Hi, can you run syslog-ng with --preprocess-into=/dev/stdout so that we can see what system() is being expanded to? This is usually caused by the fact that either /dev/log is not opened at all or it is using SOCK_DGRAM instead of SOCK_STREAM. the syslog client built into glibc tries with both SOCK_STREAM and SOCK_DGRAM sockets, but logger does not use the glibc implementation. I saw logger with both socket types, however it seems as if it only uses the transport default to a given distribution's syslogd. This can be caused by a couple of things: 1) maybe syslog-ng thinks you are running systemd and opens a different socket for this reason 2) a bug in the system() source 3) something completely different. You might want to lsof the syslog-ng process only and see which socket it does open. Bazsi -- Bazsi On Sat, Feb 20, 2016 at 11:24 AM, Árpád Magosányi <mag@magwas.rulez.org> wrote:
Hi!
"strace logger hello" output contains this line: connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ECONNREFUSED (Connection refused)
I see logs in /dev/xconsole, just cannot emit a log line with logger. What could be the cause?
additional info:
# cat /etc/syslog-ng/syslog-ng.conf @version: 3.3 @include "scl.conf" # First, set some global options. options { chain_hostnames(off); flush_lines(0); use-dns(persist_only); dns-cache-hosts(/etc/hosts);use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); time_reap(1000); bad_hostname("^gconfd$"); }; source s_src { system(); internal(); };
#destination d_net { tcp("91.143.88.140" port(10000) tls(ca-dir("/etc/ssl") cert-file("/etc/ssl/newcert.pem") key_file("/etc/ssl/private/newkey.pem") )); }; destination d_net { tcp("infra.edemokraciagep.org" port(10000) tls(ca-dir("/etc/ssl") peer-verify(optional-untrusted))); };
destination d_messages { file("/var/log/messages");};
destination d_xconsole { pipe("/dev/xconsole"); }; destination d_apache_console { pipe("/dev/apacheconsole"); };
filter apache_log { program("apache"); }; filter non_apache_log { not program("apache"); };
destination d_vhost_gepnarancs { file("/var/log/vhost_gepnarancs"); }; filter f_gepnarancs { program("apache:php:gepnarancs") or message("gepnarancs"); }; log { source(s_src); filter(f_gepnarancs); destination(d_vhost_gepnarancs); };
log { source(s_src); destination(d_messages); };
log { source(s_src); filter(non_apache_log) ; destination(d_xconsole); };
log { source(s_src); filter(apache_log); destination(d_apache_console); };
log { source(s_src); destination(d_net); };
@include "/etc/syslog-ng/conf.d/"
--------------------------------- # lsof |grep /dev/xconsole syslog-ng 2608 root 15u FIFO 0,5 0t0 19564 /dev/xconsole cat 2641 root 3r FIFO 0,5 0t0 19564 /dev/xconsole --------------------------------- # lsof |grep /dev/log [no output] --------------------------------- # dpkg -l syslog-ng Desired=Unknown/Install/Remove/Purge/Hold |
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description
+++-================================================-=============================-=============================-====================================================================================================== ii syslog-ng 3.5.6-2 all Enhanced system logging daemon (metapackage) -------------------------------- # ls -l /dev/log srw-rw-rw- 1 root root 0 Feb 20 11:03 /dev/log --------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq