Syslog-ng, centos7 and systemd seem to hate each other
…or at the very least, say bad things when the other is not looking :) I did a bit of googling for this and found other people with similar issues, but could not find the fix. This is on a cos7.0 box (not 7.2) running syslog-ng v3.9 (user did have v3.5 but I tried upgrading him to resolve this). If I run syslog-ng -Fdve it works fine and sends everything to our python program destination However, if I use the systemd script provided with syslog-ng, then I get nothing. If I tell sng to just log to a file (no filters, etc.), then it works. If I tell sng to just use the program dest (no filters, etc.) it does NOT work. If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas? Other references: https://wiki.archlinux.org/index.php/syslog-ng https://bbs.archlinux.org/viewtopic.php?id=187057 http://serverfault.com/questions/760383/syslog-ng-working-as-foreground-proc... -Clayton
I had a similar problem recently with the java environment variable with systemd and starting syslog-ng to output to elasticsearch, which required modification of the /usr/lib/systemd/system/syslog-ng.service file to contain the following:- Environment=LD_LIBRARY_PATH=/usr/java/jre1.8.0_112/lib/amd64/server Perhaps your python environment variables also need exporting to this file? Damian Bell Infrastructure Engineer | Support | H Clarkson & Co Ltd Email: Damian.Bell@clarksons.com<mailto:Damian.Bell@clarksons.com> From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Clayton Dukes Sent: 10 February 2017 21:32 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] Syslog-ng, centos7 and systemd seem to hate each other …or at the very least, say bad things when the other is not looking :) I did a bit of googling for this and found other people with similar issues, but could not find the fix. This is on a cos7.0 box (not 7.2) running syslog-ng v3.9 (user did have v3.5 but I tried upgrading him to resolve this). If I run syslog-ng -Fdve it works fine and sends everything to our python program destination However, if I use the systemd script provided with syslog-ng, then I get nothing. If I tell sng to just log to a file (no filters, etc.), then it works. If I tell sng to just use the program dest (no filters, etc.) it does NOT work. If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas? Other references: https://wiki.archlinux.org/index.php/syslog-ng https://bbs.archlinux.org/viewtopic.php?id=187057 http://serverfault.com/questions/760383/syslog-ng-working-as-foreground-proc... -Clayton ________________________________ This message is private and confidential. If you have received it in error, you are on notice of its status. Please notify us immediately by reply email and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Emails may be monitored. Details of Clarkson group companies and their regulators (where applicable) can be found at this url: Disclosure<http://www.clarksons.com/disclosure/> ________________________________
Thanks, I'll have them try this! Odd that none of our test servers are exhibiting this behavior though. From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Damian Bell <Damian.Bell@clarksons.com> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Date: Saturday, February 11, 2017 at 10:47 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Syslog-ng, centos7 and systemd seem to hate each other I had a similar problem recently with the java environment variable with systemd and starting syslog-ng to output to elasticsearch, which required modification of the /usr/lib/systemd/system/syslog-ng.service file to contain the following:- Environment=LD_LIBRARY_PATH=/usr/java/jre1.8.0_112/lib/amd64/server Perhaps your python environment variables also need exporting to this file? Damian Bell Infrastructure Engineer | Support | H Clarkson & Co Ltd Email: Damian.Bell@clarksons.com<mailto:Damian.Bell@clarksons.com> From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Clayton Dukes Sent: 10 February 2017 21:32 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] Syslog-ng, centos7 and systemd seem to hate each other …or at the very least, say bad things when the other is not looking :) I did a bit of googling for this and found other people with similar issues, but could not find the fix. This is on a cos7.0 box (not 7.2) running syslog-ng v3.9 (user did have v3.5 but I tried upgrading him to resolve this). If I run syslog-ng -Fdve it works fine and sends everything to our python program destination However, if I use the systemd script provided with syslog-ng, then I get nothing. If I tell sng to just log to a file (no filters, etc.), then it works. If I tell sng to just use the program dest (no filters, etc.) it does NOT work. If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas? Other references: https://wiki.archlinux.org/index.php/syslog-ng https://bbs.archlinux.org/viewtopic.php?id=187057 http://serverfault.com/questions/760383/syslog-ng-working-as-foreground-proc... -Clayton ________________________________ This message is private and confidential. If you have received it in error, you are on notice of its status. Please notify us immediately by reply email and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Emails may be monitored. Details of Clarkson group companies and their regulators (where applicable) can be found at this url: Disclosure<http://www.clarksons.com/disclosure/> ________________________________
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`. If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me. Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ``` e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log. syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ``` or ``` msg_debug("Systemd is detected as the running init system"); ``` The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs. I hope this helps. -- Bazsi On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port. Updating the policy with- sudo semanage port -a -t syslogd_port_t -p tcp 36598 ...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598). Thank you! On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Guy's, I have one question here for you.. What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..? Can someone help me on this..? Thanks in Advance..!! Thanks Anil Panchal On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden@gmail.com> wrote:
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.
Updating the policy with-
sudo semanage port -a -t syslogd_port_t -p tcp 36598
...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).
Thank you!
On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, Where do you see this f_undebug ? On Feb 18, 2017 9:21 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi Guy's, I have one question here for you.. What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..?
Can someone help me on this..?
Thanks in Advance..!!
Thanks Anil Panchal On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden@gmail.com> wrote:
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.
Updating the policy with-
sudo semanage port -a -t syslogd_port_t -p tcp 36598
...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).
Thank you!
On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi It is a one of the filter & configured in our syslog.ng environment i.e.syslog-ng .conf file. It is configured in syslog forwarding rules for the destination server. Thanks Anil On 19-Feb-2017 12:52 am, "Scheidler, Balázs" <balazs.scheidler@balabit.com> wrote:
Hi,
Where do you see this f_undebug ?
On Feb 18, 2017 9:21 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi Guy's, I have one question here for you.. What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..?
Can someone help me on this..?
Thanks in Advance..!!
Thanks Anil Panchal On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden@gmail.com> wrote:
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.
Updating the policy with-
sudo semanage port -a -t syslogd_port_t -p tcp 36598
...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).
Thank you!
On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. Rather confusing, but I can't see why the systemctl file is not working as it should. Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Well, you can name filters the way you want, so unless you show this excerpt from the config, I am unable to help you. On Feb 19, 2017 7:53 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi
It is a one of the filter & configured in our syslog.ng environment i.e.syslog-ng .conf file. It is configured in syslog forwarding rules for the destination server.
Thanks Anil On 19-Feb-2017 12:52 am, "Scheidler, Balázs" <balazs.scheidler@balabit.com> wrote:
Hi,
Where do you see this f_undebug ?
On Feb 18, 2017 9:21 AM, "Anil Panchal" <anil.panchal8181@gmail.com> wrote:
Hi Guy's, I have one question here for you.. What does filter (f_undebug) is used for..? what is the purpose of this function in syslog-ng.conf file specially in syslog forwarding rules..?
Can someone help me on this..?
Thanks in Advance..!!
Thanks Anil Panchal On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden@gmail.com> wrote:
Yes, selinux indeed was the issue. Not sure why my selinux config in the past allowed this, but it was being blocked currently on the default port.
Updating the policy with-
sudo semanage port -a -t syslogd_port_t -p tcp 36598
...allows syslog-ng to log without having to start it manually from the terminal (where, as you pointed out, it runs unconfined. Otherwise it runs as syslogd_t and by default was limited to ports 514 & 601 and blocked on the default tcp 36598).
Thank you!
On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:
I have now tested this combination on centos 7, and collecting local log messages do seem to work for me.
Please note that syslog-ng will detect whether it is running under systemd at runtime, and it does it this way: ``` if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode)) ```
e.g. it is checking whether /run/systemd/system is a directory. If it is, the system() source will use systemd-journal() as its source. If this does not exist, it will fall back to /dev/log.
syslog-ng would report the result of this check with a debug level message: ``` msg_debug("Systemd is not detected as the running init system"); ```
or
``` msg_debug("Systemd is detected as the running init system"); ```
The program destination stuff should really be independent of the init system, but a different AppArmor/SELinux config might be the culprit though. When you launch it from the console, it would be unconfined, but with systemd, a policy might be applied that does NOT allow executing external programs.
I hope this helps.
-- Bazsi
On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote: > If I do a 'systemctl stop syslog-ng' and then just simply type 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it works fine. > Rather confusing, but I can't see why the systemctl file is not working as it should. > Any ideas?
try this: in a terminal run `journalctl -f` as root. In another terminal, run `systemctl start syslog-ng`.
If you don't see anything useful on the journalctl terminal, try increasing the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`, or by modifying `/lib/systemd/system/syslog-ng.service` and running `systemctl daemon-reload`).
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (6)
-
Anil Panchal
-
Clayton Dukes
-
Damian Bell
-
Fabien Wernli
-
Jordan Ladora
-
Scheidler, Balázs