Well, you can name filters the way you want, so unless you show this excerpt from the config, I am unable to help you. On Feb 19, 2017 7:53 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi
It is a one of the filter & configured in our syslog.ng environment i.e.syslog-ng .conf file. It is configured in syslog forwarding rules for the destination server.
Thanks Anil On 19-Feb-2017 12:52 am, "Scheidler, Balázs" <balazs.scheidler@balabit.com> wrote:
Hi,
Where do you see this f_undebug ?
On Feb 18, 2017 9:21 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi Guy's, I have one question here for you.. What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..?
Can someone help me on this..?
Thanks in Advance..!!
Thanks Anil Panchal On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden@gmail.com> wrote:
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.
Updating the policy with-
sudo semanage port -a -t syslogd_port_t -p tcp 36598
...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).
Thank you!
On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote: > If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. > Rather confusing, but I can't see why the systemctl file is not working as it should. > Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq