On Wednesday 09 October 2019, Peter Czanik (pczanik) wrote:
If you use a recent enough syslog-ng (3.6+ or 3.7+) then the system() source automatically detects if your system has /dev/log or journal and collects logs accordingly.
It is not works with 3.8.1: Checking syslog-ng configuration: Error parsing source, source plugin system not found in /etc/syslog-ng/syslog-ng.conf at line 20, column 5: system(); ^^^^^^ # syslog-ng --version syslog-ng 3.8.1 Installer-Version: 3.8.1 Revision: Module-Directory: /usr/lib64/syslog-ng Module-Path: /usr/lib64/syslog-ng Available-Modules: basicfuncs,cef,graphite,csvparser,linux-kmsg-format,affile,disk-buffer,afprog,sdjournal,afsocket,cryptofuncs,syslogformat,kvformat,system-source,confgen,dbparser,pseudofile,add-contextual-data,afstomp,date,afuser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: off But it's not very important: it works with 3.22.1. Thanks. I was building 3.8.1 without systemd libraries. Maybe that's the reason. -- Regards, Sergey