Here is some additional information [2016-05-12T06:16:34.111561] Compiling f_news sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:82:1] [2016-05-12T06:16:34.111572] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:82:22] [2016-05-12T06:16:34.111582] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:94:38] [2016-05-12T06:16:34.111594] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:95:7] [2016-05-12T06:16:34.111603] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:95:7] [2016-05-12T06:16:34.111612] Compiling f_boot reference [filter] at [/etc/syslog-ng/syslog-ng.conf:95:22] [2016-05-12T06:16:34.111664] Compiling f_boot sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:85:1] [2016-05-12T06:16:34.111675] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:85:18] [2016-05-12T06:16:34.111684] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:95:38] [2016-05-12T06:16:34.111695] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:96:7] [2016-05-12T06:16:34.111703] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:96:7] [2016-05-12T06:16:34.111713] Compiling f_cron reference [filter] at [/etc/syslog-ng/syslog-ng.conf:96:22] [2016-05-12T06:16:34.111722] Compiling f_cron sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:86:1] [2016-05-12T06:16:34.111729] Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:86:18] [2016-05-12T06:16:34.111738] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:96:38] [2016-05-12T06:16:34.111747] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:97:7] [2016-05-12T06:16:34.111756] Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:97:7] [2016-05-12T06:16:34.111764] Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:97:22] [2016-05-12T06:16:34.112063] Seeking the journal to the last cursor position; cursor='s=45e493f939fe45439dc7263dbac327e7;i=14bb;b=a99860976f4b493db69999b0b65079a8;m=1686b19ee;t=532a2738500ce;x=76df0459e1f9692e' [2016-05-12T06:16:34.112746] Module loaded and initialized successfully; module='syslogformat' [2016-05-12T06:16:34.112781] Failed to acquire /run/systemd/journal/syslog socket, disabling systemd-syslog source; [2016-05-12T06:16:34.113286] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-12T06:16:34.113320] Error initializing message pipeline; On 05/10/2016 12:30 PM, Czanik, Péter wrote:
Hi,
First of all, as it was already stated here, and also on the Copr website: 3.8 is still a development version. It works fine on my server, passes the tests, still as it's a development version, mysterious things can happen.
I tried to reproduce your problem, but I could not. I followed instructions from https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-tuto... to generate self signed certificates and used the following config:
[root@localhost conf.d]# cat tls.conf source demo_tls_source { network(ip(0.0.0.0) port(6514) transport("tls") tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d") peer-verify(optional-untrusted)) ); };
log { source(demo_tls_source); destination(d_mesg); };
First I tested the configuration by starting syslog-ng from the command line: syslog-ng -Fvd, and it worked fine. Next I started it with "systemctl start syslog-ng" and that worked as well.
In both cases I tested using:
[root@localhost conf.d]# loggen -U -i -S 127.0.0.1 6514 average rate = 1030.54 msg/sec, count=10315, time=10.009, (average) msg size=256, bandwidth=257.49 kB/sec
Note: all my test machines have SELinux and iptables disabled. Check /var/log/audit/audit.log for SELinux related messages, and your firewall config if it blocks port 6514. If needed, change your configurations.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Tue, May 10, 2016 at 11:03 AM, Czanik, Péter <peter.czanik@balabit.com> wrote:
Oh, that's my repository. TLS worked fine for me earlier. I'll try to reproduce the problem later this week.
Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik
On Mon, May 9, 2016 at 5:43 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
I'm using this one: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/ To be more specific https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czani...
And im truing to use it with TLS, self signed certificate
Kind regards Ivan
On 05/09/2016 04:37 PM, Scot Needy wrote:
What repo are you using ?
On May 9, 2016, at 5:02 AM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Guys, Any news on this ? I relay need this syslog up and running.
Kind regards
On 05/06/2016 02:35 PM, Tibor Benke wrote:
If you get the mentioned errors right after the upgrade, maybe the install scripts are not able to stop syslog-ng -> the upgraded syslog-ng isn't able to start. Could you check the install scripts, please?
2016-05-06 14:28 GMT+02:00 Ivan Adji - Krstev <akivanradix@gmail.com>:
Here it is
[root@syslogserver syslog-ng]# lsof | grep LISTEN sshd 854 root 3u IPv4 15103 0t0 TCP *:ssh (LISTEN) sshd 854 root 4u IPv6 15105 0t0 TCP *:ssh (LISTEN) mongod 1325 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 1346 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 1922 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 1923 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 1924 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2010 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2011 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2012 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2013 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2165 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2167 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2168 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2169 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2170 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2171 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 2172 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 27857 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 27874 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 27876 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) mongod 1325 28175 mongod 6u IPv4 15950 0t0 TCP localhost:27017 (LISTEN) master 1577 root 13u IPv4 16582 0t0 TCP localhost:smtp (LISTEN) master 1577 root 14u IPv6 16583 0t0 TCP localhost:smtp (LISTEN) syslog-ng 28172 root 21u IPv4 3116883 0t0 TCP *:syslog-tls (LISTEN) syslog-ng 28172 28173 root 21u IPv4 3116883 0t0 TCP *:syslog-tls (LISTEN)
[root@syslogserver syslog-ng]# netstat -antp | grep 6514 tcp 0 0 0.0.0.0:6514 0.0.0.0:* LISTEN 28172/syslog-ng [root@syslogserver syslog-ng]#
Kind regards Ivan
On 05/06/2016 02:25 PM, Tibor Benke wrote:
Hi Ivan,
Could you check what program listens on 0.0.0.0:6514? Thanks! (I suppose it's a syslog-ng which failed to stop from some unknown reason.)
Tibor
2016-05-06 14:18 GMT+02:00 Ivan Adji - Krstev <akivanradix@gmail.com>:
I have to say ... defenetly we have a problem with this version. I have install minimal CentOS 7 (CentOS Linux release 7.2.1511 (Core) ) and Syslog-NG 3.8 and again i have the problem when i update from 3.7 to 3.8.
[2016-05-06T08:14:35.480042] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)' [2016-05-06T08:14:35.480091] Error initializing message pipeline;
If you have any suggestions about this problem pleas do it as im on the way to go back on 3.7
Kind regards Ivan
On 04/26/2016 02:40 AM, Scot Needy wrote:
No issues on CentOS 7.1
On Apr 25, 2016, at 1:11 PM, Scheidler, Balázs <balazs.scheidler@balabit.com> wrote:
Hi,
3.8 is not yet considered stable, although we do everything to keep it that way. It is where we integrate new stuff, both features and bugfixes. I would stick to 3.7 in a production environment, even though your feedback of 3.8 is very valuable and appreciated, so it becomes really stable when we get to the release button.
Anyway, I don't think your "address is already in use" is a 3.8 related issue, it is most probably systemd/initscript related.
-- Bazsi
On Mon, Apr 25, 2016 at 2:18 PM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Hi all, I have open a issue about the error i got when i update the Syslog-NG to 3.8 for "syslog-ng Address already in use (98)". I'm still working on the issue, but i would like to know if this newest version 3.8 is stabled as im building new environment and im asking myself do i use this 3.8 version or 3.7 ?
Thanks Ivan
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq