Hi! "strace logger hello" output contains this line: connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ECONNREFUSED (Connection refused) I see logs in /dev/xconsole, just cannot emit a log line with logger. What could be the cause? additional info: # cat /etc/syslog-ng/syslog-ng.conf @version: 3.3 @include "scl.conf" # First, set some global options. options { chain_hostnames(off); flush_lines(0); use-dns(persist_only); dns-cache-hosts(/etc/hosts);use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); time_reap(1000); bad_hostname("^gconfd$"); }; source s_src { system(); internal(); }; #destination d_net { tcp("91.143.88.140" port(10000) tls(ca-dir("/etc/ssl") cert-file("/etc/ssl/newcert.pem") key_file("/etc/ssl/private/newkey.pem") )); }; destination d_net { tcp("infra.edemokraciagep.org" port(10000) tls(ca-dir("/etc/ssl") peer-verify(optional-untrusted))); }; destination d_messages { file("/var/log/messages");}; destination d_xconsole { pipe("/dev/xconsole"); }; destination d_apache_console { pipe("/dev/apacheconsole"); }; filter apache_log { program("apache"); }; filter non_apache_log { not program("apache"); }; destination d_vhost_gepnarancs { file("/var/log/vhost_gepnarancs"); }; filter f_gepnarancs { program("apache:php:gepnarancs") or message("gepnarancs"); }; log { source(s_src); filter(f_gepnarancs); destination(d_vhost_gepnarancs); }; log { source(s_src); destination(d_messages); }; log { source(s_src); filter(non_apache_log) ; destination(d_xconsole); }; log { source(s_src); filter(apache_log); destination(d_apache_console); }; log { source(s_src); destination(d_net); }; @include "/etc/syslog-ng/conf.d/" --------------------------------- # lsof |grep /dev/xconsole syslog-ng 2608 root 15u FIFO 0,5 0t0 19564 /dev/xconsole cat 2641 root 3r FIFO 0,5 0t0 19564 /dev/xconsole --------------------------------- # lsof |grep /dev/log [no output] --------------------------------- # dpkg -l syslog-ng Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-================================================-=============================-=============================-====================================================================================================== ii syslog-ng 3.5.6-2 all Enhanced system logging daemon (metapackage) -------------------------------- # ls -l /dev/log srw-rw-rw- 1 root root 0 Feb 20 11:03 /dev/log --------------------------------
Hi, can you run syslog-ng with --preprocess-into=/dev/stdout so that we can see what system() is being expanded to? This is usually caused by the fact that either /dev/log is not opened at all or it is using SOCK_DGRAM instead of SOCK_STREAM. the syslog client built into glibc tries with both SOCK_STREAM and SOCK_DGRAM sockets, but logger does not use the glibc implementation. I saw logger with both socket types, however it seems as if it only uses the transport default to a given distribution's syslogd. This can be caused by a couple of things: 1) maybe syslog-ng thinks you are running systemd and opens a different socket for this reason 2) a bug in the system() source 3) something completely different. You might want to lsof the syslog-ng process only and see which socket it does open. Bazsi -- Bazsi On Sat, Feb 20, 2016 at 11:24 AM, Árpád Magosányi <mag@magwas.rulez.org> wrote:
Hi!
"strace logger hello" output contains this line: connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ECONNREFUSED (Connection refused)
I see logs in /dev/xconsole, just cannot emit a log line with logger. What could be the cause?
additional info:
# cat /etc/syslog-ng/syslog-ng.conf @version: 3.3 @include "scl.conf" # First, set some global options. options { chain_hostnames(off); flush_lines(0); use-dns(persist_only); dns-cache-hosts(/etc/hosts);use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); time_reap(1000); bad_hostname("^gconfd$"); }; source s_src { system(); internal(); };
#destination d_net { tcp("91.143.88.140" port(10000) tls(ca-dir("/etc/ssl") cert-file("/etc/ssl/newcert.pem") key_file("/etc/ssl/private/newkey.pem") )); }; destination d_net { tcp("infra.edemokraciagep.org" port(10000) tls(ca-dir("/etc/ssl") peer-verify(optional-untrusted))); };
destination d_messages { file("/var/log/messages");};
destination d_xconsole { pipe("/dev/xconsole"); }; destination d_apache_console { pipe("/dev/apacheconsole"); };
filter apache_log { program("apache"); }; filter non_apache_log { not program("apache"); };
destination d_vhost_gepnarancs { file("/var/log/vhost_gepnarancs"); }; filter f_gepnarancs { program("apache:php:gepnarancs") or message("gepnarancs"); }; log { source(s_src); filter(f_gepnarancs); destination(d_vhost_gepnarancs); };
log { source(s_src); destination(d_messages); };
log { source(s_src); filter(non_apache_log) ; destination(d_xconsole); };
log { source(s_src); filter(apache_log); destination(d_apache_console); };
log { source(s_src); destination(d_net); };
@include "/etc/syslog-ng/conf.d/"
--------------------------------- # lsof |grep /dev/xconsole syslog-ng 2608 root 15u FIFO 0,5 0t0 19564 /dev/xconsole cat 2641 root 3r FIFO 0,5 0t0 19564 /dev/xconsole --------------------------------- # lsof |grep /dev/log [no output] --------------------------------- # dpkg -l syslog-ng Desired=Unknown/Install/Remove/Purge/Hold |
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description
+++-================================================-=============================-=============================-====================================================================================================== ii syslog-ng 3.5.6-2 all Enhanced system logging daemon (metapackage) -------------------------------- # ls -l /dev/log srw-rw-rw- 1 root root 0 Feb 20 11:03 /dev/log --------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On 02/20/2016 02:24 PM, Scheidler, Balázs wrote:
Hi,
can you run syslog-ng with --preprocess-into=/dev/stdout so that we can see what system() is being expanded to?
Output is attached
1) maybe syslog-ng thinks you are running systemd and opens a different socket for this reason 2) a bug in the system() source 3) something completely different.
You might want to lsof the syslog-ng process only and see which socket it does open.
Are we talking about /run/systemd/journal/syslog ? The system init is actually systemd. It is a debian 8 system, upgraded from debian 6. 'logger -u /run/systemd/journal/syslog' does work. As a workaround I did 'ln -s /run/systemd/journal/syslog /dev/log' . I feel like it is just a temporary solution. Would it be better to change syslog-ng.conf to read from /dev/log as well, or do the symlinking in boot time? Anyway, here is the lsof output: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslog-ng 17901 root cwd DIR 254,17 4096 2 / syslog-ng 17901 root rtd DIR 254,17 4096 2 / syslog-ng 17901 root txt REG 254,17 15016 149028 /usr/sbin/syslog-ng syslog-ng 17901 root mem REG 254,17 22952 2100025 /lib/x86_64-linux-gnu/libnss_dns-2.19.so syslog-ng 17901 root mem REG 254,17 10480 2102165 /usr/lib/syslog-ng/3.5.6/liblinux-kmsg-format.so syslog-ng 17901 root mem REG 254,17 51952 2102166 /usr/lib/syslog-ng/3.5.6/libsyslogformat.so syslog-ng 17901 root mem REG 254,17 77904 2102155 /usr/lib/syslog-ng/3.5.6/libaffile.so syslog-ng 17901 root mem REG 254,17 40624 2097689 /lib/x86_64-linux-gnu/libwrap.so.0.7.6 syslog-ng 17901 root mem REG 254,17 96920 2101490 /usr/lib/x86_64-linux-gnu/libnet.so.1.7.0 syslog-ng 17901 root mem REG 254,17 2062720 2098102 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 syslog-ng 17901 root mem REG 254,17 392312 2100757 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 syslog-ng 17901 root mem REG 254,17 27440 2102154 /usr/lib/syslog-ng/3.5.6/libsyslog-ng-crypto.so syslog-ng 17901 root mem REG 254,17 112432 2102157 /usr/lib/syslog-ng/3.5.6/libafsocket-tls.so syslog-ng 17901 root mem REG 254,17 47712 2100026 /lib/x86_64-linux-gnu/libnss_files-2.19.so syslog-ng 17901 root mem REG 254,17 43592 2100028 /lib/x86_64-linux-gnu/libnss_nis-2.19.so syslog-ng 17901 root mem REG 254,17 31632 2100024 /lib/x86_64-linux-gnu/libnss_compat-2.19.so syslog-ng 17901 root mem REG 254,17 10440 2102161 /usr/lib/syslog-ng/3.5.6/libconfgen.so syslog-ng 17901 root mem REG 254,17 14568 2102167 /usr/lib/syslog-ng/3.5.6/libsystem-source.so syslog-ng 17901 root mem REG 254,17 72136 2097738 /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0 syslog-ng 17901 root mem REG 254,17 84856 2100031 /lib/x86_64-linux-gnu/libresolv-2.19.so syslog-ng 17901 root mem REG 254,17 924096 2097740 /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3 syslog-ng 17901 root mem REG 254,17 141752 2097693 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 syslog-ng 17901 root mem REG 254,17 18640 2097405 /lib/x86_64-linux-gnu/libattr.so.1.1.0 syslog-ng 17901 root mem REG 254,17 145688 2097769 /lib/x86_64-linux-gnu/libsystemd.so.0.3.1 syslog-ng 17901 root mem REG 254,17 1738176 2100017 /lib/x86_64-linux-gnu/libc-2.19.so syslog-ng 17901 root mem REG 254,17 137440 2100013 /lib/x86_64-linux-gnu/libpthread-2.19.so syslog-ng 17901 root mem REG 254,17 48592 2101704 /usr/lib/x86_64-linux-gnu/libivykis.so.0.3.5 syslog-ng 17901 root mem REG 254,17 14664 2100020 /lib/x86_64-linux-gnu/libdl-2.19.so syslog-ng 17901 root mem REG 254,17 448440 2097688 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 syslog-ng 17901 root mem REG 254,17 19016 2097370 /lib/x86_64-linux-gnu/libcap.so.2.24 syslog-ng 17901 root mem REG 254,17 18840 2102113 /usr/lib/x86_64-linux-gnu/libevtlog.so.0.0.0 syslog-ng 17901 root mem REG 254,17 1107040 2100763 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 6112 2097853 /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 14624 2097851 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 89104 2100023 /lib/x86_64-linux-gnu/libnsl-2.19.so syslog-ng 17901 root mem REG 254,17 31784 2100032 /lib/x86_64-linux-gnu/librt-2.19.so syslog-ng 17901 root mem REG 254,17 582064 2102153 /usr/lib/syslog-ng/libsyslog-ng-3.5.6.so syslog-ng 17901 root mem REG 254,17 140928 2100014 /lib/x86_64-linux-gnu/ld-2.19.so syslog-ng 17901 root mem REG 254,17 16384 2097337 /var/lib/syslog-ng/syslog-ng.persist syslog-ng 17901 root 0r CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 1w CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 2w CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 3u unix 0xffff8800d8b04000 0t0 1761378 /run/systemd/journal/syslog syslog-ng 17901 root 4u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 5u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 6u REG 254,17 16384 2097337 /var/lib/syslog-ng/syslog-ng.persist syslog-ng 17901 root 7r CHR 1,11 0t0 1034 /dev/kmsg syslog-ng 17901 root 9u unix 0xffff880054b01000 0t0 1760410 /var/lib/syslog-ng/syslog-ng.ctl syslog-ng 17901 root 10u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 11u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 12u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 13u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 14w REG 254,17 60531 1048741 /var/log/messages syslog-ng 17901 root 15u FIFO 0,5 0t0 19564 /dev/xconsole
On Feb 21, 2016 10:35 PM, "Árpád Magosányi" <mag@magwas.rulez.org> wrote:
On 02/20/2016 02:24 PM, Scheidler, Balázs wrote:
Hi,
can you run syslog-ng with --preprocess-into=/dev/stdout so that we can see what system() is being expanded to?
Output is attached
Seems that system() generates /dev/log but probably the systemd workaround in the unix-dgram driver kicks in and that makes syslog-ng to open the systemd forwarder socket in /run/... That means that for some reason journald doesn't open /dev/log and that's why logger doesn't work. Can you check if systemd-journal operates?
1) maybe syslog-ng thinks you are running systemd and opens a different socket for this reason 2) a bug in the system() source 3) something completely different.
You might want to lsof the syslog-ng process only and see which socket it does open.
Are we talking about /run/systemd/journal/syslog ? The system init is actually systemd. It is a debian 8 system, upgraded from debian 6.
'logger -u /run/systemd/journal/syslog' does work.
As a workaround I did 'ln -s /run/systemd/journal/syslog /dev/log' .
I feel like it is just a temporary solution. Would it be better to change syslog-ng.conf to read from /dev/log as well, or do the symlinking in boot time?
Anyway, here is the lsof output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME syslog-ng 17901 root cwd DIR 254,17 4096 2 / syslog-ng 17901 root rtd DIR 254,17 4096 2 / syslog-ng 17901 root txt REG 254,17 15016 149028 /usr/sbin/syslog-ng syslog-ng 17901 root mem REG 254,17 22952 2100025 /lib/x86_64-linux-gnu/libnss_dns-2.19.so syslog-ng 17901 root mem REG 254,17 10480 2102165 /usr/lib/syslog-ng/3.5.6/liblinux-kmsg-format.so syslog-ng 17901 root mem REG 254,17 51952 2102166 /usr/lib/syslog-ng/3.5.6/libsyslogformat.so syslog-ng 17901 root mem REG 254,17 77904 2102155 /usr/lib/syslog-ng/3.5.6/libaffile.so syslog-ng 17901 root mem REG 254,17 40624 2097689 /lib/x86_64-linux-gnu/libwrap.so.0.7.6 syslog-ng 17901 root mem REG 254,17 96920 2101490 /usr/lib/x86_64-linux-gnu/libnet.so.1.7.0 syslog-ng 17901 root mem REG 254,17 2062720 2098102 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 syslog-ng 17901 root mem REG 254,17 392312 2100757 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 syslog-ng 17901 root mem REG 254,17 27440 2102154 /usr/lib/syslog-ng/3.5.6/libsyslog-ng-crypto.so syslog-ng 17901 root mem REG 254,17 112432 2102157 /usr/lib/syslog-ng/3.5.6/libafsocket-tls.so syslog-ng 17901 root mem REG 254,17 47712 2100026 /lib/x86_64-linux-gnu/libnss_files-2.19.so syslog-ng 17901 root mem REG 254,17 43592 2100028 /lib/x86_64-linux-gnu/libnss_nis-2.19.so syslog-ng 17901 root mem REG 254,17 31632 2100024 /lib/x86_64-linux-gnu/libnss_compat-2.19.so syslog-ng 17901 root mem REG 254,17 10440 2102161 /usr/lib/syslog-ng/3.5.6/libconfgen.so syslog-ng 17901 root mem REG 254,17 14568 2102167 /usr/lib/syslog-ng/3.5.6/libsystem-source.so syslog-ng 17901 root mem REG 254,17 72136 2097738 /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0 syslog-ng 17901 root mem REG 254,17 84856 2100031 /lib/x86_64-linux-gnu/libresolv-2.19.so syslog-ng 17901 root mem REG 254,17 924096 2097740 /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3 syslog-ng 17901 root mem REG 254,17 141752 2097693 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 syslog-ng 17901 root mem REG 254,17 18640 2097405 /lib/x86_64-linux-gnu/libattr.so.1.1.0 syslog-ng 17901 root mem REG 254,17 145688 2097769 /lib/x86_64-linux-gnu/libsystemd.so.0.3.1 syslog-ng 17901 root mem REG 254,17 1738176 2100017 /lib/x86_64-linux-gnu/libc-2.19.so syslog-ng 17901 root mem REG 254,17 137440 2100013 /lib/x86_64-linux-gnu/libpthread-2.19.so syslog-ng 17901 root mem REG 254,17 48592 2101704 /usr/lib/x86_64-linux-gnu/libivykis.so.0.3.5 syslog-ng 17901 root mem REG 254,17 14664 2100020 /lib/x86_64-linux-gnu/libdl-2.19.so syslog-ng 17901 root mem REG 254,17 448440 2097688 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 syslog-ng 17901 root mem REG 254,17 19016 2097370 /lib/x86_64-linux-gnu/libcap.so.2.24 syslog-ng 17901 root mem REG 254,17 18840 2102113 /usr/lib/x86_64-linux-gnu/libevtlog.so.0.0.0 syslog-ng 17901 root mem REG 254,17 1107040 2100763 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 6112 2097853 /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 14624 2097851 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.4200.1 syslog-ng 17901 root mem REG 254,17 89104 2100023 /lib/x86_64-linux-gnu/libnsl-2.19.so syslog-ng 17901 root mem REG 254,17 31784 2100032 /lib/x86_64-linux-gnu/librt-2.19.so syslog-ng 17901 root mem REG 254,17 582064 2102153 /usr/lib/syslog-ng/libsyslog-ng-3.5.6.so syslog-ng 17901 root mem REG 254,17 140928 2100014 /lib/x86_64-linux-gnu/ld-2.19.so syslog-ng 17901 root mem REG 254,17 16384 2097337 /var/lib/syslog-ng/syslog-ng.persist syslog-ng 17901 root 0r CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 1w CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 2w CHR 1,3 0t0 1028 /dev/null syslog-ng 17901 root 3u unix 0xffff8800d8b04000 0t0 1761378 /run/systemd/journal/syslog syslog-ng 17901 root 4u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 5u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 6u REG 254,17 16384 2097337 /var/lib/syslog-ng/syslog-ng.persist syslog-ng 17901 root 7r CHR 1,11 0t0 1034 /dev/kmsg syslog-ng 17901 root 9u unix 0xffff880054b01000 0t0 1760410 /var/lib/syslog-ng/syslog-ng.ctl syslog-ng 17901 root 10u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 11u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 12u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 13u 0000 0,9 0 6651 anon_inode syslog-ng 17901 root 14w REG 254,17 60531 1048741 /var/log/messages syslog-ng 17901 root 15u FIFO 0,5 0t0 19564 /dev/xconsole
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On 02/22/2016 12:14 AM, Scheidler, Balázs wrote:
Seems that system() generates /dev/log but probably the systemd workaround in the unix-dgram driver kicks in and that makes syslog-ng to open the systemd forwarder socket in /run/...
That means that for some reason journald doesn't open /dev/log and that's why logger doesn't work. Can you check if systemd-journal operates?
# ps ax |grep systemd-journal 192 ? Ss 0:14 /lib/systemd/systemd-journald # lsof -p 192 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd-j 192 root cwd DIR 254,17 4096 2 / systemd-j 192 root rtd DIR 254,17 4096 2 / systemd-j 192 root txt REG 254,17 231664 2099945 /lib/systemd/systemd-journald systemd-j 192 root mem REG 0,15 8388608 313224 /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal systemd-j 192 root mem REG 254,17 18640 2097405 /lib/x86_64-linux-gnu/libattr.so.1.1.0 systemd-j 192 root mem REG 254,17 448440 2097688 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 systemd-j 192 root mem REG 254,17 72136 2097738 /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0 systemd-j 192 root mem REG 254,17 14664 2100020 /lib/x86_64-linux-gnu/libdl-2.19.so systemd-j 192 root mem REG 254,17 35288 2097409 /lib/x86_64-linux-gnu/libacl.so.1.1.0 systemd-j 192 root mem REG 254,17 142728 2099705 /lib/x86_64-linux-gnu/libselinux.so.1 systemd-j 192 root mem REG 254,17 924096 2097740 /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3 systemd-j 192 root mem REG 254,17 141752 2097693 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 systemd-j 192 root mem REG 254,17 1738176 2100017 /lib/x86_64-linux-gnu/libc-2.19.so systemd-j 192 root mem REG 254,17 137440 2100013 /lib/x86_64-linux-gnu/libpthread-2.19.so systemd-j 192 root mem REG 254,17 140928 2100014 /lib/x86_64-linux-gnu/ld-2.19.so systemd-j 192 root mem REG 0,15 8 1404 /run/systemd/journal/kernel-seqnum systemd-j 192 root 0r CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 1w CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 2w CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 3u unix 0xffff8800d8aea000 0t0 1323 /run/systemd/journal/stdout systemd-j 192 root 4u unix 0xffff8800db5fec00 0t0 1325 /run/systemd/journal/socket systemd-j 192 root 5u unix 0xffff8800d8aea800 0t0 1316 /run/systemd/journal/dev-log systemd-j 192 root 6w CHR 1,11 0t0 1034 /dev/kmsg systemd-j 192 root 7u 0000 0,9 0 6651 anon_inode systemd-j 192 root 8u 0000 0,9 0 6651 anon_inode systemd-j 192 root 9u CHR 1,11 0t0 1034 /dev/kmsg systemd-j 192 root 10r REG 0,3 0 1405 /proc/sys/kernel/hostname systemd-j 192 root 11u 0000 0,9 0 6651 anon_inode systemd-j 192 root 13u 0000 0,9 0 6651 anon_inode systemd-j 192 root 14u unix 0xffff8800db63fc00 0t0 1674 /run/systemd/journal/stdout systemd-j 192 root 15u unix 0xffff8800d8a7ac00 0t0 1678 /run/systemd/journal/stdout systemd-j 192 root 16u unix 0xffff8800d8a7a400 0t0 1689 /run/systemd/journal/stdout systemd-j 192 root 17u unix 0xffff8800db053400 0t0 366405 /run/systemd/journal/stdout systemd-j 192 root 18u unix 0xffff8800d8a57400 0t0 1696 /run/systemd/journal/stdout systemd-j 192 root 19u unix 0xffff8800d886ec00 0t0 12637 /run/systemd/journal/stdout systemd-j 192 root 20u unix 0xffff8800d886e400 0t0 16602 /run/systemd/journal/stdout systemd-j 192 root 21u REG 0,15 8388608 313224 /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal systemd-j 192 root 22u unix 0xffff8800d8b2d800 0t0 9746 /run/systemd/journal/stdout # cat journald.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # See journald.conf(5) for details [Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitInterval=30s #RateLimitBurst=1000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #MaxRetentionSec= #MaxFileSec=1month #ForwardToSyslog=yes #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg tried to uncomment ForwardToSyslog=yes and reboot. journald does not have /dev/log open after that. however the symlink /dev/log -> /run/systemd/journal/dev-log survived the reboot, and I can still use logger, so functionally my system is okay for now.
Hmmm, maybe that symlink should have been there in the first place and something (syslog-ng even...) may have removed it. On Feb 22, 2016 12:54 AM, "Árpád Magosányi" <mag@magwas.rulez.org> wrote:
On 02/22/2016 12:14 AM, Scheidler, Balázs wrote:
Seems that system() generates /dev/log but probably the systemd workaround in the unix-dgram driver kicks in and that makes syslog-ng to open the systemd forwarder socket in /run/...
That means that for some reason journald doesn't open /dev/log and that's why logger doesn't work. Can you check if systemd-journal
operates?
# ps ax |grep systemd-journal 192 ? Ss 0:14 /lib/systemd/systemd-journald # lsof -p 192 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd-j 192 root cwd DIR 254,17 4096 2 / systemd-j 192 root rtd DIR 254,17 4096 2 / systemd-j 192 root txt REG 254,17 231664 2099945 /lib/systemd/systemd-journald systemd-j 192 root mem REG 0,15 8388608 313224 /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal systemd-j 192 root mem REG 254,17 18640 2097405 /lib/x86_64-linux-gnu/libattr.so.1.1.0 systemd-j 192 root mem REG 254,17 448440 2097688 /lib/x86_64-linux-gnu/libpcre.so.3.13.1 systemd-j 192 root mem REG 254,17 72136 2097738 /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0 systemd-j 192 root mem REG 254,17 14664 2100020 /lib/x86_64-linux-gnu/libdl-2.19.so systemd-j 192 root mem REG 254,17 35288 2097409 /lib/x86_64-linux-gnu/libacl.so.1.1.0 systemd-j 192 root mem REG 254,17 142728 2099705 /lib/x86_64-linux-gnu/libselinux.so.1 systemd-j 192 root mem REG 254,17 924096 2097740 /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3 systemd-j 192 root mem REG 254,17 141752 2097693 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 systemd-j 192 root mem REG 254,17 1738176 2100017 /lib/x86_64-linux-gnu/libc-2.19.so systemd-j 192 root mem REG 254,17 137440 2100013 /lib/x86_64-linux-gnu/libpthread-2.19.so systemd-j 192 root mem REG 254,17 140928 2100014 /lib/x86_64-linux-gnu/ld-2.19.so systemd-j 192 root mem REG 0,15 8 1404 /run/systemd/journal/kernel-seqnum systemd-j 192 root 0r CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 1w CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 2w CHR 1,3 0t0 1028 /dev/null systemd-j 192 root 3u unix 0xffff8800d8aea000 0t0 1323 /run/systemd/journal/stdout systemd-j 192 root 4u unix 0xffff8800db5fec00 0t0 1325 /run/systemd/journal/socket systemd-j 192 root 5u unix 0xffff8800d8aea800 0t0 1316 /run/systemd/journal/dev-log systemd-j 192 root 6w CHR 1,11 0t0 1034 /dev/kmsg systemd-j 192 root 7u 0000 0,9 0 6651 anon_inode systemd-j 192 root 8u 0000 0,9 0 6651 anon_inode systemd-j 192 root 9u CHR 1,11 0t0 1034 /dev/kmsg systemd-j 192 root 10r REG 0,3 0 1405 /proc/sys/kernel/hostname systemd-j 192 root 11u 0000 0,9 0 6651 anon_inode systemd-j 192 root 13u 0000 0,9 0 6651 anon_inode systemd-j 192 root 14u unix 0xffff8800db63fc00 0t0 1674 /run/systemd/journal/stdout systemd-j 192 root 15u unix 0xffff8800d8a7ac00 0t0 1678 /run/systemd/journal/stdout systemd-j 192 root 16u unix 0xffff8800d8a7a400 0t0 1689 /run/systemd/journal/stdout systemd-j 192 root 17u unix 0xffff8800db053400 0t0 366405 /run/systemd/journal/stdout systemd-j 192 root 18u unix 0xffff8800d8a57400 0t0 1696 /run/systemd/journal/stdout systemd-j 192 root 19u unix 0xffff8800d886ec00 0t0 12637 /run/systemd/journal/stdout systemd-j 192 root 20u unix 0xffff8800d886e400 0t0 16602 /run/systemd/journal/stdout systemd-j 192 root 21u REG 0,15 8388608 313224 /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal systemd-j 192 root 22u unix 0xffff8800d8b2d800 0t0 9746 /run/systemd/journal/stdout
# cat journald.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # See journald.conf(5) for details
[Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitInterval=30s #RateLimitBurst=1000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #MaxRetentionSec= #MaxFileSec=1month #ForwardToSyslog=yes #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg
tried to uncomment ForwardToSyslog=yes and reboot. journald does not have /dev/log open after that. however the symlink /dev/log -> /run/systemd/journal/dev-log survived the reboot, and I can still use logger, so functionally my system is okay for now.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, "Scheidler, Balázs" <balazs.scheidler@balabit.com> írta 2016-02-22 07:17-kor:
Hmmm, maybe that symlink should have been there in the first place and something (syslog-ng even...) may have removed it.
I am almost sure, it was sng. When it get a unix domain socket in it's config, it start to listen on it in three steps: * stat() * unlink() * bind() Cheers, Gyu
I know that syslog-ng removes those sockets, but for Mag, the systemd workaround kicked in, which means that it was opening the socket from /var/run/<I don't know the path>/syslog and not /dev/log. But maybe it was /dev/log before the upgrade or something. But anyway, he has found his socket now. Bazsi -- Bazsi On Mon, Feb 22, 2016 at 10:51 AM, PÁSZTOR György < pasztor@linux.gyakg.u-szeged.hu> wrote:
Hi,
"Scheidler, Balázs" <balazs.scheidler@balabit.com> írta 2016-02-22 07:17-kor:
Hmmm, maybe that symlink should have been there in the first place and something (syslog-ng even...) may have removed it.
I am almost sure, it was sng. When it get a unix domain socket in it's config, it start to listen on it in three steps: * stat() * unlink() * bind()
Cheers, Gyu
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
PÁSZTOR György
-
Scheidler, Balázs
-
Árpád Magosányi