I'm trying to setup syslog-ng on a systemd system. But even though I have several things writing to syslog, syslog-ng doesn't write ANYTHING to the /var/log/messages except kernel messages and it's own info. So I searched around, and found the systemd-journal() source. So I tried it. And I get an error that says syslog-ng can't initialize the logger plugin: # syslog-ng -F [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source; [2021-01-23T23:25:36.525157] Error initializing journal_reader; [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5' Here's the config, basically copied from the syslog-ng.com page: @version: 3.26 # # Syslog-ng default configuration file for Gentoo Linux # https://bugs.gentoo.org/426814 @include "scl.conf" options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); }; source s_journald { systemd-journal(prefix(".SDATA.journald.")); }; source src { system(); internal(); file("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty12"); }; log { source(src); destination(messages); }; log { source(s_journald); destination(messages); }; log { source(src); destination(console_all); }; What am I doing wrong? I am POSITIVE things are sending to the syslog sub-system. I have ensured several programs have sent something. But without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg and syslog-ng messages but nothing else. I am completely stumped here.
system () automatically adds systemd-journald(), that's why your second such source triggers the error about duplicate sources. With that said, why syslog-ng doesn't get messages from systems is a a different issue. On Sun, Jan 24, 2021, 08:07 Dan Egli <dan@newideatest.site> wrote:
I'm trying to setup syslog-ng on a systemd system. But even though I have several things writing to syslog, syslog-ng doesn't write ANYTHING to the /var/log/messages except kernel messages and it's own info. So I searched around, and found the systemd-journal() source. So I tried it. And I get an error that says syslog-ng can't initialize the logger plugin:
# syslog-ng -F [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source; [2021-01-23T23:25:36.525157] Error initializing journal_reader; [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
Here's the config, basically copied from the syslog-ng.com page:
@version: 3.26 # # Syslog-ng default configuration file for Gentoo Linux
# https://bugs.gentoo.org/426814 @include "scl.conf"
options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); };
source s_journald {
systemd-journal(prefix(".SDATA.journald."));
};
source src { system(); internal(); file("/proc/kmsg"); };
destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); }; log { source(s_journald); destination(messages); }; log { source(src); destination(console_all); };
What am I doing wrong? I am POSITIVE things are sending to the syslog sub-system. I have ensured several programs have sent something. But without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg and syslog-ng messages but nothing else.
I am completely stumped here.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Okay. That does explain the error about multiple systemd-journal sources. But the bigger issue remains untouched. Why isn't syslog reading from the journal? I finally wound up removing systemd all together and going back to openrc. But we we can figure out what went wrong, then that would be much better. On 1/24/21 2:14 PM, Balazs Scheidler wrote:
system () automatically adds systemd-journald(), that's why your second such source triggers the error about duplicate sources.
With that said, why syslog-ng doesn't get messages from systems is a a different issue.
On Sun, Jan 24, 2021, 08:07 Dan Egli <dan@newideatest.site> wrote:
I'm trying to setup syslog-ng on a systemd system. But even though I have several things writing to syslog, syslog-ng doesn't write ANYTHING to the /var/log/messages except kernel messages and it's own info. So I searched around, and found the systemd-journal() source. So I tried it. And I get an error that says syslog-ng can't initialize the logger plugin:
# syslog-ng -F [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source; [2021-01-23T23:25:36.525157] Error initializing journal_reader; [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
Here's the config, basically copied from the syslog-ng.com <http://syslog-ng.com> page:
@version: 3.26 # # Syslog-ng default configuration file for Gentoo Linux
#https://bugs.gentoo.org/426814 <https://bugs.gentoo.org/426814> @include "scl.conf"
options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); };
source s_journald {
systemd-journal(prefix(".SDATA.journald."));
};
source src { system(); internal(); file("/proc/kmsg"); };
destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); }; log { source(s_journald); destination(messages); }; log { source(src); destination(console_all); };
What am I doing wrong? I am POSITIVE things are sending to the syslog sub-system. I have ensured several programs have sent something. But without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg and syslog-ng messages but nothing else.
I am completely stumped here. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Does the journal contain log records? E.g. list the logs using journalctl and check that records are indeed there. If they are, I would check if syslog-ng has the necessary permissions to access them, start syslog-ng under strace and see if there are relevant failures. Check syslog-ng debug output. On Mon, Jan 25, 2021, 19:19 Dan Egli <dan@newideatest.site> wrote:
Okay. That does explain the error about multiple systemd-journal sources. But the bigger issue remains untouched. Why isn't syslog reading from the journal? I finally wound up removing systemd all together and going back to openrc. But we we can figure out what went wrong, then that would be much better.
On 1/24/21 2:14 PM, Balazs Scheidler wrote:
system () automatically adds systemd-journald(), that's why your second such source triggers the error about duplicate sources.
With that said, why syslog-ng doesn't get messages from systems is a a different issue.
On Sun, Jan 24, 2021, 08:07 Dan Egli <dan@newideatest.site> <dan@newideatest.site> wrote:
I'm trying to setup syslog-ng on a systemd system. But even though I have several things writing to syslog, syslog-ng doesn't write ANYTHING to the /var/log/messages except kernel messages and it's own info. So I searched around, and found the systemd-journal() source. So I tried it. And I get an error that says syslog-ng can't initialize the logger plugin:
# syslog-ng -F [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source; [2021-01-23T23:25:36.525157] Error initializing journal_reader; [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
Here's the config, basically copied from the syslog-ng.com page:
@version: 3.26 # # Syslog-ng default configuration file for Gentoo Linux
# https://bugs.gentoo.org/426814 @include "scl.conf"
options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); };
source s_journald {
systemd-journal(prefix(".SDATA.journald."));
};
source src { system(); internal(); file("/proc/kmsg"); };
destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); }; log { source(s_journald); destination(messages); }; log { source(src); destination(console_all); };
What am I doing wrong? I am POSITIVE things are sending to the syslog sub-system. I have ensured several programs have sent something. But without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg and syslog-ng messages but nothing else.
I am completely stumped here.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Balazs Scheidler
-
Dan Egli