I would to correct myself. The journalctl has old logs. I thought they are latest logs. So journalctl isn't logging the log if date is older than the date on last shutdown. On Thu, Feb 6, 2020 at 11:55 AM Abhi Arora <engr.abhiarora@gmail.com> wrote:
Looks like putting the following was causing some trouble:
source s_src { unix-dgram(); internal(); file("/proc/kmsg" program_override("kernel")); };
I tired running "journalctl" and it has all the logs. However, /var/log/syslog doesn't have the logs if date is older than the date on last shutdown. Any help?
On Thu, Feb 6, 2020 at 11:46 AM Abhi Arora <engr.abhiarora@gmail.com> wrote:
I tried checking journctld logs.
Running the following command returned: journalctl
Feb 04 12:42:57 f1 systemd[1]: Starting System Logger Daemon "scl" instance... Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.093710] Error opening control socket, bind() failed; socket='/var/run/syslog-ng/syslog-ng.ctl', erro r='No such file or directory (2)' Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.098856] Error opening configuration file; filename='--control', error='No such file or directory (2) ' Feb 04 12:42:57 f1 systemd[1]: [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng@scl.service: Main process exited, code=exited, status=1/FAILURE[[0m Feb 04 12:42:57 f1 systemd[1]: [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng@scl.service: Failed with result 'exit-code'.[[0m Feb 04 12:42:57 f1 systemd[1]: [[0;1;31m[[0;1;39m[[0;1;31mFailed to start System Logger Daemon "scl" instance.[[0m :
On Wed, Feb 5, 2020 at 9:28 PM Abhi Arora <engr.abhiarora@gmail.com> wrote:
Hi, Is there anything I can to debug it? Any pointer to debug it and find the root cause? Should I modify my syslog conf file to
source s_src { unix-dgram(); internal(); file("/proc/kmsg" program_override("kernel")); }; ? Can you help me more with "bypass journald by making sure /dev/log points to syslog-ng."?
On Wed, Feb 5, 2020 at 1:57 PM Balazs Scheidler <bazsi77@gmail.com> wrote:
But you are using journal source, so it might be related to that.
I am not sure weather you rely on journald or not, but as a workaround you could just use a unix-dgram() source and bypass journald by making sure /dev/log points to syslog-ng.
Journald based logging is pretty slow and unless you have a usecase for it, it might be easier to bypass it completely. Makes the local logging path much simpler.
On Tue, Feb 4, 2020, 13:23 Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
On 04.02.20 13:59, Abhi Arora wrote:
Continuing my previous email.... > Can you share your configuration, please? I have shared over my last email
well, gmail does not have a good interface to mailing list. (html mail with very bad plaintext conversion.
> Are you using system() source? I didn't get you. Please elaborate. You mean source code system() library function. If that you mean, then no we don't use it.
However I saw there:
source s_src { systemd_journal(); internal(); file("/proc/kmsg" program_override("kernel")); };
No, you don't use system() source, it looks like:
source s_src { system(); ... };
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq