in scl.conf file there is nothing except this line *@include 'scl/*/*.conf'* So i don't think so.? I get your point that tls on port 6514 may be used twice but can't find anything like that ... it is the same config file that i have used before removing the old version and putting the new one. From 3.5 to 3.8. On 04/21/2016 08:58 PM, Scot Needy wrote:
All of my conf files are included in scl.conf is scl.conf and @include "/etc/syslog-ng/conf.d/*.conf loading the same module twice ?
On Apr 21, 2016, at 1:58 PM, Ivan Adji - Krstev <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
Hi yes i start to put the file but i have some other problems... anyway here it's the config file ( syslog-ng.conf )
@version:3.8 @include "scl.conf"
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/
options { flush_lines (0); time_reopen (10); log_fifo_size (1000); # log_iw_size(100); log_fetch_limit(100); # chain_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_sys { system(); #unix-stream("/dev/log"); internal(); network( port(6514) # tcp(port(5140)); # file("/proc/kmsg" log_prefix("kernel: ")); transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d")) ); };
destination d_mongodb { mongodb( servers("localhost:27017") # database("syslog") uri('mongodb://localhost/syslog-ng' <mongodb://localhost/syslog-ng%27>) collection("messages") value-pairs( scope("selected-macros" "nv-pairs" "sdata") ) ); };
destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); };
filter f_kernel { facility(kern); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); };
#log { source(s_sys); filter(f_kernel); destination(d_cons); }; log { source(s_sys); filter(f_kernel); destination(d_mongodb); }; log { source(s_sys); filter(f_default); destination(d_mongodb); }; log { source(s_sys); filter(f_auth); destination(d_mongodb); }; log { source(s_sys); filter(f_mail); destination(d_mongodb); }; log { source(s_sys); filter(f_emergency); destination(d_mongodb); }; log { source(s_sys); filter(f_news); destination(d_mongodb); }; log { source(s_sys); filter(f_boot); destination(d_mongodb); }; log { source(s_sys); filter(f_cron); destination(d_mongodb); };
log { source(s_sys); destination(d_mongodb); };
# Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf"
# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
On 04/21/2016 06:12 PM, Scot Needy wrote:
Or the module does not die on stop and tries to start another.
On Apr 21, 2016, at 11:20 AM, Balazs Scheidler <bazsi77@gmail.com <mailto:bazsi77@gmail.com>> wrote:
maybe you have two sources binding on the same port?
On Thu, Apr 21, 2016 at 4:36 PM, Scot Needy <scotrn@gmail.com> wrote:
I don’t see your conf files but I suspect it’s trying to load the tls module twice ?
On Apr 21, 2016, at 10:04 AM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
It is the same ... if i restart the syslog-ng after that ill get the same error. If i stop the syslog-ng that port is not used anymore ... Here is the output of the *syslog-ng -Fevd*
[2016-04-21T16:02:41.478174] WARNING: Starting with syslog-ng 3.6, the system() source performs JSON parsing of messages starting with the '@cim:' prefix. No additional action is needed; [2016-04-21T16:02:41.478635] Module loaded and initialized successfully; module='sdjournal' [2016-04-21T16:02:41.478776] Finishing include; content='source confgen system', depth='1' [2016-04-21T16:02:41.479601] Module loaded and initialized successfully; module='afsocket' [2016-04-21T16:02:41.481135] Module loaded and initialized successfully; module='afmongodb' [2016-04-21T16:02:41.481914] Module loaded and initialized successfully; module='affile' [2016-04-21T16:02:41.482779] Module loaded and initialized successfully; module='afuser' [2016-04-21T16:02:41.484211] Unable to detect fully qualified hostname for localhost, use_fqdn() will use the short hostname; [2016-04-21T16:02:41.484252] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:128:7] [2016-04-21T16:02:41.484264] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:128:7] [2016-04-21T16:02:41.484276] Compiling s_sys sequence [source] at [/etc/syslog-ng/syslog-ng.conf:29:1] [2016-04-21T16:02:41.484286] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:29:15] [2016-04-21T16:02:41.484295] Compiling #unnamed sequence [log] at [source confgen system:2:5] [2016-04-21T16:02:41.484304] Compiling #unnamed sequence [source] at [source confgen system:2:5] [2016-04-21T16:02:41.484314] Compiling #unnamed junction [log] at [source confgen system:2:13] [2016-04-21T16:02:41.484323] Compiling #unnamed single [log] at [source confgen system:3:1] [2016-04-21T16:02:41.484337] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:32:2] [2016-04-21T16:02:41.484347] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:33:2] [2016-04-21T16:02:41.484363] Compiling f_auth reference [filter] at [/etc/syslog-ng/syslog-ng.conf:128:22] [2016-04-21T16:02:41.484374] Compiling f_auth sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:112:1] [2016-04-21T16:02:41.484383] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:112:22] [2016-04-21T16:02:41.484393] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:128:38] [2016-04-21T16:02:41.484403] Compiling d_mongodb sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:57:1] [2016-04-21T16:02:41.484413] Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:57:24] [2016-04-21T16:02:41.484422] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:58:5] [2016-04-21T16:02:41.484434] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:133:7] [2016-04-21T16:02:41.484445] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:133:7] [2016-04-21T16:02:41.484456] Compiling f_emergency reference [filter] at [/etc/syslog-ng/syslog-ng.conf:133:22] [2016-04-21T16:02:41.484467] Compiling f_emergency sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:114:1] [2016-04-21T16:02:41.484476] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:114:22] [2016-04-21T16:02:41.484486] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:133:43] [2016-04-21T16:02:41.484497] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:152:7] [2016-04-21T16:02:41.484506] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:152:7] [2016-04-21T16:02:41.484517] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:152:22] [2016-04-21T16:02:41.484873] Seeking the journal to the last cursor position; cursor='s=9383cb3eb8ee41eda3468d9841333aef;i=131c;b=0f07653f04794e14beeeebb18131926b;m=214f74fdf;t=530ff299a3a8e;x=d0f0c56745dc963a' [2016-04-21T16:02:41.485562] Module loaded and initialized successfully; module='syslogformat' [2016-04-21T16:02:41.485834] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-04-21T16:02:41.485874] Error initializing message pipeline;
On 04/21/2016 03:40 PM, Scot Needy wrote:
kill -9 2411
> On Apr 21, 2016, at 7:58 AM, Ivan Adji - Krstev > <akivanradix@gmail.com> wrote: > > 2411
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq