stopped by renaming? Sounds problematic, stop it explicitly, and make sure it won't get restarted. Renaming/ removing symlinks under /etc/rc*.d on Debian is strongly discouraged. use update-rc.d for this task, first remove the existing links, and then recreate them as K... ones. Otherwise the next package upgrade might reenable the daemon.
I recreate them as K... ones now, and syslog-ng give me the same Error Message. I tried to stop them with rcconf, it say they will be not started, but syslog-ng can't start
You might also want to try removing the default syslog package. On Ubuntu this is done with: sudo apt-get remove sysklogd
I removed it just after installing syslog-ng, so i don't know what is the problem. Why syslog-ng don't start? I think maybe I configured something wrong, but i can't they what... thank you for your answers Patrick
What is the best practice when it comes to viewing all entries collected by syslog-ng? Thanks -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of patrick simon Sent: Tuesday, July 17, 2007 3:52 PM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] (no subject)
stopped by renaming? Sounds problematic, stop it explicitly, and make sure it won't get restarted. Renaming/ removing symlinks under /etc/rc*.d on Debian is strongly discouraged. use update-rc.d for this task, first remove the existing links, and then recreate them as K... ones. Otherwise the next package upgrade might reenable the daemon.
I recreate them as K... ones now, and syslog-ng give me the same Error Message. I tried to stop them with rcconf, it say they will be not started, but syslog-ng can't start
You might also want to try removing the default syslog package. On Ubuntu this is done with: sudo apt-get remove sysklogd
I removed it just after installing syslog-ng, so i don't know what is the problem. Why syslog-ng don't start? I think maybe I configured something wrong, but i can't they what... thank you for your answers Patrick _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hello,
What is the best practice when it comes to viewing all entries collected by syslog-ng?
Please never reply with an unrelated question to a mail, as some users prefer threaded views of the mails, and your reply might appear in the middle of a different topic. Start a new thread instead with a new mail, changing the subject isn't enough. About log viewers there are a few options. Viewing isn't a problem, but organising/ collecting correlating logs is a problem. There are a few commercial applications and there is php-syslogng, which is a 3rd party application, therefor it isn't supported on this list. Also there are a few log analysers for different applications, so it depends on your needs what software suits you. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
On Tue, 17 Jul 2007 21:52:26 +0200, patrick simon said:
I recreate them as K... ones now, and syslog-ng give me the same Error Message. I tried to stop them with rcconf, it say they will be not started, but syslog-ng can't start
Umm.. I may be blind, but renaming all those Sfoo to Kfoo startup scripts just prevents it from starting *next* time. But I don't see where you actually stopped the *currently* running copy (under Redhat/Fedora, you'd want something like 'service syslogd stop' or similar). If you do a 'ps ax| grep syslog', do you find one?
Am Dienstag, den 17.07.2007, 16:19 -0400 schrieb Valdis.Kletnieks@vt.edu:
On Tue, 17 Jul 2007 21:52:26 +0200, patrick simon said:
I recreate them as K... ones now, and syslog-ng give me the same Error Message. I tried to stop them with rcconf, it say they will be not started, but syslog-ng can't start
I think I do something wrong here, what is the command to recreate the entries with updaterc.d ? But I removed the old syslog daemon with "apt-get remove". I think that is not the Problem, or is it?
Umm.. I may be blind, but renaming all those Sfoo to Kfoo startup scripts just prevents it from starting *next* time. But I don't see where you actually stopped the *currently* running copy (under Redhat/Fedora, you'd want something like 'service syslogd stop' or similar).
If you do a 'ps ax| grep syslog', do you find one?
No, I only find the grep process ( 19863 pts/5 S+ 0:00 grep syslog ) But I can do "/etc/init.d/sysklogd stop without an error message, but when i do this, syslog-ng don't start too. I reinstalled the package a few moments ago, but this don't have any effect. Thank you for answers Patrick
Am Dienstag, den 17.07.2007, 16:19 -0400 schrieb Valdis.Kletnieks@vt.edu:
On Tue, 17 Jul 2007 21:52:26 +0200, patrick simon said:
I recreate them as K... ones now, and syslog-ng give me the same Error Message. I tried to stop them with rcconf, it say they will be not started, but syslog-ng can't start
I think I do something wrong here, what is the command to recreate the entries with updaterc.d ? But I removed the old syslog daemon with "apt-get remove". I think that is not the Problem, or is it?
syslog-ng should conflict with sysklogd, so the problem might lie elsewhere (maybe in another vserver, or outside of the vservers). I recommended using update-rc.d as a general solution for making installed daemons not to start automatically. The command should look like: update-rc.d foo stop 20 0 1 2 3 4 5 6 . if it complains about existing symlinks then you should run 'update-rc.d -f foo remove' and run it again
Umm.. I may be blind, but renaming all those Sfoo to Kfoo startup scripts just prevents it from starting *next* time. But I don't see where you actually stopped the *currently* running copy (under Redhat/Fedora, you'd want something like 'service syslogd stop' or similar).
If you do a 'ps ax| grep syslog', do you find one?
No, I only find the grep process ( 19863 pts/5 S+ 0:00 grep syslog )
But I can do "/etc/init.d/sysklogd stop without an error message, but when i do this, syslog-ng don't start too.
I reinstalled the package a few moments ago, but this don't have any effect.
Have you removed /proc/kmsg from your config? If I remember correctly then you are running syslog-ng in a vserver. If /proc is mounted in the vserver, and another syslogd/ syslog-ng process is reading /proc/kmsg in other vservers or outside of the vservers, then you can't read /proc/kmsg. Basically only one program can/should read /proc/kmsg. I recommend using the ps from the util-vserver, which is called vps to see every running process of the system. Obviously vps should run outside of the vservers to be able to show every context. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
participants (4)
-
Geller, Sandor (IT)
-
patrick simon
-
Tamer Tayea
-
Valdis.Kletnieks@vt.edu