Hi, Thank you for the explanation. Is that also the reason why logging (in my case)does not work at all in this current state, no matter the config used, even 'crashless'? Sincerely Niklas Deffner Am 4. Juli 2018 15:29:10 MESZ schrieb "Szemere, László" <laszlo.szemere@balabit.com>:

Hello T4iga, Your error message helped a lot, Thank You. It successfully leaded us here: https://github.com/balabit/syslog-ng/blob/41f7c202cb25433feb0fa9496960599a53... From this @Czanik and me figured out it was a configuration/packaging error. Peter immediately created a new build, which worked well on his local machine. The opensuse building is still running: https://build.opensuse.org/package/show/home:czanik:syslog-ng316/syslog-ng , please update your packages with the finished output.

Best regards, Laci

On Wed, Jul 4, 2018 at 10:51 AM, T4iga <niklastai97@gmail.com> wrote:

...

2018-07-04 10:23 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

...

In order to put aside any systemd complexities, let's try to run syslog-ng in the foreground:

export LD_LIBRARY_PATH=/usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/ lib/amd64/server syslog-ng -Fdv

What happens then?

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

I got an error that lead me to correct another semantic error I made. After correcting that it still crashes: I suppose the initialization stuff is irrelevant as there are not errors apart from the end:

[2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' **

ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader:

...

assertion failed: (self->loader) Aborted (core dumped)

Just in case the full thing is needed:

# syslog-ng -Fdv [2018-07-04T10:37:37.182933] Systemd is detected as the running init system; [2018-07-04T10:37:37.184634] Module loaded and initialized successfully; module='mod-java' [2018-07-04T10:37:37.184664] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.184921] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.184927] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.184930] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.184932] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.184934] Adding include file;

filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.184937] Adding include file;

filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.184940] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.184942] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.184945] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.184947] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.184951] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.184955] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.184959] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.184962] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.184966] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.184969] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.184972] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.184975] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.184978] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.184981] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.184984] Adding include file;

filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',

...

depth='2' [2018-07-04T10:37:37.184988] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.184991] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.184994] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.184998] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.185001] Adding include file;

filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.185007] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.185044] Reading path for candidate modules; path='/usr/lib64/syslog-ng' [2018-07-04T10:37:37.185080] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjvm.so', module='jvm' [2018-07-04T10:37:37.185117] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so', module='add-contextual-data' [2018-07-04T10:37:37.185182] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2018-07-04T10:37:37.185201] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile' [2018-07-04T10:37:37.185271] Registering candidate plugin; module='affile', context='source', name='file' [2018-07-04T10:37:37.185277] Registering candidate plugin; module='affile', context='source', name='pipe' [2018-07-04T10:37:37.185280] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2018-07-04T10:37:37.185283] Registering candidate plugin; module='affile', context='source', name='stdin' [2018-07-04T10:37:37.185286] Registering candidate plugin; module='affile', context='destination', name='file' [2018-07-04T10:37:37.185289] Registering candidate plugin; module='affile', context='destination', name='pipe' [2018-07-04T10:37:37.185303] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafmongodb.so', module='afmongodb' [2018-07-04T10:37:37.185613] Registering candidate plugin; module='afmongodb', context='destination', name='mongodb' [2018-07-04T10:37:37.185640] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog' [2018-07-04T10:37:37.185702] Registering candidate plugin; module='afprog', context='source', name='program' [2018-07-04T10:37:37.185707] Registering candidate plugin; module='afprog', context='destination', name='program' [2018-07-04T10:37:37.185720] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafsocket.so', module='afsocket' [2018-07-04T10:37:37.185867] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2018-07-04T10:37:37.185872] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2018-07-04T10:37:37.185876] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2018-07-04T10:37:37.185879] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2018-07-04T10:37:37.185883] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2018-07-04T10:37:37.185886] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2018-07-04T10:37:37.185889] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2018-07-04T10:37:37.185892] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2018-07-04T10:37:37.185896] Registering candidate plugin; module='afsocket', context='source', name='udp' [2018-07-04T10:37:37.185899] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2018-07-04T10:37:37.185902] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2018-07-04T10:37:37.185906] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2018-07-04T10:37:37.185909] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2018-07-04T10:37:37.185912] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2018-07-04T10:37:37.185915] Registering candidate plugin; module='afsocket', context='source', name='network' [2018-07-04T10:37:37.185921] Registering candidate plugin; module='afsocket', context='destination', name='network' [2018-07-04T10:37:37.185924] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2018-07-04T10:37:37.185951] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp' [2018-07-04T10:37:37.186009] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2018-07-04T10:37:37.186024] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser' [2018-07-04T10:37:37.186077] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2018-07-04T10:37:37.186090] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libappmodel.so', module='appmodel' [2018-07-04T10:37:37.186142] Registering candidate plugin; module='appmodel', context='root', name='application' [2018-07-04T10:37:37.186147] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2018-07-04T10:37:37.186159] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so', module='basicfuncs' [2018-07-04T10:37:37.186227] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2018-07-04T10:37:37.186232] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2018-07-04T10:37:37.186235] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2018-07-04T10:37:37.186239] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2018-07-04T10:37:37.186242] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2018-07-04T10:37:37.186246] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2018-07-04T10:37:37.186249] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2018-07-04T10:37:37.186252] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2018-07-04T10:37:37.186256] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2018-07-04T10:37:37.186259] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2018-07-04T10:37:37.186262] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2018-07-04T10:37:37.186265] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2018-07-04T10:37:37.186269] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2018-07-04T10:37:37.186272] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2018-07-04T10:37:37.186276] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2018-07-04T10:37:37.186279] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2018-07-04T10:37:37.186282] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2018-07-04T10:37:37.186285] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2018-07-04T10:37:37.186289] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2018-07-04T10:37:37.186292] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2018-07-04T10:37:37.186295] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2018-07-04T10:37:37.186299] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2018-07-04T10:37:37.186302] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2018-07-04T10:37:37.186306] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2018-07-04T10:37:37.186309] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2018-07-04T10:37:37.186312] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2018-07-04T10:37:37.186315] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2018-07-04T10:37:37.186319] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2018-07-04T10:37:37.186322] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2018-07-04T10:37:37.186325] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2018-07-04T10:37:37.186328] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2018-07-04T10:37:37.186332] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2018-07-04T10:37:37.186335] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2018-07-04T10:37:37.186338] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2018-07-04T10:37:37.186341] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2018-07-04T10:37:37.186345] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2018-07-04T10:37:37.186348] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2018-07-04T10:37:37.186351] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2018-07-04T10:37:37.186355] Registering candidate plugin; module='basicfuncs', context='template-func', name='urlencode' [2018-07-04T10:37:37.186367] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef' [2018-07-04T10:37:37.186418] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2018-07-04T10:37:37.186430] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen' [2018-07-04T10:37:37.186486] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so', module='cryptofuncs' [2018-07-04T10:37:37.186538] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2018-07-04T10:37:37.186543] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2018-07-04T10:37:37.186547] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2018-07-04T10:37:37.186550] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2018-07-04T10:37:37.186554] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2018-07-04T10:37:37.186561] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2018-07-04T10:37:37.186565] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2018-07-04T10:37:37.186576] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so', module='csvparser' [2018-07-04T10:37:37.186628] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2018-07-04T10:37:37.186641] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdate.so', module='date' [2018-07-04T10:37:37.186693] Registering candidate plugin; module='date', context='parser', name='date-parser' [2018-07-04T10:37:37.186705] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdbparser.so', module='dbparser' [2018-07-04T10:37:37.186777] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2018-07-04T10:37:37.186782] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2018-07-04T10:37:37.186795] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so', module='disk-buffer' [2018-07-04T10:37:37.186849] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2018-07-04T10:37:37.186863] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libgraphite.so', module='graphite' [2018-07-04T10:37:37.186911] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2018-07-04T10:37:37.186924] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so', module='hook-commands' [2018-07-04T10:37:37.186974] Registering candidate plugin; module='hook-commands', context='inner-dest', name='hook-commands' [2018-07-04T10:37:37.186979] Registering candidate plugin; module='hook-commands', context='inner-src', name='hook-commands' [2018-07-04T10:37:37.186990] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so', module='json-plugin' [2018-07-04T10:37:37.187083] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2018-07-04T10:37:37.187088] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2018-07-04T10:37:37.187105] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libkvformat.so', module='kvformat' [2018-07-04T10:37:37.187159] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2018-07-04T10:37:37.187164] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2018-07-04T10:37:37.187168] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2018-07-04T10:37:37.187179] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so', module='linux-kmsg-format' [2018-07-04T10:37:37.187229] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2018-07-04T10:37:37.187242] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so', module='map-value-pairs' [2018-07-04T10:37:37.187293] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2018-07-04T10:37:37.187306] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so', module='pseudofile' [2018-07-04T10:37:37.187358] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2018-07-04T10:37:37.187371] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so', module='sdjournal' [2018-07-04T10:37:37.187425] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2018-07-04T10:37:37.187438] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsnmptrapd-parser.so', module='snmptrapd-parser' [2018-07-04T10:37:37.187489] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2018-07-04T10:37:37.187502] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libstardate.so', module='stardate' [2018-07-04T10:37:37.187553] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2018-07-04T10:37:37.187566] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so', module='syslogformat' [2018-07-04T10:37:37.187618] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2018-07-04T10:37:37.187624] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2018-07-04T10:37:37.187635] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so', module='system-source' [2018-07-04T10:37:37.187684] Registering candidate plugin; module='system-source', context='source', name='system' [2018-07-04T10:37:37.187697] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so', module='tags-parser' [2018-07-04T10:37:37.187747] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2018-07-04T10:37:37.187760] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so', module='tfgetent' [2018-07-04T10:37:37.187809] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2018-07-04T10:37:37.187821] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml' [2018-07-04T10:37:37.187873] Registering candidate plugin; module='xml', context='parser', name='xml' [2018-07-04T10:37:37.187886] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmod-java.so', module='mod-java' [2018-07-04T10:37:37.187891] Registering candidate plugin; module='mod-java', context='options', name='jvm_options' [2018-07-04T10:37:37.187896] Registering candidate plugin; module='mod-java', context='destination', name='java' [2018-07-04T10:37:37.187948] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.187961] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188052] Module loaded and initialized successfully; module='appmodel' [2018-07-04T10:37:37.188086] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188098] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188223] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188348] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188362] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188486] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188497] Starting to read include file;

filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.188579] Finishing include;

filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.188590] Starting to read include file;

filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.188623] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188629] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188632] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188760] Finishing include;

filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.188770] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.188822] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188827] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188830] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189032] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.189043] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189093] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189103] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189137] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189142] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189145] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189284] Module loaded and initialized successfully; module='basicfuncs' [2018-07-04T10:37:37.189316] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189328] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189403] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189413] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189478] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189488] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189548] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189558] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189681] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.189703] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189715] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189776] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189781] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189785] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189815] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189825] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189893] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189897] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189900] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189926] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189936] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189980] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189990] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190038] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190048] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190136] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190146] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190189] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190198] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190246] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3} )?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{ 13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2018-07-04T10:37:37.190280] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190289] Starting to read include file;

filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',

...

depth='2' [2018-07-04T10:37:37.190340] Finishing include;

filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf',

...

depth='2' [2018-07-04T10:37:37.190350] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190400] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190410] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190472] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190482] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190539] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.190545] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190554] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190593] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190601] Starting to read include file;

filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.190643] Finishing include;

filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf',

...

depth='2' [2018-07-04T10:37:37.190661] Global value changed; define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules' [2018-07-04T10:37:37.190667] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.190862] Module loaded and initialized successfully; module='system-source' [2018-07-04T10:37:37.190952] Module loaded and initialized successfully; module='sdjournal' [2018-07-04T10:37:37.190996] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191184] Module loaded and initialized successfully; module='kvformat' [2018-07-04T10:37:37.191201] Finishing include; content='block parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23', depth='3' [2018-07-04T10:37:37.191329] Module loaded and initialized successfully; module='csvparser' [2018-07-04T10:37:37.191357] Finishing include; content='block parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23', depth='3' [2018-07-04T10:37:37.191380] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191404] Finishing include; content='source generator system', depth='1' [2018-07-04T10:37:37.191591] Module loaded and initialized successfully; module='afsocket' [2018-07-04T10:37:37.192042] Module loaded and initialized successfully; module='dbparser' [2018-07-04T10:37:37.192158] Module loaded and initialized successfully; module='affile' [2018-07-04T10:37:37.192370] Finishing include; content='block destination elasticsearch2() at /usr/share/syslog-ng/include/s cl/elasticsearch/plugin.conf:59', depth='1' [2018-07-04T10:37:37.192738] Module loaded and initialized successfully; module='syslogformat' [2018-07-04T10:37:37.192935] Accepting connections; addr='AF_INET( 0.0.0.0:601)' [2018-07-04T10:37:37.192970] Accepting connections; addr='AF_INET( 0.0.0.0:514)' [2018-07-04T10:37:37.193423] Seeking the journal to the last cursor position; cursor='s=df2c9187264b4bb0a3addd9aa8fc2c71;i=6d55c;b=4458f11

42e1f48c0895f522ab1182866;m=87d9f8fec7;t=57028562edb9b;x=4373623fa660b876'

...

[2018-07-04T10:37:37.193676] Log pattern database reloaded; file='/opt/syslog-ng/etc/patterndb.xml', version='3', pub_date='2010-07-13' [2018-07-04T10:37:37.193712] Processing the time zone file (32bit part); filename='/usr/share/zoneinfo/UTC' [2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' **

ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader:

...

assertion failed: (self->loader) Aborted (core dumped)

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Hi, I uninstalled and reinstalled 3.16.1 as soon as it was available. The issue of no logging currently persists. running syslog-ng -Fdv always ends in [2018-07-04T16:15:27.124682] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_noDebug', location='/etc/syslog-ng/syslog-ng.conf:85:19', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124696] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_checkpoints', location='/etc/syslog-ng/syslog-ng.conf:98:23', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124709] <<<<<< Source side message processing finish; instance='0.0.0.0', location='/etc/syslog-ng/syslog-ng.conf:33:2', msg='0x7ff5a40168c0' Floating point exception (core dumped) and there are not messages writen the (local) file destination. Could this be another issue with the build or is that my config? The odd thing is i already reverted to an older config which was previously verified functional Sincerely Niklas Deffner 2018-07-04 15:37 GMT+02:00 Niklas Deffner <niklastai97@gmail.com>:

Hi,

Thank you for the explanation.

Is that also the reason why logging (in my case)does not work at all in this current state, no matter the config used, even 'crashless'?

Sincerely Niklas Deffner

Am 4. Juli 2018 15:29:10 MESZ schrieb "Szemere, László" < laszlo.szemere@balabit.com>:

...

Hello T4iga, Your error message helped a lot, Thank You. It successfully leaded us here: https://github.com/balabit/syslog-ng/blob/ 41f7c202cb25433feb0fa9496960599a53b58522/modules/java/ native/java-class-loader.c#L51 From this @Czanik and me figured out it was a configuration/packaging error. Peter immediately created a new build, which worked well on his local machine. The opensuse building is still running: https://build. opensuse.org/package/show/home:czanik:syslog-ng316/syslog-ng , please update your packages with the finished output.

Best regards, Laci

On Wed, Jul 4, 2018 at 10:51 AM, T4iga <niklastai97@gmail.com> wrote:

...

2018-07-04 10:23 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

...

In order to put aside any systemd complexities, let's try to run syslog-ng in the foreground:

export LD_LIBRARY_PATH=/usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/ lib/amd64/server syslog-ng -Fdv

What happens then?

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

I got an error that lead me to correct another semantic error I made. After correcting that it still crashes: I suppose the initialization stuff is irrelevant as there are not errors apart from the end:

[2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' ** ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: assertion failed: (self->loader) Aborted (core dumped)

Just in case the full thing is needed:

# syslog-ng -Fdv [2018-07-04T10:37:37.182933] Systemd is detected as the running init system; [2018-07-04T10:37:37.184634] Module loaded and initialized successfully; module='mod-java' [2018-07-04T10:37:37.184664] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.184921] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.184927] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.184930] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.184932] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.184934] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.184937] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.184940] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.184942] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.184945] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.184947] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.184951] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.184955] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.184959] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.184962] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.184966] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.184969] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.184972] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.184975] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.184978] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.184981] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.184984] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.184988] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.184991] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.184994] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.184998] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.185001] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.185007] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.185044] Reading path for candidate modules; path='/usr/lib64/syslog-ng' [2018-07-04T10:37:37.185080] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjvm.so', module='jvm' [2018-07-04T10:37:37.185117] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so', module='add-contextual-data' [2018-07-04T10:37:37.185182] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2018-07-04T10:37:37.185201] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile' [2018-07-04T10:37:37.185271] Registering candidate plugin; module='affile', context='source', name='file' [2018-07-04T10:37:37.185277] Registering candidate plugin; module='affile', context='source', name='pipe' [2018-07-04T10:37:37.185280] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2018-07-04T10:37:37.185283] Registering candidate plugin; module='affile', context='source', name='stdin' [2018-07-04T10:37:37.185286] Registering candidate plugin; module='affile', context='destination', name='file' [2018-07-04T10:37:37.185289] Registering candidate plugin; module='affile', context='destination', name='pipe' [2018-07-04T10:37:37.185303] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafmongodb.so', module='afmongodb' [2018-07-04T10:37:37.185613] Registering candidate plugin; module='afmongodb', context='destination', name='mongodb' [2018-07-04T10:37:37.185640] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog' [2018-07-04T10:37:37.185702] Registering candidate plugin; module='afprog', context='source', name='program' [2018-07-04T10:37:37.185707] Registering candidate plugin; module='afprog', context='destination', name='program' [2018-07-04T10:37:37.185720] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafsocket.so', module='afsocket' [2018-07-04T10:37:37.185867] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2018-07-04T10:37:37.185872] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2018-07-04T10:37:37.185876] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2018-07-04T10:37:37.185879] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2018-07-04T10:37:37.185883] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2018-07-04T10:37:37.185886] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2018-07-04T10:37:37.185889] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2018-07-04T10:37:37.185892] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2018-07-04T10:37:37.185896] Registering candidate plugin; module='afsocket', context='source', name='udp' [2018-07-04T10:37:37.185899] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2018-07-04T10:37:37.185902] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2018-07-04T10:37:37.185906] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2018-07-04T10:37:37.185909] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2018-07-04T10:37:37.185912] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2018-07-04T10:37:37.185915] Registering candidate plugin; module='afsocket', context='source', name='network' [2018-07-04T10:37:37.185921] Registering candidate plugin; module='afsocket', context='destination', name='network' [2018-07-04T10:37:37.185924] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2018-07-04T10:37:37.185951] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp' [2018-07-04T10:37:37.186009] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2018-07-04T10:37:37.186024] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser' [2018-07-04T10:37:37.186077] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2018-07-04T10:37:37.186090] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libappmodel.so', module='appmodel' [2018-07-04T10:37:37.186142] Registering candidate plugin; module='appmodel', context='root', name='application' [2018-07-04T10:37:37.186147] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2018-07-04T10:37:37.186159] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so', module='basicfuncs' [2018-07-04T10:37:37.186227] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2018-07-04T10:37:37.186232] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2018-07-04T10:37:37.186235] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2018-07-04T10:37:37.186239] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2018-07-04T10:37:37.186242] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2018-07-04T10:37:37.186246] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2018-07-04T10:37:37.186249] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2018-07-04T10:37:37.186252] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2018-07-04T10:37:37.186256] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2018-07-04T10:37:37.186259] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2018-07-04T10:37:37.186262] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2018-07-04T10:37:37.186265] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2018-07-04T10:37:37.186269] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2018-07-04T10:37:37.186272] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2018-07-04T10:37:37.186276] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2018-07-04T10:37:37.186279] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2018-07-04T10:37:37.186282] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2018-07-04T10:37:37.186285] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2018-07-04T10:37:37.186289] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2018-07-04T10:37:37.186292] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2018-07-04T10:37:37.186295] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2018-07-04T10:37:37.186299] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2018-07-04T10:37:37.186302] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2018-07-04T10:37:37.186306] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2018-07-04T10:37:37.186309] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2018-07-04T10:37:37.186312] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2018-07-04T10:37:37.186315] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2018-07-04T10:37:37.186319] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2018-07-04T10:37:37.186322] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2018-07-04T10:37:37.186325] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2018-07-04T10:37:37.186328] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2018-07-04T10:37:37.186332] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2018-07-04T10:37:37.186335] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2018-07-04T10:37:37.186338] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2018-07-04T10:37:37.186341] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2018-07-04T10:37:37.186345] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2018-07-04T10:37:37.186348] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2018-07-04T10:37:37.186351] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2018-07-04T10:37:37.186355] Registering candidate plugin; module='basicfuncs', context='template-func', name='urlencode' [2018-07-04T10:37:37.186367] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef' [2018-07-04T10:37:37.186418] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2018-07-04T10:37:37.186430] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen' [2018-07-04T10:37:37.186486] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so', module='cryptofuncs' [2018-07-04T10:37:37.186538] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2018-07-04T10:37:37.186543] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2018-07-04T10:37:37.186547] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2018-07-04T10:37:37.186550] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2018-07-04T10:37:37.186554] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2018-07-04T10:37:37.186561] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2018-07-04T10:37:37.186565] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2018-07-04T10:37:37.186576] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so', module='csvparser' [2018-07-04T10:37:37.186628] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2018-07-04T10:37:37.186641] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdate.so', module='date' [2018-07-04T10:37:37.186693] Registering candidate plugin; module='date', context='parser', name='date-parser' [2018-07-04T10:37:37.186705] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdbparser.so', module='dbparser' [2018-07-04T10:37:37.186777] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2018-07-04T10:37:37.186782] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2018-07-04T10:37:37.186795] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so', module='disk-buffer' [2018-07-04T10:37:37.186849] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2018-07-04T10:37:37.186863] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libgraphite.so', module='graphite' [2018-07-04T10:37:37.186911] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2018-07-04T10:37:37.186924] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so', module='hook-commands' [2018-07-04T10:37:37.186974] Registering candidate plugin; module='hook-commands', context='inner-dest', name='hook-commands' [2018-07-04T10:37:37.186979] Registering candidate plugin; module='hook-commands', context='inner-src', name='hook-commands' [2018-07-04T10:37:37.186990] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so', module='json-plugin' [2018-07-04T10:37:37.187083] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2018-07-04T10:37:37.187088] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2018-07-04T10:37:37.187105] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libkvformat.so', module='kvformat' [2018-07-04T10:37:37.187159] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2018-07-04T10:37:37.187164] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2018-07-04T10:37:37.187168] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2018-07-04T10:37:37.187179] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so', module='linux-kmsg-format' [2018-07-04T10:37:37.187229] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2018-07-04T10:37:37.187242] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so', module='map-value-pairs' [2018-07-04T10:37:37.187293] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2018-07-04T10:37:37.187306] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so', module='pseudofile' [2018-07-04T10:37:37.187358] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2018-07-04T10:37:37.187371] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so', module='sdjournal' [2018-07-04T10:37:37.187425] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2018-07-04T10:37:37.187438] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsnmptrapd-parser.so', module='snmptrapd-parser' [2018-07-04T10:37:37.187489] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2018-07-04T10:37:37.187502] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libstardate.so', module='stardate' [2018-07-04T10:37:37.187553] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2018-07-04T10:37:37.187566] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so', module='syslogformat' [2018-07-04T10:37:37.187618] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2018-07-04T10:37:37.187624] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2018-07-04T10:37:37.187635] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so', module='system-source' [2018-07-04T10:37:37.187684] Registering candidate plugin; module='system-source', context='source', name='system' [2018-07-04T10:37:37.187697] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so', module='tags-parser' [2018-07-04T10:37:37.187747] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2018-07-04T10:37:37.187760] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so', module='tfgetent' [2018-07-04T10:37:37.187809] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2018-07-04T10:37:37.187821] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml' [2018-07-04T10:37:37.187873] Registering candidate plugin; module='xml', context='parser', name='xml' [2018-07-04T10:37:37.187886] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmod-java.so', module='mod-java' [2018-07-04T10:37:37.187891] Registering candidate plugin; module='mod-java', context='options', name='jvm_options' [2018-07-04T10:37:37.187896] Registering candidate plugin; module='mod-java', context='destination', name='java' [2018-07-04T10:37:37.187948] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.187961] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188052] Module loaded and initialized successfully; module='appmodel' [2018-07-04T10:37:37.188086] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188098] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188223] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188348] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188362] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188486] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188497] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.188579] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.188590] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.188623] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188629] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188632] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188760] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.188770] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.188822] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188827] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188830] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189032] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.189043] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189093] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189103] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189137] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189142] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189145] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189284] Module loaded and initialized successfully; module='basicfuncs' [2018-07-04T10:37:37.189316] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189328] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189403] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189413] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189478] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189488] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189548] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189558] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189681] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.189703] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189715] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189776] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189781] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189785] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189815] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189825] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189893] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189897] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189900] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189926] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189936] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189980] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189990] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190038] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190048] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190136] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190146] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190189] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190198] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190246] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3} )?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{ 13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2018-07-04T10:37:37.190280] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190289] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.190340] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.190350] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190400] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190410] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190472] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190482] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190539] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.190545] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190554] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190593] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190601] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.190643] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.190661] Global value changed; define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules' [2018-07-04T10:37:37.190667] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.190862] Module loaded and initialized successfully; module='system-source' [2018-07-04T10:37:37.190952] Module loaded and initialized successfully; module='sdjournal' [2018-07-04T10:37:37.190996] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191184] Module loaded and initialized successfully; module='kvformat' [2018-07-04T10:37:37.191201] Finishing include; content='block parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23', depth='3' [2018-07-04T10:37:37.191329] Module loaded and initialized successfully; module='csvparser' [2018-07-04T10:37:37.191357] Finishing include; content='block parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23', depth='3' [2018-07-04T10:37:37.191380] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191404] Finishing include; content='source generator system', depth='1' [2018-07-04T10:37:37.191591] Module loaded and initialized successfully; module='afsocket' [2018-07-04T10:37:37.192042] Module loaded and initialized successfully; module='dbparser' [2018-07-04T10:37:37.192158] Module loaded and initialized successfully; module='affile' [2018-07-04T10:37:37.192370] Finishing include; content='block destination elasticsearch2() at /usr/share/syslog-ng/include/s cl/elasticsearch/plugin.conf:59', depth='1' [2018-07-04T10:37:37.192738] Module loaded and initialized successfully; module='syslogformat' [2018-07-04T10:37:37.192935] Accepting connections; addr='AF_INET( 0.0.0.0:601)' [2018-07-04T10:37:37.192970] Accepting connections; addr='AF_INET( 0.0.0.0:514)' [2018-07-04T10:37:37.193423] Seeking the journal to the last cursor position; cursor='s=df2c9187264b4bb0a3addd9aa8fc2c71;i=6d55c;b=4458f11 42e1f48c0895f522ab1182866;m=87d9f8fec7;t=57028562edb9b;x=437 3623fa660b876' [2018-07-04T10:37:37.193676] Log pattern database reloaded; file='/opt/syslog-ng/etc/patterndb.xml', version='3', pub_date='2010-07-13' [2018-07-04T10:37:37.193712] Processing the time zone file (32bit part); filename='/usr/share/zoneinfo/UTC' [2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' ** ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: assertion failed: (self->loader) Aborted (core dumped)

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Hello, Thank You for the detailed config, I will try to reproduce the error based on this. (In the meantime, could you please extract the back trace from the core file?) Br, Laci On Wed, Jul 4, 2018 at 4:31 PM, T4iga <niklastai97@gmail.com> wrote:

I did not see your email from 2 minutes before mine. The config i used was this: I removed the content of the filters because it contains IP adresses I would not like to share. I hope that is not to relevant as per the evaluation. You can see from the above email, that these exact filters do match the message so it should work as far as i can tell.

############### Globale Optionen ############### @version:3.16.1 @include "scl.conf"

options { chain_hostnames(off); # Standard flush_lines(0); # Standard perm(0640); # Standard stats_freq(3600); # Standard threaded(yes); # Standard create-dirs(yes); # erlaubt Syslog-NG, falls noetig, neue Verzeichnisse anzulegen dir-owner(root); # die neuen Verzeichnisse gehoeren root dir-perm(0640); # entspricht -rw-r-----, Besitzer: Lesen, Schreiben; Gruppe: Lesen; Alle: Nichts file-template(t_myLoggingFormat); # legt Standart-Template fuer file Destinations fest };

############### Sources - Quellen ############### # Fuer interne Nachrichten source s_myInternalSource { system(); # von Betriebssystem und aehnlichem internal(); # Syslog-interne Nachrichten };

# Fuer Netzwerk-Nachrichten source s_myNetworkSource { syslog( ip(0.0.0.0) # port(601) # Standardport für legacy RFC 3164 UDP syslog transport("udp") # );

syslog( ip(0.0.0.0) # port(514) # Non-Standardport transport("udp") # );

syslog( ip(0.0.0.0) # Bedeutet NICHT, das von allen angenommen wird, siehe filter port(601) # Standardport für RFC 5424 TCP Syslog ist 601 transport("tcp") # TCP, damit Nachrichten garantiert am Ziel ankommen ); syslog( ip(0.0.0.0) # port(514) # Non-Standard Port transport("tcp") # ); ### UDP ### fuer Checkpoint #syslog( # ip(0.0.0.0) # port(601) # transport("udp") #); #syslog( # ip(0.0.0.0) # port(514) # transport("udp") #);

};

############### Templates - Vorlagen ############### # Aufbau des Nachrichteninhalts fuer Dateiziele template t_myLoggingFormat { template("$(padding ${FULLHOST} 15 '')|${ISODATE}|PRI:$(padding ${PRI} 3 '')|${MSGHDR} ${MSG}\n"); }; # Legacy-Nachrichten werden anders geparst # Mit Standardtempalte wir die Originalnachricht vollständig in MSG eingefügt

# Fuer Nachrichtenpfad # Dateiname ist Tag(Nummer innerhalb des Monats)-Kuerzel(Mon, Tue, Wen, Thu, Fri, Sat, Sun) # zum Beispiel "127.0.0.1/2018/Jan/17-Sat" template t_destination { template("${FULLHOST}/${YEAR}/${YEAR}-${MONTH_ABBREV}-${DAY} .log"); };

############### Filter ############### # Ein Filter je Quelle # Filter kann man so machen: # filter <filter-id> # {"<macro-or-template>" operator "<value-or-macro-or-template>"}; # oder mit Functions filter f_noDebug { level(emerg..info); # Schließt Debug-Nachrichten aus };

filter f_networkfilter { };

filter f_checkpoints { };

############### Rewrite Rules ###################### rewrite r_checkpoint_remove_irrelevant { subst( '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} - ', '', type("pcre"), value("MESSAGE") flags("utf8" "store-matches") );

};

############### Ziele - Destinations ############### # Ein Ziel fuer jede IP-Adresse, Jahr, Monat, Tag, etc destination d_myDestination{ file("/var/log/syslog-ng/$FULLHOST/$YEAR/$YEAR-$MONTH-$DAY.log" create_dirs(yes) ); };

destination d_testination{ file("/var/log/syslog-ng/test/$FULLHOST/$YEAR/$YEAR-$MONTH-$ DAY.log" create_dirs(yes) ); };

############### Log-Pfade ############### # log { source(s_myNetworkSource); # Fuer TCP und UDP Nachrichten von allen Clients source(s_myInternalSource); # interne Nachrichten filter(f_networkfilter); # Nur 10.27.221er, 222er, 231er und 27er Netz filter(f_noDebug); # alle außer debug destination(d_myDestination); # universal Ziel; siehe Template }; # log { # for testing purposes source(s_myNetworkSource); filter(f_checkpoints); # Nur Checkpoint-Non-Standard filter(f_noDebug); # rewrite(r_checkpoint_remove_irrelevant); destination(d_myDestination); };

# #log { # for testing purposes # source(s_myNetworkSource); # source { syslog( ip( 0.0.0.0) transport("udp") flags(syslog-protocol); }; # destination(d_testination); #};

############################## ENDE ##############################

2018-07-04 16:21 GMT+02:00 T4iga <niklastai97@gmail.com>:

...

Hi,

I uninstalled and reinstalled 3.16.1 as soon as it was available. The issue of no logging currently persists.

running syslog-ng -Fdv always ends in [2018-07-04T16:15:27.124682] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_noDebug', location='/etc/syslog-ng/syslog-ng.conf:85:19', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124696] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_checkpoints', location='/etc/syslog-ng/syslog-ng.conf:98:23', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124709] <<<<<< Source side message processing finish; instance='0.0.0.0', location='/etc/syslog-ng/syslog-ng.conf:33:2', msg='0x7ff5a40168c0' Floating point exception (core dumped)

and there are not messages writen the (local) file destination. Could this be another issue with the build or is that my config? The odd thing is i already reverted to an older config which was previously verified functional

Sincerely Niklas Deffner

2018-07-04 15:37 GMT+02:00 Niklas Deffner <niklastai97@gmail.com>:

...

Hi,

Thank you for the explanation.

Is that also the reason why logging (in my case)does not work at all in this current state, no matter the config used, even 'crashless'?

Sincerely Niklas Deffner

Am 4. Juli 2018 15:29:10 MESZ schrieb "Szemere, László" < laszlo.szemere@balabit.com>:

...

Hello T4iga, Your error message helped a lot, Thank You. It successfully leaded us here: https://github.com/balabit/syslog-ng/blob/41f7c202cb25 433feb0fa9496960599a53b58522/modules/java/native/java-class- loader.c#L51 From this @Czanik and me figured out it was a configuration/packaging error. Peter immediately created a new build, which worked well on his local machine. The opensuse building is still running: https://build.opensus e.org/package/show/home:czanik:syslog-ng316/syslog-ng , please update your packages with the finished output.

Best regards, Laci

On Wed, Jul 4, 2018 at 10:51 AM, T4iga <niklastai97@gmail.com> wrote:

...

2018-07-04 10:23 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

...

In order to put aside any systemd complexities, let's try to run syslog-ng in the foreground:

export LD_LIBRARY_PATH=/usr/lib64/jvm /java-1.8.0-openjdk-1.8.0/jre/lib/amd64/server syslog-ng -Fdv

What happens then?

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

I got an error that lead me to correct another semantic error I made. After correcting that it still crashes: I suppose the initialization stuff is irrelevant as there are not errors apart from the end:

[2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' ** ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: assertion failed: (self->loader) Aborted (core dumped)

Just in case the full thing is needed:

# syslog-ng -Fdv [2018-07-04T10:37:37.182933] Systemd is detected as the running init system; [2018-07-04T10:37:37.184634] Module loaded and initialized successfully; module='mod-java' [2018-07-04T10:37:37.184664] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.184921] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.184927] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.184930] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.184932] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.184934] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.184937] Adding include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.184940] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.184942] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.184945] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.184947] Adding include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.184951] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.184955] Adding include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.184959] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.184962] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.184966] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.184969] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.184972] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.184975] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.184978] Adding include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.184981] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.184984] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.184988] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.184991] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.184994] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.184998] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.185001] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.185007] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.185044] Reading path for candidate modules; path='/usr/lib64/syslog-ng' [2018-07-04T10:37:37.185080] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjvm.so', module='jvm' [2018-07-04T10:37:37.185117] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so', module='add-contextual-data' [2018-07-04T10:37:37.185182] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2018-07-04T10:37:37.185201] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile' [2018-07-04T10:37:37.185271] Registering candidate plugin; module='affile', context='source', name='file' [2018-07-04T10:37:37.185277] Registering candidate plugin; module='affile', context='source', name='pipe' [2018-07-04T10:37:37.185280] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2018-07-04T10:37:37.185283] Registering candidate plugin; module='affile', context='source', name='stdin' [2018-07-04T10:37:37.185286] Registering candidate plugin; module='affile', context='destination', name='file' [2018-07-04T10:37:37.185289] Registering candidate plugin; module='affile', context='destination', name='pipe' [2018-07-04T10:37:37.185303] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafmongodb.so', module='afmongodb' [2018-07-04T10:37:37.185613] Registering candidate plugin; module='afmongodb', context='destination', name='mongodb' [2018-07-04T10:37:37.185640] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog' [2018-07-04T10:37:37.185702] Registering candidate plugin; module='afprog', context='source', name='program' [2018-07-04T10:37:37.185707] Registering candidate plugin; module='afprog', context='destination', name='program' [2018-07-04T10:37:37.185720] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafsocket.so', module='afsocket' [2018-07-04T10:37:37.185867] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2018-07-04T10:37:37.185872] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2018-07-04T10:37:37.185876] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2018-07-04T10:37:37.185879] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2018-07-04T10:37:37.185883] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2018-07-04T10:37:37.185886] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2018-07-04T10:37:37.185889] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2018-07-04T10:37:37.185892] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2018-07-04T10:37:37.185896] Registering candidate plugin; module='afsocket', context='source', name='udp' [2018-07-04T10:37:37.185899] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2018-07-04T10:37:37.185902] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2018-07-04T10:37:37.185906] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2018-07-04T10:37:37.185909] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2018-07-04T10:37:37.185912] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2018-07-04T10:37:37.185915] Registering candidate plugin; module='afsocket', context='source', name='network' [2018-07-04T10:37:37.185921] Registering candidate plugin; module='afsocket', context='destination', name='network' [2018-07-04T10:37:37.185924] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2018-07-04T10:37:37.185951] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp' [2018-07-04T10:37:37.186009] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2018-07-04T10:37:37.186024] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser' [2018-07-04T10:37:37.186077] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2018-07-04T10:37:37.186090] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libappmodel.so', module='appmodel' [2018-07-04T10:37:37.186142] Registering candidate plugin; module='appmodel', context='root', name='application' [2018-07-04T10:37:37.186147] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2018-07-04T10:37:37.186159] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so', module='basicfuncs' [2018-07-04T10:37:37.186227] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2018-07-04T10:37:37.186232] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2018-07-04T10:37:37.186235] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2018-07-04T10:37:37.186239] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2018-07-04T10:37:37.186242] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2018-07-04T10:37:37.186246] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2018-07-04T10:37:37.186249] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2018-07-04T10:37:37.186252] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2018-07-04T10:37:37.186256] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2018-07-04T10:37:37.186259] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2018-07-04T10:37:37.186262] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2018-07-04T10:37:37.186265] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2018-07-04T10:37:37.186269] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2018-07-04T10:37:37.186272] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2018-07-04T10:37:37.186276] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2018-07-04T10:37:37.186279] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2018-07-04T10:37:37.186282] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2018-07-04T10:37:37.186285] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2018-07-04T10:37:37.186289] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2018-07-04T10:37:37.186292] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2018-07-04T10:37:37.186295] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2018-07-04T10:37:37.186299] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2018-07-04T10:37:37.186302] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2018-07-04T10:37:37.186306] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2018-07-04T10:37:37.186309] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2018-07-04T10:37:37.186312] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2018-07-04T10:37:37.186315] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2018-07-04T10:37:37.186319] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2018-07-04T10:37:37.186322] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2018-07-04T10:37:37.186325] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2018-07-04T10:37:37.186328] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2018-07-04T10:37:37.186332] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2018-07-04T10:37:37.186335] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2018-07-04T10:37:37.186338] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2018-07-04T10:37:37.186341] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2018-07-04T10:37:37.186345] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2018-07-04T10:37:37.186348] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2018-07-04T10:37:37.186351] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2018-07-04T10:37:37.186355] Registering candidate plugin; module='basicfuncs', context='template-func', name='urlencode' [2018-07-04T10:37:37.186367] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef' [2018-07-04T10:37:37.186418] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2018-07-04T10:37:37.186430] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen' [2018-07-04T10:37:37.186486] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so', module='cryptofuncs' [2018-07-04T10:37:37.186538] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2018-07-04T10:37:37.186543] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2018-07-04T10:37:37.186547] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2018-07-04T10:37:37.186550] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2018-07-04T10:37:37.186554] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2018-07-04T10:37:37.186561] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2018-07-04T10:37:37.186565] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2018-07-04T10:37:37.186576] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so', module='csvparser' [2018-07-04T10:37:37.186628] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2018-07-04T10:37:37.186641] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdate.so', module='date' [2018-07-04T10:37:37.186693] Registering candidate plugin; module='date', context='parser', name='date-parser' [2018-07-04T10:37:37.186705] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdbparser.so', module='dbparser' [2018-07-04T10:37:37.186777] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2018-07-04T10:37:37.186782] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2018-07-04T10:37:37.186795] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so', module='disk-buffer' [2018-07-04T10:37:37.186849] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2018-07-04T10:37:37.186863] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libgraphite.so', module='graphite' [2018-07-04T10:37:37.186911] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2018-07-04T10:37:37.186924] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so', module='hook-commands' [2018-07-04T10:37:37.186974] Registering candidate plugin; module='hook-commands', context='inner-dest', name='hook-commands' [2018-07-04T10:37:37.186979] Registering candidate plugin; module='hook-commands', context='inner-src', name='hook-commands' [2018-07-04T10:37:37.186990] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so', module='json-plugin' [2018-07-04T10:37:37.187083] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2018-07-04T10:37:37.187088] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2018-07-04T10:37:37.187105] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libkvformat.so', module='kvformat' [2018-07-04T10:37:37.187159] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2018-07-04T10:37:37.187164] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2018-07-04T10:37:37.187168] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2018-07-04T10:37:37.187179] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so', module='linux-kmsg-format' [2018-07-04T10:37:37.187229] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2018-07-04T10:37:37.187242] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so', module='map-value-pairs' [2018-07-04T10:37:37.187293] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2018-07-04T10:37:37.187306] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so', module='pseudofile' [2018-07-04T10:37:37.187358] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2018-07-04T10:37:37.187371] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so', module='sdjournal' [2018-07-04T10:37:37.187425] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2018-07-04T10:37:37.187438] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsnmptrapd-parser.so', module='snmptrapd-parser' [2018-07-04T10:37:37.187489] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2018-07-04T10:37:37.187502] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libstardate.so', module='stardate' [2018-07-04T10:37:37.187553] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2018-07-04T10:37:37.187566] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so', module='syslogformat' [2018-07-04T10:37:37.187618] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2018-07-04T10:37:37.187624] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2018-07-04T10:37:37.187635] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so', module='system-source' [2018-07-04T10:37:37.187684] Registering candidate plugin; module='system-source', context='source', name='system' [2018-07-04T10:37:37.187697] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so', module='tags-parser' [2018-07-04T10:37:37.187747] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2018-07-04T10:37:37.187760] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so', module='tfgetent' [2018-07-04T10:37:37.187809] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2018-07-04T10:37:37.187821] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml' [2018-07-04T10:37:37.187873] Registering candidate plugin; module='xml', context='parser', name='xml' [2018-07-04T10:37:37.187886] Reading shared object for a candidate module; path='/usr/lib64/syslog-ng', fname='libmod-java.so', module='mod-java' [2018-07-04T10:37:37.187891] Registering candidate plugin; module='mod-java', context='options', name='jvm_options' [2018-07-04T10:37:37.187896] Registering candidate plugin; module='mod-java', context='destination', name='java' [2018-07-04T10:37:37.187948] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2018-07-04T10:37:37.187961] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188052] Module loaded and initialized successfully; module='appmodel' [2018-07-04T10:37:37.188086] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2018-07-04T10:37:37.188098] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188223] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188348] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2018-07-04T10:37:37.188362] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188486] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2018-07-04T10:37:37.188497] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.188579] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2018-07-04T10:37:37.188590] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.188623] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188629] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188632] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.188760] Finishing include; filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', depth='2' [2018-07-04T10:37:37.188770] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.188822] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.188827] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.188830] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189032] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2018-07-04T10:37:37.189043] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189093] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2018-07-04T10:37:37.189103] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189137] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189142] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189145] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189284] Module loaded and initialized successfully; module='basicfuncs' [2018-07-04T10:37:37.189316] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2018-07-04T10:37:37.189328] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189403] Finishing include; filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', depth='2' [2018-07-04T10:37:37.189413] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189478] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2018-07-04T10:37:37.189488] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189548] Finishing include; filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', depth='2' [2018-07-04T10:37:37.189558] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189681] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.189703] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2018-07-04T10:37:37.189715] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189776] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189781] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189785] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189815] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2018-07-04T10:37:37.189825] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189893] Attempted to register the same plugin multiple times, dropping the old one; context='parser', name='json-parser' [2018-07-04T10:37:37.189897] Attempted to register the same plugin multiple times, dropping the old one; context='template-func', name='format_json' [2018-07-04T10:37:37.189900] Module loaded and initialized successfully; module='json-plugin' [2018-07-04T10:37:37.189926] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2018-07-04T10:37:37.189936] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189980] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2018-07-04T10:37:37.189990] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190038] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2018-07-04T10:37:37.190048] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190136] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2018-07-04T10:37:37.190146] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190189] Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2' [2018-07-04T10:37:37.190198] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190246] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3} )?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{ 13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2018-07-04T10:37:37.190280] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2018-07-04T10:37:37.190289] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.190340] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2018-07-04T10:37:37.190350] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190400] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2018-07-04T10:37:37.190410] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190472] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2018-07-04T10:37:37.190482] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190539] Module loaded and initialized successfully; module='confgen' [2018-07-04T10:37:37.190545] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2018-07-04T10:37:37.190554] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190593] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2018-07-04T10:37:37.190601] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.190643] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2018-07-04T10:37:37.190661] Global value changed; define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules' [2018-07-04T10:37:37.190667] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2018-07-04T10:37:37.190862] Module loaded and initialized successfully; module='system-source' [2018-07-04T10:37:37.190952] Module loaded and initialized successfully; module='sdjournal' [2018-07-04T10:37:37.190996] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191184] Module loaded and initialized successfully; module='kvformat' [2018-07-04T10:37:37.191201] Finishing include; content='block parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23', depth='3' [2018-07-04T10:37:37.191329] Module loaded and initialized successfully; module='csvparser' [2018-07-04T10:37:37.191357] Finishing include; content='block parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23', depth='3' [2018-07-04T10:37:37.191380] Finishing include; content='parser generator app-parser', depth='2' [2018-07-04T10:37:37.191404] Finishing include; content='source generator system', depth='1' [2018-07-04T10:37:37.191591] Module loaded and initialized successfully; module='afsocket' [2018-07-04T10:37:37.192042] Module loaded and initialized successfully; module='dbparser' [2018-07-04T10:37:37.192158] Module loaded and initialized successfully; module='affile' [2018-07-04T10:37:37.192370] Finishing include; content='block destination elasticsearch2() at /usr/share/syslog-ng/include/s cl/elasticsearch/plugin.conf:59', depth='1' [2018-07-04T10:37:37.192738] Module loaded and initialized successfully; module='syslogformat' [2018-07-04T10:37:37.192935] Accepting connections; addr='AF_INET( 0.0.0.0:601)' [2018-07-04T10:37:37.192970] Accepting connections; addr='AF_INET( 0.0.0.0:514)' [2018-07-04T10:37:37.193423] Seeking the journal to the last cursor position; cursor='s=df2c9187264b4bb0a3addd9aa8fc2c71;i=6d55c;b=4458f11 42e1f48c0895f522ab1182866;m=87d9f8fec7;t=57028562edb9b;x=437 3623fa660b876' [2018-07-04T10:37:37.193676] Log pattern database reloaded; file='/opt/syslog-ng/etc/patterndb.xml', version='3', pub_date='2010-07-13' [2018-07-04T10:37:37.193712] Processing the time zone file (32bit part); filename='/usr/share/zoneinfo/UTC' [2018-07-04T10:37:37.193736] Java machine new; [2018-07-04T10:37:37.242506] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader' ** ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: assertion failed: (self->loader) Aborted (core dumped)

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hi, maybe your system using the coredumpctl( or whatever the name of this tool). https://www.freedesktop.org/software/systemd/man/coredumpctl.html regards, Laszlo Budai On Wednesday, July 4, 2018, T4iga <niklastai97@gmail.com> wrote:

Hi,

as per this: https://www.syslog-ng.com/syslog-ng-faq/ I ran ulimit -c unlimited syslog-ng -Fdv so it should place the core dump in the current locatioin which it doesn't. I checked the suggested path to but it is not there so I am currently unable to provide you with the back trace.

Sincerely Niklas Deffner

2018-07-04 16:44 GMT+02:00 Szemere, László <laszlo.szemere@balabit.com>:

...

Hello, Thank You for the detailed config, I will try to reproduce the error based on this. (In the meantime, could you please extract the back trace from the core file?)

Br, Laci

On Wed, Jul 4, 2018 at 4:31 PM, T4iga <niklastai97@gmail.com> wrote:

...

I did not see your email from 2 minutes before mine. The config i used was this: I removed the content of the filters because it contains IP adresses I would not like to share. I hope that is not to relevant as per the evaluation. You can see from the above email, that these exact filters do match the message so it should work as far as i can tell.

############### Globale Optionen ############### @version:3.16.1 @include "scl.conf"

options { chain_hostnames(off); # Standard flush_lines(0); # Standard perm(0640); # Standard stats_freq(3600); # Standard threaded(yes); # Standard create-dirs(yes); # erlaubt Syslog-NG, falls noetig, neue Verzeichnisse anzulegen dir-owner(root); # die neuen Verzeichnisse gehoeren root dir-perm(0640); # entspricht -rw-r-----, Besitzer: Lesen, Schreiben; Gruppe: Lesen; Alle: Nichts file-template(t_myLoggingFormat); # legt Standart-Template fuer file Destinations fest };

############### Sources - Quellen ############### # Fuer interne Nachrichten source s_myInternalSource { system(); # von Betriebssystem und aehnlichem internal(); # Syslog-interne Nachrichten };

# Fuer Netzwerk-Nachrichten source s_myNetworkSource { syslog( ip(0.0.0.0) # port(601) # Standardport für legacy RFC 3164 UDP syslog transport("udp") # );

syslog( ip(0.0.0.0) # port(514) # Non-Standardport transport("udp") # );

syslog( ip(0.0.0.0) # Bedeutet NICHT, das von allen angenommen wird, siehe filter port(601) # Standardport für RFC 5424 TCP Syslog ist 601 transport("tcp") # TCP, damit Nachrichten garantiert am Ziel ankommen ); syslog( ip(0.0.0.0) # port(514) # Non-Standard Port transport("tcp") # ); ### UDP ### fuer Checkpoint #syslog( # ip(0.0.0.0) # port(601) # transport("udp") #); #syslog( # ip(0.0.0.0) # port(514) # transport("udp") #);

};

############### Templates - Vorlagen ############### # Aufbau des Nachrichteninhalts fuer Dateiziele template t_myLoggingFormat { template("$(padding ${FULLHOST} 15 '')|${ISODATE}|PRI:$(padding ${PRI} 3 '')|${MSGHDR} ${MSG}\n"); }; # Legacy-Nachrichten werden anders geparst # Mit Standardtempalte wir die Originalnachricht vollständig in MSG eingefügt

# Fuer Nachrichtenpfad # Dateiname ist Tag(Nummer innerhalb des Monats)-Kuerzel(Mon, Tue, Wen, Thu, Fri, Sat, Sun) # zum Beispiel "127.0.0.1/2018/Jan/17-Sat" template t_destination { template("${FULLHOST}/${YEAR}/${YEAR}-${MONTH_ABBREV}-${DAY} .log"); };

############### Filter ############### # Ein Filter je Quelle # Filter kann man so machen: # filter <filter-id> # {"<macro-or-template>" operator "<value-or-macro-or-template>"}; # oder mit Functions filter f_noDebug { level(emerg..info); # Schließt Debug-Nachrichten aus };

filter f_networkfilter { };

filter f_checkpoints { };

############### Rewrite Rules ###################### rewrite r_checkpoint_remove_irrelevant { subst( '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} - ', '', type("pcre"), value("MESSAGE") flags("utf8" "store-matches") );

};

############### Ziele - Destinations ############### # Ein Ziel fuer jede IP-Adresse, Jahr, Monat, Tag, etc destination d_myDestination{ file("/var/log/syslog-ng/$FULLHOST/$YEAR/$YEAR-$MONTH-$DAY.log" create_dirs(yes) ); };

destination d_testination{ file("/var/log/syslog-ng/test/$FULLHOST/$YEAR/$YEAR-$MONTH-$ DAY.log" create_dirs(yes) ); };

############### Log-Pfade ############### # log { source(s_myNetworkSource); # Fuer TCP und UDP Nachrichten von allen Clients source(s_myInternalSource); # interne Nachrichten filter(f_networkfilter); # Nur 10.27.221er, 222er, 231er und 27er Netz filter(f_noDebug); # alle außer debug destination(d_myDestination); # universal Ziel; siehe Template }; # log { # for testing purposes source(s_myNetworkSource); filter(f_checkpoints); # Nur Checkpoint-Non-Standard filter(f_noDebug); # rewrite(r_checkpoint_remove_irrelevant); destination(d_myDestination); };

# #log { # for testing purposes # source(s_myNetworkSource); # source { syslog( ip( 0.0.0.0) transport("udp") flags(syslog-protocol); }; # destination(d_testination); #};

############################## ENDE ##############################

2018-07-04 16:21 GMT+02:00 T4iga <niklastai97@gmail.com>:

...

Hi,

I uninstalled and reinstalled 3.16.1 as soon as it was available. The issue of no logging currently persists.

running syslog-ng -Fdv always ends in [2018-07-04T16:15:27.124682] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_noDebug', location='/etc/syslog-ng/syslog-ng.conf:85:19', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124696] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_checkpoints', location='/etc/syslog-ng/syslog-ng.conf:98:23', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124709] <<<<<< Source side message processing finish; instance='0.0.0.0', location='/etc/syslog-ng/syslog-ng.conf:33:2', msg='0x7ff5a40168c0' Floating point exception (core dumped)

and there are not messages writen the (local) file destination. Could this be another issue with the build or is that my config? The odd thing is i already reverted to an older config which was previously verified functional

Sincerely Niklas Deffner

2018-07-04 15:37 GMT+02:00 Niklas Deffner <niklastai97@gmail.com>:

...

Hi,

Thank you for the explanation.

Is that also the reason why logging (in my case)does not work at all in this current state, no matter the config used, even 'crashless'?

Sincerely Niklas Deffner

Am 4. Juli 2018 15:29:10 MESZ schrieb "Szemere, László" < laszlo.szemere@balabit.com>:

...

Hello T4iga, Your error message helped a lot, Thank You. It successfully leaded us here: https://github.com/balabit/syslog-ng/blob/41f7c202cb25 433feb0fa9496960599a53b58522/modules/java/native/java-class- loader.c#L51 From this @Czanik and me figured out it was a configuration/packaging error. Peter immediately created a new build, which worked well on his local machine. The opensuse building is still running: https://build.opensus e.org/package/show/home:czanik:syslog-ng316/syslog-ng , please update your packages with the finished output.

Best regards, Laci

On Wed, Jul 4, 2018 at 10:51 AM, T4iga <niklastai97@gmail.com> wrote:

> 2018-07-04 10:23 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>: > >> In order to put aside any systemd complexities, >> let's try to run syslog-ng in the foreground: >> >> export LD_LIBRARY_PATH=/usr/lib64/jvm >> /java-1.8.0-openjdk-1.8.0/jre/lib/amd64/server >> syslog-ng -Fdv >> >> What happens then? >> >> ____________________________________________________________ >> __________________ >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng >> Documentation: http://www.balabit.com/support >> /documentation/?product=syslog-ng >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq >> >> > I got an error that lead me to correct another semantic error I > made. > After correcting that it still crashes: > I suppose the initialization stuff is irrelevant as there are not > errors apart from the end: > > [2018-07-04T10:37:37.193736] Java machine new; > [2018-07-04T10:37:37.242506] Can't find class; > class_name='org/syslog_ng/SyslogNgClassLoader' > ** > ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: > assertion failed: (self->loader) > Aborted (core dumped) > > Just in case the full thing is needed: > > # syslog-ng -Fdv > [2018-07-04T10:37:37.182933] Systemd is detected as the running init > system; > [2018-07-04T10:37:37.184634] Module loaded and initialized > successfully; module='mod-java' > [2018-07-04T10:37:37.184664] Starting to read include file; > filename='/etc/syslog-ng/scl.conf', depth='1' > [2018-07-04T10:37:37.184921] Adding include file; > filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', > depth='2' > [2018-07-04T10:37:37.184927] Adding include file; > filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', > depth='2' > [2018-07-04T10:37:37.184930] Adding include file; > filename='/usr/share/syslog-ng/include/scl/cim/template.conf', > depth='2' > [2018-07-04T10:37:37.184932] Adding include file; > filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184934] Adding include file; > filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184937] Adding include file; > filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184940] Adding include file; > filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', > depth='2' > [2018-07-04T10:37:37.184942] Adding include file; > filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184945] Adding include file; > filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184947] Adding include file; > filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184951] Adding include file; > filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', > depth='2' > [2018-07-04T10:37:37.184955] Adding include file; > filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184959] Adding include file; > filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184962] Adding include file; > filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', > depth='2' > [2018-07-04T10:37:37.184966] Adding include file; > filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', > depth='2' > [2018-07-04T10:37:37.184969] Adding include file; > filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', > depth='2' > [2018-07-04T10:37:37.184972] Adding include file; > filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184975] Adding include file; > filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184978] Adding include file; > filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184981] Adding include file; > filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', > depth='2' > [2018-07-04T10:37:37.184984] Adding include file; > filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', > depth='2' > [2018-07-04T10:37:37.184988] Adding include file; > filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184991] Adding include file; > filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', > depth='2' > [2018-07-04T10:37:37.184994] Adding include file; > filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', > depth='2' > [2018-07-04T10:37:37.184998] Adding include file; > filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', > depth='2' > [2018-07-04T10:37:37.185001] Adding include file; > filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', > depth='2' > [2018-07-04T10:37:37.185007] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', > depth='2' > [2018-07-04T10:37:37.185044] Reading path for candidate modules; > path='/usr/lib64/syslog-ng' > [2018-07-04T10:37:37.185080] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libjvm.so', module='jvm' > [2018-07-04T10:37:37.185117] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libadd-contextual-data.so', > module='add-contextual-data' > [2018-07-04T10:37:37.185182] Registering candidate plugin; > module='add-contextual-data', context='parser', name='add_contextual_data' > [2018-07-04T10:37:37.185201] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libaffile.so', module='affile' > [2018-07-04T10:37:37.185271] Registering candidate plugin; > module='affile', context='source', name='file' > [2018-07-04T10:37:37.185277] Registering candidate plugin; > module='affile', context='source', name='pipe' > [2018-07-04T10:37:37.185280] Registering candidate plugin; > module='affile', context='source', name='wildcard_file' > [2018-07-04T10:37:37.185283] Registering candidate plugin; > module='affile', context='source', name='stdin' > [2018-07-04T10:37:37.185286] Registering candidate plugin; > module='affile', context='destination', name='file' > [2018-07-04T10:37:37.185289] Registering candidate plugin; > module='affile', context='destination', name='pipe' > [2018-07-04T10:37:37.185303] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libafmongodb.so', > module='afmongodb' > [2018-07-04T10:37:37.185613] Registering candidate plugin; > module='afmongodb', context='destination', name='mongodb' > [2018-07-04T10:37:37.185640] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libafprog.so', module='afprog' > [2018-07-04T10:37:37.185702] Registering candidate plugin; > module='afprog', context='source', name='program' > [2018-07-04T10:37:37.185707] Registering candidate plugin; > module='afprog', context='destination', name='program' > [2018-07-04T10:37:37.185720] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libafsocket.so', > module='afsocket' > [2018-07-04T10:37:37.185867] Registering candidate plugin; > module='afsocket', context='source', name='unix-stream' > [2018-07-04T10:37:37.185872] Registering candidate plugin; > module='afsocket', context='destination', name='unix-stream' > [2018-07-04T10:37:37.185876] Registering candidate plugin; > module='afsocket', context='source', name='unix-dgram' > [2018-07-04T10:37:37.185879] Registering candidate plugin; > module='afsocket', context='destination', name='unix-dgram' > [2018-07-04T10:37:37.185883] Registering candidate plugin; > module='afsocket', context='source', name='tcp' > [2018-07-04T10:37:37.185886] Registering candidate plugin; > module='afsocket', context='destination', name='tcp' > [2018-07-04T10:37:37.185889] Registering candidate plugin; > module='afsocket', context='source', name='tcp6' > [2018-07-04T10:37:37.185892] Registering candidate plugin; > module='afsocket', context='destination', name='tcp6' > [2018-07-04T10:37:37.185896] Registering candidate plugin; > module='afsocket', context='source', name='udp' > [2018-07-04T10:37:37.185899] Registering candidate plugin; > module='afsocket', context='destination', name='udp' > [2018-07-04T10:37:37.185902] Registering candidate plugin; > module='afsocket', context='source', name='udp6' > [2018-07-04T10:37:37.185906] Registering candidate plugin; > module='afsocket', context='destination', name='udp6' > [2018-07-04T10:37:37.185909] Registering candidate plugin; > module='afsocket', context='source', name='syslog' > [2018-07-04T10:37:37.185912] Registering candidate plugin; > module='afsocket', context='destination', name='syslog' > [2018-07-04T10:37:37.185915] Registering candidate plugin; > module='afsocket', context='source', name='network' > [2018-07-04T10:37:37.185921] Registering candidate plugin; > module='afsocket', context='destination', name='network' > [2018-07-04T10:37:37.185924] Registering candidate plugin; > module='afsocket', context='source', name='systemd-syslog' > [2018-07-04T10:37:37.185951] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libafstomp.so', module='afstomp' > [2018-07-04T10:37:37.186009] Registering candidate plugin; > module='afstomp', context='destination', name='stomp' > [2018-07-04T10:37:37.186024] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libafuser.so', module='afuser' > [2018-07-04T10:37:37.186077] Registering candidate plugin; > module='afuser', context='destination', name='usertty' > [2018-07-04T10:37:37.186090] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libappmodel.so', > module='appmodel' > [2018-07-04T10:37:37.186142] Registering candidate plugin; > module='appmodel', context='root', name='application' > [2018-07-04T10:37:37.186147] Registering candidate plugin; > module='appmodel', context='parser', name='app-parser' > [2018-07-04T10:37:37.186159] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libbasicfuncs.so', > module='basicfuncs' > [2018-07-04T10:37:37.186227] Registering candidate plugin; > module='basicfuncs', context='template-func', name='grep' > [2018-07-04T10:37:37.186232] Registering candidate plugin; > module='basicfuncs', context='template-func', name='if' > [2018-07-04T10:37:37.186235] Registering candidate plugin; > module='basicfuncs', context='template-func', name='or' > [2018-07-04T10:37:37.186239] Registering candidate plugin; > module='basicfuncs', context='template-func', name='context-lookup' > [2018-07-04T10:37:37.186242] Registering candidate plugin; > module='basicfuncs', context='template-func', name='context-length' > [2018-07-04T10:37:37.186246] Registering candidate plugin; > module='basicfuncs', context='template-func', name='context-values' > [2018-07-04T10:37:37.186249] Registering candidate plugin; > module='basicfuncs', context='template-func', name='echo' > [2018-07-04T10:37:37.186252] Registering candidate plugin; > module='basicfuncs', context='template-func', name='length' > [2018-07-04T10:37:37.186256] Registering candidate plugin; > module='basicfuncs', context='template-func', name='substr' > [2018-07-04T10:37:37.186259] Registering candidate plugin; > module='basicfuncs', context='template-func', name='strip' > [2018-07-04T10:37:37.186262] Registering candidate plugin; > module='basicfuncs', context='template-func', name='sanitize' > [2018-07-04T10:37:37.186265] Registering candidate plugin; > module='basicfuncs', context='template-func', name='lowercase' > [2018-07-04T10:37:37.186269] Registering candidate plugin; > module='basicfuncs', context='template-func', name='uppercase' > [2018-07-04T10:37:37.186272] Registering candidate plugin; > module='basicfuncs', context='template-func', name='replace-delimiter' > [2018-07-04T10:37:37.186276] Registering candidate plugin; > module='basicfuncs', context='template-func', name='padding' > [2018-07-04T10:37:37.186279] Registering candidate plugin; > module='basicfuncs', context='template-func', name='binary' > [2018-07-04T10:37:37.186282] Registering candidate plugin; > module='basicfuncs', context='template-func', name='dirname' > [2018-07-04T10:37:37.186285] Registering candidate plugin; > module='basicfuncs', context='template-func', name='basename' > [2018-07-04T10:37:37.186289] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-concat' > [2018-07-04T10:37:37.186292] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-head' > [2018-07-04T10:37:37.186295] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-nth' > [2018-07-04T10:37:37.186299] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-tail' > [2018-07-04T10:37:37.186302] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-slice' > [2018-07-04T10:37:37.186306] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-count' > [2018-07-04T10:37:37.186309] Registering candidate plugin; > module='basicfuncs', context='template-func', name='list-append' > [2018-07-04T10:37:37.186312] Registering candidate plugin; > module='basicfuncs', context='template-func', name='+' > [2018-07-04T10:37:37.186315] Registering candidate plugin; > module='basicfuncs', context='template-func', name='-' > [2018-07-04T10:37:37.186319] Registering candidate plugin; > module='basicfuncs', context='template-func', name='*' > [2018-07-04T10:37:37.186322] Registering candidate plugin; > module='basicfuncs', context='template-func', name='/' > [2018-07-04T10:37:37.186325] Registering candidate plugin; > module='basicfuncs', context='template-func', name='%' > [2018-07-04T10:37:37.186328] Registering candidate plugin; > module='basicfuncs', context='template-func', name='sum' > [2018-07-04T10:37:37.186332] Registering candidate plugin; > module='basicfuncs', context='template-func', name='min' > [2018-07-04T10:37:37.186335] Registering candidate plugin; > module='basicfuncs', context='template-func', name='max' > [2018-07-04T10:37:37.186338] Registering candidate plugin; > module='basicfuncs', context='template-func', name='average' > [2018-07-04T10:37:37.186341] Registering candidate plugin; > module='basicfuncs', context='template-func', name='ipv4-to-int' > [2018-07-04T10:37:37.186345] Registering candidate plugin; > module='basicfuncs', context='template-func', name='indent-multi-line' > [2018-07-04T10:37:37.186348] Registering candidate plugin; > module='basicfuncs', context='template-func', name='env' > [2018-07-04T10:37:37.186351] Registering candidate plugin; > module='basicfuncs', context='template-func', name='template' > [2018-07-04T10:37:37.186355] Registering candidate plugin; > module='basicfuncs', context='template-func', name='urlencode' > [2018-07-04T10:37:37.186367] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libcef.so', module='cef' > [2018-07-04T10:37:37.186418] Registering candidate plugin; > module='cef', context='template-func', name='format-cef-extension' > [2018-07-04T10:37:37.186430] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libconfgen.so', module='confgen' > [2018-07-04T10:37:37.186486] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libcryptofuncs.so', > module='cryptofuncs' > [2018-07-04T10:37:37.186538] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='uuid' > [2018-07-04T10:37:37.186543] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='hash' > [2018-07-04T10:37:37.186547] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='sha1' > [2018-07-04T10:37:37.186550] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='sha256' > [2018-07-04T10:37:37.186554] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='sha512' > [2018-07-04T10:37:37.186561] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='md4' > [2018-07-04T10:37:37.186565] Registering candidate plugin; > module='cryptofuncs', context='template-func', name='md5' > [2018-07-04T10:37:37.186576] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libcsvparser.so', > module='csvparser' > [2018-07-04T10:37:37.186628] Registering candidate plugin; > module='csvparser', context='parser', name='csv-parser' > [2018-07-04T10:37:37.186641] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libdate.so', module='date' > [2018-07-04T10:37:37.186693] Registering candidate plugin; > module='date', context='parser', name='date-parser' > [2018-07-04T10:37:37.186705] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libdbparser.so', > module='dbparser' > [2018-07-04T10:37:37.186777] Registering candidate plugin; > module='dbparser', context='parser', name='db-parser' > [2018-07-04T10:37:37.186782] Registering candidate plugin; > module='dbparser', context='parser', name='grouping-by' > [2018-07-04T10:37:37.186795] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libdisk-buffer.so', > module='disk-buffer' > [2018-07-04T10:37:37.186849] Registering candidate plugin; > module='disk-buffer', context='inner-dest', name='disk_buffer' > [2018-07-04T10:37:37.186863] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libgraphite.so', > module='graphite' > [2018-07-04T10:37:37.186911] Registering candidate plugin; > module='graphite', context='template-func', name='graphite_output' > [2018-07-04T10:37:37.186924] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libhook-commands.so', > module='hook-commands' > [2018-07-04T10:37:37.186974] Registering candidate plugin; > module='hook-commands', context='inner-dest', name='hook-commands' > [2018-07-04T10:37:37.186979] Registering candidate plugin; > module='hook-commands', context='inner-src', name='hook-commands' > [2018-07-04T10:37:37.186990] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libjson-plugin.so', > module='json-plugin' > [2018-07-04T10:37:37.187083] Registering candidate plugin; > module='json-plugin', context='parser', name='json-parser' > [2018-07-04T10:37:37.187088] Registering candidate plugin; > module='json-plugin', context='template-func', name='format_json' > [2018-07-04T10:37:37.187105] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libkvformat.so', > module='kvformat' > [2018-07-04T10:37:37.187159] Registering candidate plugin; > module='kvformat', context='parser', name='kv-parser' > [2018-07-04T10:37:37.187164] Registering candidate plugin; > module='kvformat', context='parser', name='linux-audit-parser' > [2018-07-04T10:37:37.187168] Registering candidate plugin; > module='kvformat', context='template-func', name='format-welf' > [2018-07-04T10:37:37.187179] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='liblinux-kmsg-format.so', > module='linux-kmsg-format' > [2018-07-04T10:37:37.187229] Registering candidate plugin; > module='linux-kmsg-format', context='format', name='linux-kmsg' > [2018-07-04T10:37:37.187242] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libmap-value-pairs.so', > module='map-value-pairs' > [2018-07-04T10:37:37.187293] Registering candidate plugin; > module='map-value-pairs', context='parser', name='map_value_pairs' > [2018-07-04T10:37:37.187306] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libpseudofile.so', > module='pseudofile' > [2018-07-04T10:37:37.187358] Registering candidate plugin; > module='pseudofile', context='destination', name='pseudofile' > [2018-07-04T10:37:37.187371] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libsdjournal.so', > module='sdjournal' > [2018-07-04T10:37:37.187425] Registering candidate plugin; > module='sdjournal', context='source', name='systemd-journal' > [2018-07-04T10:37:37.187438] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libsnmptrapd-parser.so', > module='snmptrapd-parser' > [2018-07-04T10:37:37.187489] Registering candidate plugin; > module='snmptrapd-parser', context='parser', name='snmptrapd-parser' > [2018-07-04T10:37:37.187502] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libstardate.so', > module='stardate' > [2018-07-04T10:37:37.187553] Registering candidate plugin; > module='stardate', context='template-func', name='stardate' > [2018-07-04T10:37:37.187566] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libsyslogformat.so', > module='syslogformat' > [2018-07-04T10:37:37.187618] Registering candidate plugin; > module='syslogformat', context='format', name='syslog' > [2018-07-04T10:37:37.187624] Registering candidate plugin; > module='syslogformat', context='parser', name='syslog-parser' > [2018-07-04T10:37:37.187635] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libsystem-source.so', > module='system-source' > [2018-07-04T10:37:37.187684] Registering candidate plugin; > module='system-source', context='source', name='system' > [2018-07-04T10:37:37.187697] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libtags-parser.so', > module='tags-parser' > [2018-07-04T10:37:37.187747] Registering candidate plugin; > module='tags-parser', context='parser', name='tags-parser' > [2018-07-04T10:37:37.187760] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libtfgetent.so', > module='tfgetent' > [2018-07-04T10:37:37.187809] Registering candidate plugin; > module='tfgetent', context='template-func', name='getent' > [2018-07-04T10:37:37.187821] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libxml.so', module='xml' > [2018-07-04T10:37:37.187873] Registering candidate plugin; > module='xml', context='parser', name='xml' > [2018-07-04T10:37:37.187886] Reading shared object for a candidate > module; path='/usr/lib64/syslog-ng', fname='libmod-java.so', > module='mod-java' > [2018-07-04T10:37:37.187891] Registering candidate plugin; > module='mod-java', context='options', name='jvm_options' > [2018-07-04T10:37:37.187896] Registering candidate plugin; > module='mod-java', context='destination', name='java' > [2018-07-04T10:37:37.187948] Finishing include; > filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', > depth='2' > [2018-07-04T10:37:37.187961] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', > depth='2' > [2018-07-04T10:37:37.188052] Module loaded and initialized > successfully; module='appmodel' > [2018-07-04T10:37:37.188086] Finishing include; > filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', > depth='2' > [2018-07-04T10:37:37.188098] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/cim/template.conf', > depth='2' > [2018-07-04T10:37:37.188223] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.188348] Finishing include; > filename='/usr/share/syslog-ng/include/scl/cim/template.conf', > depth='2' > [2018-07-04T10:37:37.188362] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188486] Finishing include; > filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188497] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188579] Finishing include; > filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188590] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188623] Attempted to register the same plugin > multiple times, dropping the old one; context='parser', name='json-parser' > [2018-07-04T10:37:37.188629] Attempted to register the same plugin > multiple times, dropping the old one; context='template-func', > name='format_json' > [2018-07-04T10:37:37.188632] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.188760] Finishing include; > filename='/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf', > depth='2' > [2018-07-04T10:37:37.188770] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', > depth='2' > [2018-07-04T10:37:37.188822] Attempted to register the same plugin > multiple times, dropping the old one; context='parser', name='json-parser' > [2018-07-04T10:37:37.188827] Attempted to register the same plugin > multiple times, dropping the old one; context='template-func', > name='format_json' > [2018-07-04T10:37:37.188830] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.189032] Finishing include; > filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', > depth='2' > [2018-07-04T10:37:37.189043] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189093] Finishing include; > filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189103] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189137] Attempted to register the same plugin > multiple times, dropping the old one; context='parser', name='json-parser' > [2018-07-04T10:37:37.189142] Attempted to register the same plugin > multiple times, dropping the old one; context='template-func', > name='format_json' > [2018-07-04T10:37:37.189145] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.189284] Module loaded and initialized > successfully; module='basicfuncs' > [2018-07-04T10:37:37.189316] Finishing include; > filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189328] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189403] Finishing include; > filename='/usr/share/syslog-ng/include/scl/hdfs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189413] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', > depth='2' > [2018-07-04T10:37:37.189478] Finishing include; > filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', > depth='2' > [2018-07-04T10:37:37.189488] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189548] Finishing include; > filename='/usr/share/syslog-ng/include/scl/kafka/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189558] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189681] Module loaded and initialized > successfully; module='confgen' > [2018-07-04T10:37:37.189703] Finishing include; > filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', > depth='2' > [2018-07-04T10:37:37.189715] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', > depth='2' > [2018-07-04T10:37:37.189776] Attempted to register the same plugin > multiple times, dropping the old one; context='parser', name='json-parser' > [2018-07-04T10:37:37.189781] Attempted to register the same plugin > multiple times, dropping the old one; context='template-func', > name='format_json' > [2018-07-04T10:37:37.189785] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.189815] Finishing include; > filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', > depth='2' > [2018-07-04T10:37:37.189825] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', > depth='2' > [2018-07-04T10:37:37.189893] Attempted to register the same plugin > multiple times, dropping the old one; context='parser', name='json-parser' > [2018-07-04T10:37:37.189897] Attempted to register the same plugin > multiple times, dropping the old one; context='template-func', > name='format_json' > [2018-07-04T10:37:37.189900] Module loaded and initialized > successfully; module='json-plugin' > [2018-07-04T10:37:37.189926] Finishing include; > filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', > depth='2' > [2018-07-04T10:37:37.189936] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', > depth='2' > [2018-07-04T10:37:37.189980] Finishing include; > filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', > depth='2' > [2018-07-04T10:37:37.189990] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190038] Finishing include; > filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190048] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190136] Finishing include; > filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190146] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190189] Finishing include; > filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190198] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', > depth='2' > [2018-07-04T10:37:37.190246] Global value changed; > define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3} > )?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{ > 13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' > [2018-07-04T10:37:37.190280] Finishing include; > filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', > depth='2' > [2018-07-04T10:37:37.190289] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', > depth='2' > [2018-07-04T10:37:37.190340] Finishing include; > filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', > depth='2' > [2018-07-04T10:37:37.190350] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190400] Finishing include; > filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190410] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', > depth='2' > [2018-07-04T10:37:37.190472] Finishing include; > filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', > depth='2' > [2018-07-04T10:37:37.190482] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190539] Module loaded and initialized > successfully; module='confgen' > [2018-07-04T10:37:37.190545] Finishing include; > filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190554] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190593] Finishing include; > filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190601] Starting to read include file; > filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190643] Finishing include; > filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', > depth='2' > [2018-07-04T10:37:37.190661] Global value changed; > define='java-module-dir', value='/usr/lib64/syslog-ng/java-modules' > [2018-07-04T10:37:37.190667] Finishing include; > filename='/etc/syslog-ng/scl.conf', depth='1' > [2018-07-04T10:37:37.190862] Module loaded and initialized > successfully; module='system-source' > [2018-07-04T10:37:37.190952] Module loaded and initialized > successfully; module='sdjournal' > [2018-07-04T10:37:37.190996] Finishing include; content='parser > generator app-parser', depth='2' > [2018-07-04T10:37:37.191184] Module loaded and initialized > successfully; module='kvformat' > [2018-07-04T10:37:37.191201] Finishing include; content='block > parser iptables-parser() at /usr/share/syslog-ng/include/scl/iptables/iptables.conf:23', > depth='3' > [2018-07-04T10:37:37.191329] Module loaded and initialized > successfully; module='csvparser' > [2018-07-04T10:37:37.191357] Finishing include; content='block > parser sudo-parser() at /usr/share/syslog-ng/include/scl/sudo/sudo.conf:23', > depth='3' > [2018-07-04T10:37:37.191380] Finishing include; content='parser > generator app-parser', depth='2' > [2018-07-04T10:37:37.191404] Finishing include; content='source > generator system', depth='1' > [2018-07-04T10:37:37.191591] Module loaded and initialized > successfully; module='afsocket' > [2018-07-04T10:37:37.192042] Module loaded and initialized > successfully; module='dbparser' > [2018-07-04T10:37:37.192158] Module loaded and initialized > successfully; module='affile' > [2018-07-04T10:37:37.192370] Finishing include; content='block > destination elasticsearch2() at /usr/share/syslog-ng/include/s > cl/elasticsearch/plugin.conf:59', depth='1' > [2018-07-04T10:37:37.192738] Module loaded and initialized > successfully; module='syslogformat' > [2018-07-04T10:37:37.192935] Accepting connections; addr='AF_INET( > 0.0.0.0:601)' > [2018-07-04T10:37:37.192970] Accepting connections; addr='AF_INET( > 0.0.0.0:514)' > [2018-07-04T10:37:37.193423] Seeking the journal to the last cursor > position; cursor='s=df2c9187264b4bb0a3ad > dd9aa8fc2c71;i=6d55c;b=4458f1142e1f48c0895f522ab1182866;m=87 > d9f8fec7;t=57028562edb9b;x=4373623fa660b876' > [2018-07-04T10:37:37.193676] Log pattern database reloaded; > file='/opt/syslog-ng/etc/patterndb.xml', version='3', > pub_date='2010-07-13' > [2018-07-04T10:37:37.193712] Processing the time zone file (32bit > part); filename='/usr/share/zoneinfo/UTC' > [2018-07-04T10:37:37.193736] Java machine new; > [2018-07-04T10:37:37.242506] Can't find class; > class_name='org/syslog_ng/SyslogNgClassLoader' > ** > ERROR:modules/java/native/java_machine.c:206:java_machine_get_class_loader: > assertion failed: (self->loader) > Aborted (core dumped) > > > > > > ____________________________________________________________ > __________________ > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng > Documentation: http://www.balabit.com/support > /documentation/?product=syslog-ng > FAQ: http://www.balabit.com/wiki/syslog-ng-faq > > >

-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hi Fabien Wernli, yes, as per my mail from 2018-07-04T16:21 running syslog-ng -Fdv always ends in [2018-07-04T16:15:27.124682] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_noDebug', location='/etc/syslog-ng/syslog-ng.conf:85:19', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124696] <<<<<< filter rule evaluation result; result='MATCH - Forwarding message to the next LogPipe', rule='f_checkpoints', location='/etc/syslog-ng/syslog-ng.conf:98:23', msg='0x7ff5a40168c0' [2018-07-04T16:15:27.124709] <<<<<< Source side message processing finish; instance='0.0.0.0', location='/etc/syslog-ng/syslog-ng.conf:33:2', msg='0x7ff5a40168c0' Floating point exception (core dumped) I have recently sent a mail containint the dump file i could not open with gdb which has to be review by a mod because the dump is 240k in size exceeding the 200k unmoderated limit. Sincerely Niklas Deffner PS: Thank you for all the gratious help and time you spent on helping me so far, @everyone. 2018-07-05 9:53 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

On Wed, Jul 04, 2018 at 05:32:29PM +0200, T4iga wrote:

...

Hi,

as per this: https://www.syslog-ng.com/syslog-ng-faq/ I ran ulimit -c unlimited syslog-ng -Fdv so it should place the core dump in the current locatioin which it doesn't. I checked the suggested path to but it is not there so I am currently unable to provide you with the back trace.

does it say "core dumped" or not?

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hi Fabien Wernli, it says sysctl kernel.core_pattern kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %e Sincerely Niklas Deffner 2018-07-05 11:03 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

What does the following command say:

sysctl kernel.core_pattern

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Hello, I successfully reproduced the crash with your configuration. The problem was in the *padding* template function, and has nothing to do with the earlier java problems. If you intended to use the default (space) character for padding, you don't have to provide the third argument to the function. (Or provide the space character explicitly: *'' -> ' '*) The problem exist, because in the padding function we divide with the length of the provided padding string https://github.com/balabit/syslog-ng/blob/aa88bba2a9158fb6401bc260e0a58d7784... I will create a pull request to correct it. Br, Laci On Thu, Jul 5, 2018 at 11:16 AM, Fabien Wernli <wernli@in2p3.fr> wrote:

On Thu, Jul 05, 2018 at 11:05:21AM +0200, T4iga wrote:

...

Hi Fabien Wernli,

it says sysctl kernel.core_pattern kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %e

Oh my...

At least we now know who takes care of your core file! Reading https://www.freedesktop.org/software/systemd/man/systemd-coredump.html will probably help

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq