s_local {
  unix-dgram("/dev/log");
};

On Feb 26, 2016 6:25 PM, "Girish Kumar" <girish.kumar@al-enterprise.com> wrote:

No I don’t have systemd or libsystemd-journal.so.   I have checked in /lib , sbin. I have not found here.

Please let  me know how to check this? Also let me know what is the role of system () . Is it mandatory to have this?

 

 

TOR #-> syslog-ng  -V

syslog-ng 3.7.2

Installer-Version: 3.7.2

Revision:

Compile-Date: Feb 24 2016 23:02:43

Available-Modules: json-plugin,kvformat,pseudofile,linux-kmsg-format,csvparser,system-source,afamqp,cryptofuncs,basicfuncs,afuser,afprog,graphite,afstomp,afsocket,syslogformat,confgen,dbparser,sdjournal,affile,afmongodb

Enable-Debug: off

Enable-GProf: off

Enable-Memtrace: off

Enable-IPv6: on

Enable-Spoof-Source: off

Enable-TCP-Wrapper: off

Enable-Linux-Caps: off

TOR #->

 

Regards,

Girish

 

From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Friday, February 26, 2016 12:15 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Error while spawning the syslog-ng : "source plugin system not found "

 

There was an issue that on newer systemd based platforms the systemd-journal () plugin doesn't load. You should see this on stderrr during startup. It is a pretty recent issue maybe #914?

Do you have systemd? Do you have a separate libsystemd-journal.so or just a monolithic libsystemd.so?

The problem is with supporting the latter one.

On Feb 25, 2016 2:54 PM, "Girish Kumar" <girish.kumar@al-enterprise.com> wrote:

Hi Gyu,

My contents is default syslog-ng.conf which is generated after make install

@version: 3.7
@include "scl.conf"

source s_local {
    #system();
    internal();
};

source s_network {
    udp();
};

destination d_local {
    file("/var/log/messages");
};

log {
    source(s_local);

    # uncomment this line to open port 514 to receive messages
    #source(s_network);
    destination(d_local);
};

And contents of scl.conf
--------------------------
@define scl-root "`syslog-ng-data`/include/scl"
@define include-path "`include-path`:`syslog-ng-data`/include"

@include 'scl/*/*.conf'


Regards,
Girish

-----Original Message-----
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of PÁSZTOR György
Sent: Thursday, February 25, 2016 5:46 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Error while spawning the syslog-ng : "source plugin system not found "

Hi,

"Girish Kumar" <girish.kumar@al-enterprise.com> írta 2016-02-25 12:03-kor:
> Could anybody  please update on the following.
> Regards,
> Girish
>
> From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Girish Kumar
> Sent: Thursday, February 25, 2016 1:30 PM
> To: Syslog-ng users' and developers' mailing list
> Subject: [syslog-ng] Error while spawning the syslog-ng : "source plugin system not found "
>
> Hi All,
>
> I was successful  in  compilation  and installing syslog-ng
>
> While  spawning   syslog-ng,  I am getting  source plugin system not found.
>
> Following is the error. Please help me on this
>
> TOR #-> /sbin/syslog-ng
> Error parsing source, source plugin system not found in //etc/syslog-ng.conf at line 10, column 2:
>
>         system();
>         ^^^^^^

What is the exact content of your syslog-ng.conf file?
Did not you forget to include the scl?

Cheers,
Gyu
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq