Darren, In your syslog-ng.service definition, change: Type=notify to Type=simple and $ sudo systemctl daemon-reload to reload the unit. This is occurring because Type=notify requires syslog-ng to tell systemd that it has started successfully, and your self-compiled syslog-ng wasn't compiled with systemd support (--enable-systemd). Steve On 2/28/2024 10:35 AM, Darren Fuller wrote:
Hello,
I have installed syslog-ng OSE from source on Amazon Linux 2023 distribution (as there is no EPEL available on that distribution nor are there any precompiled binaries for it)
When i start up syslog-ng in the local terminal with syslog-ng -Fedv , it runs fine forever.. But when i start it with systemd : systemctl start syslog-ng, the command times out (but does start in the background) and then it the service restarts every two minutes or so.
I am stumped. any thoughts? where have i gone wrong?
appreciate any assistance you can offer.
thanks, Darren
More information: ------------ i compiled with the following and saw no errors:
./configure --disable-smtp --disable-http --disable-python --disable-json make make install
I created the systemd service file as so:
cat /etc/systemd/system/syslog-ng.service [Unit] Description=System Logger Daemon Documentation=man:syslog-ng(8) After=network.target
[Service] Type=notify PIDFile=/run/syslogd.pid ExecStart=/usr/local/sbin/syslog-ng -F -p /run/syslogd.pid ExecReload=/bin/kill -HUP $MAINPID StandardOutput=null Restart=on-failure
[Install] WantedBy=multi-user.target ------------
My config is here: ------------
cat /usr/local/etc/syslog-ng.conf @include “scl.conf” source s_local { system(); internal(); }; destination d_local { file(“/var/log/messages”); file(“/var/log/messages-kv.log” template(“$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n”) frac-digits(3)); }; log { source(s_local); destination(d_local); }; @include /etc/syslog-ng.d/*.conf
cat /etc/syslog.d/syslognet.conf options { long_hostnames(off); sync(0); keep_hostname(yes); owner(“splunk”); group(“splunk”); perm(0640); create_dirs(yes); dir_perm(0750); }; source s_tcp_net { tcp(ip(0.0.0.0) port(41514)); }; source s_tls_net { network ( ip(0.0.0.0) port(42514) transport(“tls”) tls( key-file(“/path/to/syslog-ng.key”) cert-file(“/path/to/syslog-ng.crt”) peer-verify(no) ) ); }; destination d_net { file(“/data/syslog/app/${SOURCEIP}/${YEAR}${MONTH}${DAY}-app-data.log”); }; log { source(s_tcp_net); source(s_tls_net); destination(d_net); };
------------ Here is what i see when i start it with systemd:
systemctl start syslog-ng Job for syslog-ng.service failed because a timeout was exceeded. See “systemctl status syslog-ng.service” and “journalctl -xeu syslog-ng.service” for details.
systemctl status syslog-ng.service syslog-ng.service - System Logger Daemon Loaded: loaded (/etc/systemd/system/syslog-ng.service; enabled; preset: enabled) Active: activating (start) since Wed 2024-02-28 15:25:01 UTC; 35s ago Docs: man:syslog-ng(8) Main PID: 488557 (syslog-ng) Tasks: 4 (limit: 2322) Memory: 2.5M CPU: 39ms CGroup: /system.slice/syslog-ng.service └─488557 /usr/local/sbin/syslog-ng -F -p /run/syslogd.pid Feb 28 15:25:01 ip-172-31-7-110.ca-central-1.compute.internal systemd[1]: Starting syslog-ng.service - System Logger Daemon...
And here is what's in /var/log/messages showing the restart:
cat /var/log/messages | grep syslog-ng Feb 28 14:38:24 ip-172-31-7-110 syslog-ng[447117]: syslog-ng shutting down; version=‘4.6.0’ Feb 28 14:38:25 ip-172-31-7-110 syslog-ng[447177]: syslog-ng starting up; version=‘4.6.0’ Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:27717)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:2300)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:31585)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection accepted; fd=‘29’, client=‘AF_INET(1.2.3.4:17761)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447177]: syslog-ng shutting down; version=‘4.6.0’ Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447234]: syslog-ng starting up; version=‘4.6.0’ Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:7213)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:9268)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:13128)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:3928)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:41:25 ip-172-31-7-110 syslog-ng[447234]: syslog-ng shutting down; version=‘4.6.0’ Feb 28 14:41:26 ip-172-31-7-110 syslog-ng[447385]: syslog-ng starting up; version=‘4.6.0’ Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:1382)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:5430)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:6373)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:26287)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447385]: syslog-ng shutting down; version=‘4.6.0’ Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447443]: syslog-ng starting up; version=‘4.6.0’ Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:15165)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:6967)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:27444)’, local=‘AF_INET(0.0.0.0:41514)’ Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:20758)’, local=‘AF_INET(0.0.0.0:41514)’
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq