[syslog-ng] Background/foreground problem

Mon Mar 17 15:41:18 CET 2014

Are you starting the foreground syslog-ng with the syslog user or maybe as root? Maybe it’s just a little permission problem.

Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Hardcastle, Iain (CBC - Hamilton)
Gesendet: Montag, 17. März 2014 15:24
An: syslog-ng at lists.balabit.hu
Betreff: [syslog-ng] Background/foreground problem

Hi all,

Odd one I’ve come across, cant find any clues on the web so figured I’d post here.

Trying to get syslog-ng integrated into the Observium NMS package. Not sure whether the problem lies with syslog-ng, PHP or the sucking of data into Observium. Let me explain:

With syslog-ng started in foreground mode ‘syslog-ng -Fevd’ everything works as expected. I see syslog packets coming in via tcpdump, I see the log flash up on the terminal and it correctly routes into the right part of the Observium front end.

With syslog-ng started as a daemon (from boot - the desired config setup - or with ‘service syslog-ng start’), nothing gets to Observium. I can still see the syslog packets in tcpdump obviously but I’m blind as to what happens to the messages after that.

One thing I have noticed is that when running syslog-ng in foreground mode, I see “Starting destination program; cmdline='/opt/observium/syslog.php'” in the startup messages and a corresponding process in the ‘ps –lax’ output “php /opt/observium/syslog.php”

With syslog-ng started as a daemon, I do not see this php process in the ps output..

Bit stuck as to where to look next. Has anyone seen this behavior before?

Centos6.5 and standard packages and configs. System works great otherwise. Syslog-ng config file in its entirety below:

options {
        chain_hostnames(0);
        flush_lines (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (no);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (1);
};

source s_net {
        udp();
};

destination d_observium {
        program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MS
G||$PROGRAM\n") template-escape(yes));
};
log {
        source(s_net);
        destination(d_observium);
};

Any ideas?

iain

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about<http://www.deloitte.com/about> for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140317/c6f41fcb/attachment.htm 