Hi Guy's,
I have one question here for you..
What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..?
Can someone help me on this..?
Thanks in Advance..!!
Thanks
Anil Panchal
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.Updating the policy with-sudo semanage port -a -t syslogd_port_t -p tcp 36598...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).Thank you!On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs <balazs.scheidler@balabit.com> wrote:I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way:
```
if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode))
```e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.syslog-ng would report the result of this check with a debug level message:
```
msg_debug("Systemd is not detected as the running init system");
```or
```
msg_debug("Systemd is detected as the running init system");
```The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.I hope this helps.--
BazsiOn Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
> If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine.
> Rather confusing, but I can't see why the systemctl file is not working as it should.
> Any ideas?
try this: in a terminal run `journalctl -f` as root.
In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing
the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`,
or by modifying
`/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog -ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq