[syslog-ng] Background/foreground problem

Hardcastle, Iain (CBC - Hamilton) iain.hardcastle at deloitte.bm
Mon Mar 17 17:19:28 CET 2014


Thanks for the response – that was the first thing I thought of, though.

There is no syslog user and:

root      4881     1  0 11:13 ?        00:00:00 supervising syslog-ng
root      4882  4881  5 11:13 ?        00:00:00 syslog-ng -p /var/run/syslog-ng.pid
root      7929  4882  0 11:13 ?        00:00:00 syslog-ng -p /var/run/syslog-ng.pid

from when it’s being run as a daemon.

I carried on working on it and it seems one of the dark mechanisms of SELINUX was preventing this functionality. I disabled SELINUX, rebooted and all works as it should now. Presumably SELINUX was preventing processes from spawning others…

So thanks for taking a look anyway!

iain

From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Daniel Neubacher
Sent: Monday, March 17, 2014 2:41 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Background/foreground problem

Are you starting the foreground syslog-ng with the syslog user or maybe as root? Maybe it’s just a little permission problem.

Von: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Hardcastle, Iain (CBC - Hamilton)
Gesendet: Montag, 17. März 2014 15:24
An: syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>
Betreff: [syslog-ng] Background/foreground problem

Hi all,

Odd one I’ve come across, cant find any clues on the web so figured I’d post here.

Trying to get syslog-ng integrated into the Observium NMS package. Not sure whether the problem lies with syslog-ng, PHP or the sucking of data into Observium. Let me explain:

With syslog-ng started in foreground mode ‘syslog-ng -Fevd’ everything works as expected. I see syslog packets coming in via tcpdump, I see the log flash up on the terminal and it correctly routes into the right part of the Observium front end.

With syslog-ng started as a daemon (from boot - the desired config setup - or with ‘service syslog-ng start’), nothing gets to Observium. I can still see the syslog packets in tcpdump obviously but I’m blind as to what happens to the messages after that.

One thing I have noticed is that when running syslog-ng in foreground mode, I see “Starting destination program; cmdline='/opt/observium/syslog.php'” in the startup messages and a corresponding process in the ‘ps –lax’ output “php /opt/observium/syslog.php”

With syslog-ng started as a daemon, I do not see this php process in the ps output..

Bit stuck as to where to look next. Has anyone seen this behavior before?

Centos6.5 and standard packages and configs. System works great otherwise. Syslog-ng config file in its entirety below:

options {
        chain_hostnames(0);
        flush_lines (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (no);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (1);
};

source s_net {
        udp();
};

destination d_observium {
        program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MS
G||$PROGRAM\n") template-escape(yes));
};
log {
        source(s_net);
        destination(d_observium);
};

Any ideas?

iain

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about<http://www.deloitte.com/about> for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

 
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see http://www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140317/dbeef914/attachment.htm 


More information about the syslog-ng mailing list