Hello, Any help? If it is available online, please help me with a link as I am unable to find anything useful over internet. On Thu, Feb 6, 2020 at 3:04 PM Abhi Arora <engr.abhiarora@gmail.com> wrote:
"ls -l /dev/log" returns:
lrwxrwxrwx 1 root root 28 Sep 30 13:28 /dev/log -> /run/systemd/journal/dev-log
"lsof" returns a huge list of open files. I am putting few related to sysnlog
363 /usr/sbin/syslog-ng /dev/null 363 /usr/sbin/syslog-ng socket:[6284] 363 /usr/sbin/syslog-ng socket:[6284] 363 /usr/sbin/syslog-ng anon_inode:[eventpoll] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng socket:[6522] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng anon_inode:[eventfd] 363 /usr/sbin/syslog-ng /var/lib/syslog-ng/syslog-ng.persist 363 /usr/sbin/syslog-ng socket:[6537] 363 /usr/sbin/syslog-ng /proc/kmsg 363 /usr/sbin/syslog-ng anon_inode:[timerfd]
On Thu, Feb 6, 2020 at 2:39 PM Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
On 06.02.20 12:30, Abhi Arora wrote:
I don't see service start fail messages. However, even with the latest date, syslog doesn't show any logs from my applications. However, journalctl is showing the logs after a latest date update.
source s_src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" program_override("kernel")); };
try "ls -l /dev/log" in this case:
lrwxrwxrwx 1 root root 28 apr 14 2018 /dev/log -> /run/systemd/journal/dev-log
is the log redirected to journald and in this case:
srw-rw-rw- 1 root root 0 Dec 16 06:54 /dev/log
you can verify it's used by syslog-ng:
# lsof /dev/log COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslog-ng 1747 root 14u unix 0x00000000364c47ad 0t0 1544 /dev/log type=DGRAM
On Thu, Feb 6, 2020 at 12:21 PM Nagy Gábor <gabor.hl@gmail.com> wrote:
I think you need to add /dev/log to unix-dgram.
source s_src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" program_override("kernel")); };
Regards, Gábor
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq