[syslog-ng] SSL Problem after update
Ivan Adji - Krstev
akivanradix at gmail.com
Fri Apr 22 00:39:58 CEST 2016
in scl.conf file there is nothing except this line
*@include 'scl/*/*.conf'*
So i don't think so.? I get your point that tls on port 6514 may be used
twice but can't find anything like that ... it is the same config file
that i have used before removing the old version and putting the new
one. From 3.5 to 3.8.
On 04/21/2016 08:58 PM, Scot Needy wrote:
> All of my conf files are included in scl.conf is scl.conf and @include
> "/etc/syslog-ng/conf.d/*.conf loading the same module twice ?
>
>> On Apr 21, 2016, at 1:58 PM, Ivan Adji - Krstev
>> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>
>> Hi yes i start to put the file but i have some other problems...
>> anyway here it's the config file ( syslog-ng.conf )
>>
>>
>> @version:3.8
>> @include "scl.conf"
>>
>> # syslog-ng configuration file.
>> #
>> # This should behave pretty much like the original syslog on RedHat. But
>> # it could be configured a lot smarter.
>> #
>> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>> #
>> # Note: it also sources additional configuration files (*.conf)
>> # located in /etc/syslog-ng/conf.d/
>>
>>
>> options {
>> flush_lines (0);
>> time_reopen (10);
>> log_fifo_size (1000);
>> #
>> log_iw_size(100);
>> log_fetch_limit(100);
>> #
>> chain_hostnames (off);
>> use_dns (no);
>> use_fqdn (no);
>> create_dirs (no);
>> keep_hostname (yes);
>> };
>>
>> source s_sys {
>> system();
>> #unix-stream("/dev/log");
>> internal();
>> network(
>> port(6514)
>> # tcp(port(5140));
>> # file("/proc/kmsg" log_prefix("kernel: "));
>> transport("tls")
>> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>> ca_dir("/etc/syslog-ng/ca.d"))
>> );
>> };
>>
>>
>> destination d_mongodb {
>> mongodb(
>> servers("localhost:27017")
>> # database("syslog")
>> uri('mongodb://localhost/syslog-ng'
>> <mongodb://localhost/syslog-ng%27>)
>> collection("messages")
>> value-pairs(
>> scope("selected-macros" "nv-pairs" "sdata")
>> )
>> );
>> };
>>
>>
>>
>>
>>
>> destination d_cons { file("/dev/console"); };
>> destination d_mesg { file("/var/log/messages"); };
>> destination d_auth { file("/var/log/secure"); };
>> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
>> destination d_spol { file("/var/log/spooler"); };
>> destination d_boot { file("/var/log/boot.log"); };
>> destination d_cron { file("/var/log/cron"); };
>> destination d_kern { file("/var/log/kern"); };
>> destination d_mlal { usertty("*"); };
>>
>> filter f_kernel { facility(kern); };
>> filter f_default { level(info..emerg) and
>> not (facility(mail)
>> or facility(authpriv)
>> or facility(cron)); };
>> filter f_auth { facility(authpriv); };
>> filter f_mail { facility(mail); };
>> filter f_emergency { level(emerg); };
>> filter f_news { facility(uucp) or
>> (facility(news)
>> and level(crit..emerg)); };
>> filter f_boot { facility(local7); };
>> filter f_cron { facility(cron); };
>>
>> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
>> log { source(s_sys); filter(f_kernel); destination(d_mongodb); };
>> log { source(s_sys); filter(f_default); destination(d_mongodb); };
>> log { source(s_sys); filter(f_auth); destination(d_mongodb); };
>> log { source(s_sys); filter(f_mail); destination(d_mongodb); };
>> log { source(s_sys); filter(f_emergency); destination(d_mongodb); };
>> log { source(s_sys); filter(f_news); destination(d_mongodb); };
>> log { source(s_sys); filter(f_boot); destination(d_mongodb); };
>> log { source(s_sys); filter(f_cron); destination(d_mongodb); };
>>
>>
>> log { source(s_sys); destination(d_mongodb); };
>>
>> # Source additional configuration files (.conf extension only)
>> @include "/etc/syslog-ng/conf.d/*.conf"
>>
>>
>> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
>>
>>
>>
>>
>>
>>
>>
>> On 04/21/2016 06:12 PM, Scot Needy wrote:
>>> Or the module does not die on stop and tries to start another.
>>>
>>>> On Apr 21, 2016, at 11:20 AM, Balazs Scheidler <bazsi77 at gmail.com
>>>> <mailto:bazsi77 at gmail.com>> wrote:
>>>>
>>>> maybe you have two sources binding on the same port?
>>>>
>>>>
>>>> On Thu, Apr 21, 2016 at 4:36 PM, Scot Needy <scotrn at gmail.com> wrote:
>>>>
>>>> I don’t see your conf files but I suspect it’s trying to load
>>>> the tls module twice ?
>>>>
>>>>
>>>>> On Apr 21, 2016, at 10:04 AM, Ivan Adji - Krstev
>>>>> <akivanradix at gmail.com> wrote:
>>>>>
>>>>> It is the same ... if i restart the syslog-ng after that ill
>>>>> get the same error. If i stop the syslog-ng that port is not
>>>>> used anymore ...
>>>>> Here is the output of the *syslog-ng -Fevd*
>>>>>
>>>>> [2016-04-21T16:02:41.478174] WARNING: Starting with syslog-ng
>>>>> 3.6, the system() source performs JSON parsing of messages
>>>>> starting with the '@cim:' prefix. No additional action is needed;
>>>>> [2016-04-21T16:02:41.478635] Module loaded and initialized
>>>>> successfully; module='sdjournal'
>>>>> [2016-04-21T16:02:41.478776] Finishing include;
>>>>> content='source confgen system', depth='1'
>>>>> [2016-04-21T16:02:41.479601] Module loaded and initialized
>>>>> successfully; module='afsocket'
>>>>> [2016-04-21T16:02:41.481135] Module loaded and initialized
>>>>> successfully; module='afmongodb'
>>>>> [2016-04-21T16:02:41.481914] Module loaded and initialized
>>>>> successfully; module='affile'
>>>>> [2016-04-21T16:02:41.482779] Module loaded and initialized
>>>>> successfully; module='afuser'
>>>>> [2016-04-21T16:02:41.484211] Unable to detect fully qualified
>>>>> hostname for localhost, use_fqdn() will use the short hostname;
>>>>> [2016-04-21T16:02:41.484252] Compiling #unnamed sequence [log]
>>>>> at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>> [2016-04-21T16:02:41.484264] Compiling s_sys reference
>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>> [2016-04-21T16:02:41.484276] Compiling s_sys sequence
>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:29:1]
>>>>> [2016-04-21T16:02:41.484286] Compiling #unnamed junction
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:29:15]
>>>>> [2016-04-21T16:02:41.484295] Compiling #unnamed
>>>>> sequence [log] at [source confgen system:2:5]
>>>>> [2016-04-21T16:02:41.484304] Compiling #unnamed
>>>>> sequence [source] at [source confgen system:2:5]
>>>>> [2016-04-21T16:02:41.484314] Compiling #unnamed
>>>>> junction [log] at [source confgen system:2:13]
>>>>> [2016-04-21T16:02:41.484323] Compiling #unnamed
>>>>> single [log] at [source confgen system:3:1]
>>>>> [2016-04-21T16:02:41.484337] Compiling #unnamed single
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:32:2]
>>>>> [2016-04-21T16:02:41.484347] Compiling #unnamed single
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:33:2]
>>>>> [2016-04-21T16:02:41.484363] Compiling f_auth reference
>>>>> [filter] at [/etc/syslog-ng/syslog-ng.conf:128:22]
>>>>> [2016-04-21T16:02:41.484374] Compiling f_auth sequence
>>>>> [filter] at [/etc/syslog-ng/syslog-ng.conf:112:1]
>>>>> [2016-04-21T16:02:41.484383] Compiling #unnamed single
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:112:22]
>>>>> [2016-04-21T16:02:41.484393] Compiling d_mongodb reference
>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:128:38]
>>>>> [2016-04-21T16:02:41.484403] Compiling d_mongodb sequence
>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:57:1]
>>>>> [2016-04-21T16:02:41.484413] Compiling #unnamed junction
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:57:24]
>>>>> [2016-04-21T16:02:41.484422] Compiling #unnamed single
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:58:5]
>>>>> [2016-04-21T16:02:41.484434] Compiling #unnamed sequence [log]
>>>>> at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>> [2016-04-21T16:02:41.484445] Compiling s_sys reference
>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>> [2016-04-21T16:02:41.484456] Compiling f_emergency reference
>>>>> [filter] at [/etc/syslog-ng/syslog-ng.conf:133:22]
>>>>> [2016-04-21T16:02:41.484467] Compiling f_emergency
>>>>> sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:114:1]
>>>>> [2016-04-21T16:02:41.484476] Compiling #unnamed single
>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:114:22]
>>>>> [2016-04-21T16:02:41.484486] Compiling d_mongodb reference
>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:133:43]
>>>>> [2016-04-21T16:02:41.484497] Compiling #unnamed sequence [log]
>>>>> at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>> [2016-04-21T16:02:41.484506] Compiling s_sys reference
>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>> [2016-04-21T16:02:41.484517] Compiling d_mongodb reference
>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:152:22]
>>>>> [2016-04-21T16:02:41.484873] Seeking the journal to the last
>>>>> cursor position;
>>>>> cursor='s=9383cb3eb8ee41eda3468d9841333aef;i=131c;b=0f07653f04794e14beeeebb18131926b;m=214f74fdf;t=530ff299a3a8e;x=d0f0c56745dc963a'
>>>>> [2016-04-21T16:02:41.485562] Module loaded and initialized
>>>>> successfully; module='syslogformat'
>>>>> [2016-04-21T16:02:41.485834] Error binding socket;
>>>>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>>>> [2016-04-21T16:02:41.485874] Error initializing message pipeline;
>>>>>
>>>>>
>>>>> On 04/21/2016 03:40 PM, Scot Needy wrote:
>>>>>> kill -9 2411
>>>>>>
>>>>>>> On Apr 21, 2016, at 7:58 AM, Ivan Adji - Krstev
>>>>>>> <akivanradix at gmail.com> wrote:
>>>>>>>
>>>>>>> 2411
>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Bazsi
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160422/f219b30e/attachment-0001.htm
More information about the syslog-ng
mailing list