Okay. That does explain the error about multiple systemd-journal sources. But the bigger issue remains untouched. Why isn't syslog reading from the journal? I finally wound up removing systemd all together and going back to openrc. But we we can figure out what went wrong, then that would be much better.


On 1/24/21 2:14 PM, Balazs Scheidler wrote:
system () automatically adds systemd-journald(), that's why your second such source triggers the error about duplicate sources.

With that said, why syslog-ng doesn't get messages from systems is a a different issue.



On Sun, Jan 24, 2021, 08:07 Dan Egli <dan@newideatest.site> wrote:

I'm trying to setup syslog-ng on a systemd system. But even though I have several things writing to syslog, syslog-ng doesn't write ANYTHING to the /var/log/messages except kernel messages and it's own info. So I searched around, and found the systemd-journal() source. So I tried it. And I get an error that says syslog-ng can't initialize the logger plugin:


# syslog-ng -F
[2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source;
[2021-01-23T23:25:36.525157] Error initializing journal_reader;
[2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
Here's the config, basically copied from the syslog-ng.com page:

@version: 3.26
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/426814
@include "scl.conf"

options {
	threaded(yes);
	chain_hostnames(no);
	stats_freq(43200);
	mark_freq(3600);
};

source s_journald {

    systemd-journal(prefix(".SDATA.journald."));

};


source src { system(); internal(); file("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };

log { source(src); destination(messages); };
log { source(s_journald); destination(messages); };
log { source(src); destination(console_all); };

What am I doing wrong? I am POSITIVE things are sending to the syslog sub-system. I have ensured several programs have sent something. But without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg and syslog-ng messages but nothing else.

I am completely stumped here.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq