[syslog-ng] Issues running syslog-ng-ctl program locally to determine logging issues

[Andrew Bell]

Also would like to throw out that I am open to using strace or some other debug hook program to figure out the cause here if that would help better, just would like a pointer as to how I would go about using it to identify dropped logs. I don't believe running syslog-ng with the debug setting on its own indicates if a logged event has been dropped or not (but I suppose it could indicate that the log never made its way over).

Thanks,
Andrew

From: Andrew Bell
Sent: Wednesday, April 15, 2015 11:55 AM
To: syslog-ng at lists.balabit.hu
Subject: Issues running syslog-ng-ctl program locally to determine logging issues

Hello,

Wondering if someone can help me with an issue that I am currently having. I am running syslog-ng as a local non-root user (I have it installed to a local instance under my home directory) and am trying to use the syslog-ng-ctl program in order to diagnose why certain log files are not passing through syslog-ng to their log destination (trying to rule out if it is a problem with the location where the logs originate OR if there is an issue with the syslog-ng setup and it is dropping or otherwise failing to forward those incoming logs). However, when I try to run syslog-ng-ctl under my local account I get the following error, where it appears to reference a control socket that is located in a directory that is owned and operated by the root account (I should note that I am unable to sudo as root with my setup on the system).

/home/abell/syslog-ng-install/opt/syslog-ng/sbin$ ./syslog-ng-ctl verbose
Error connecting control socket, socket='/opt/syslog-ng/var/run/syslog-ng.ctl', error='No such file or directory'
This type of error above is also appearing when I run syslog-ng program itself with the debug ('-d -v') options set
Error opening control socket, bind() failed; socket='/opt/syslog-ng/var/run/syslog-ng.ctl', error='No such file or directory (2)'

I did some searching online and did find some manuals on syslog-ng-ctl that said I could specify a different directory where the control socket resides to one that isn't in the root directory using the "-c" flag. This mailing list post also mentioned that running a local instance of syslog-ng-ctl should automatically create a local instance of the control socket file located in the /var directory where the local instance resides (so in my case, I imagine it would be /home/abell/syslog-ng-install/var ???). Here's the reference link -> https://lists.balabit.hu/pipermail/syslog-ng/2009-June/013027.html - there weren't any next messages to this thread so it is difficult to tell if this solution worked for the original author here or not...

So I created that "/var" directory as he suggested but I still don't see the .ctl file created when I go to stop and restart syslog-ng ... and so I don't really have anything  to specify for the "-c" option as an alternative. I tried touching the control socket file in that directory as a zero byte file, but still nothing

/home/abell/syslog-ng-install/opt/syslog-ng/var$ touch syslog-ng.ctl
/home/abell/syslog-ng-install/opt/syslog-ng/var$ cd ..
/home/abell/syslog-ng-install/opt/syslog-ng$ cd sbin
/home/abell/syslog-ng-install/opt/syslog-ng/sbin$ ./syslog-ng-ctl verbose --set=on -c /home/abell/syslog-ng-install/opt/syslog-ng/var/syslog-ng.ctl
Error connecting control socket, socket='/home/abell/syslog-ng-install/opt/syslog-ng/var/syslog-ng.ctl', error='Connection refused'

Any ideas as to how I can get this control socket file created on my local syslog-ng - or if I can tell syslog-ng itself to specify spinning up the control socket file itself in a different location than the root one? I'd really like to be able to use this tool to figure out what is going on with my syslog-ng setup. Let me know if there's any other details or information that I can provide.
Thanks,
Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150415/d218db6b/attachment-0001.htm