[syslog-ng] Forwarding system startup messages

Saurabh Shukla saurabh at purestorage.com
Mon Aug 24 03:47:35 CEST 2015


I don't think clearing kernel buffers is an issue here since syslog-ng is
seeing the kernel messages during system boot up and logging them to
/var/log/syslog. However, it fails to forward them to the remote server. So
there is some issue with buffering messages for the remote destination.

-- Saurabh

On Sat, Aug 22, 2015 at 12:00 PM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

> Hmm. You don't even use /dev/kmsg or system, so this setup should work.
> Don't you happen to run anything that could read /proc/kmsg or clear the
> kernel ringbuffer behind the backs of syslog-ng?
> On Aug 22, 2015 8:11 PM, "Saurabh Shukla" <saurabh at purestorage.com> wrote:
>
>> Can you show your source declaration?
>>
>> I am using the syslog-ng.conf from here -
>> https://github.com/balabit/syslog-ng/blob/syslog-ng-3.6.4/debian/syslog-ng.conf
>>
>> Do you use systemd journal?
>>
>> No.
>>
>>
>> On Sat, Aug 22, 2015 at 3:10 AM, Scheidler, Balázs <
>> balazs.scheidler at balabit.com> wrote:
>>
>>> Can you show your source declaration? Do you use systemd journal?
>>> On Aug 22, 2015 2:56 AM, "Saurabh Shukla" <saurabh at purestorage.com>
>>> wrote:
>>>
>>>> I am running syslog-ng 3.6.4 and I have the following destination and
>>>> log path configured that forwards all messages to the destination:
>>>>
>>>> destination remote {
>>>>     network("remote.example.com" port(514) transport(tcp)
>>>> log_fifo_size(2048));
>>>> };
>>>> log { source(s_all); destination(remote); flags(flow-control);};
>>>>
>>>> When the system reboots, I see that startup messages from the kernel
>>>> are logged into /var/log/syslog.
>>>> syslog-ng establishes a connection to the remote destination around 10
>>>> sec after the first message was logged into /var/log/syslog. However, it
>>>> fails to forward any message that was logged into /var/log/syslog during
>>>> the first 10 seconds even though I have the output buffer and flow control
>>>> configured.
>>>>
>>>> Is this a bug in syslog-ng or am I missing some configuration steps?
>>>>
>>>> Thanks,
>>>> -- Saurabh
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150823/599ee8cd/attachment.htm 


More information about the syslog-ng mailing list