Re: [syslog-ng] Why Syslog-NG can't start?

Hi, I don't see any suspicious just by reading the config. But you can use "syslog-ng -s" to check if the syntax you use is correct. If it is, you should check /var/log/audit/audit.log if there is a SELinux rule, which blocks syslog-ng. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Mon, Jun 19, 2017 at 10:43 AM, 'Jason Long' via SYSLOG-NG <syslog-ng@balabit.com> wrote:

Hello. I installed Syslog-NG on CentOS 7 x64 and my configuration is :

@version:3.5 @include "scl.conf"

# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/

options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); ts_format(iso); encoding(UTF-8); };

source s_netsyslog { udp(ip(0.0.0.0) port(514) flags(no-hostname)); tcp(ip(0.0.0.0) port(514) flags(no-hostname)); };

destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); }; destination d_separatedbyhosts{file("/var/log/$HOST/messages" owner("root") group("root") perm(0655) dir_perm(0755) create_dirs(yes)); };

log { source(s_netsyslog); destination(d_separatedbyhosts); };

# Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf"

# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

But my Syslog-NG can't start and give me below error:

# systemctl status syslog-ng.service ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: failed (Result: start-limit) since Mon 2017-06-19 05:33:42 EDT; 32s ago Docs: man:syslog-ng(8) Process: 20920 ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd.pid (code=exited, status=1/FAILURE) Main PID: 20920 (code=exited, status=1/FAILURE) Status: "Starting up... (Mon Jun 19 05:33:41 2017"

Jun 19 05:33:41 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state. Jun 19 05:33:41 localhost.localdomain systemd[1]: syslog-ng.service failed. Jun 19 05:33:42 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart. Jun 19 05:33:42 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service Jun 19 05:33:42 localhost.localdomain systemd[1]: Failed to start System Logger Daemon. Jun 19 05:33:42 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state. Jun 19 05:33:42 localhost.localdomain systemd[1]: syslog-ng.service failed. Jun 19 05:33:42 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service Jun 19 05:33:42 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.

Jun 19 05:33:42 localhost.localdomain systemd[1]: syslog-ng.service failed.

How can I solve it?

Thank you. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq