[syslog-ng] SSL Problem after update

Ivan Adji - Krstev akivanradix at gmail.com
Fri Apr 22 00:39:58 CEST 2016


in scl.conf file there is nothing except this line
*@include 'scl/*/*.conf'*
So i don't think so.? I get your point that tls on port 6514 may be used
twice but can't find anything like that ... it is the same config file
that i have used before removing the old version and putting the new
one. From 3.5 to 3.8.


On 04/21/2016 08:58 PM, Scot Needy wrote:
> All of my conf files are included in scl.conf is scl.conf and @include
> "/etc/syslog-ng/conf.d/*.conf loading the same module twice  ?
>
>> On Apr 21, 2016, at 1:58 PM, Ivan Adji - Krstev
>> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>
>> Hi yes i start to put the file but i have some other problems...
>> anyway here it's the config file ( syslog-ng.conf )
>>
>>
>> @version:3.8
>> @include "scl.conf"
>>
>> # syslog-ng configuration file.
>> #
>> # This should behave pretty much like the original syslog on RedHat. But
>> # it could be configured a lot smarter.
>> #
>> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>> #
>> # Note: it also sources additional configuration files (*.conf)
>> #       located in /etc/syslog-ng/conf.d/
>>
>>
>> options {
>>         flush_lines (0);
>>         time_reopen (10);
>>         log_fifo_size (1000);
>> #
>>         log_iw_size(100);
>>         log_fetch_limit(100);
>> #
>>         chain_hostnames (off);
>>         use_dns (no);
>>         use_fqdn (no);
>>         create_dirs (no);
>>         keep_hostname (yes);
>>         };
>>
>> source s_sys {
>>         system();
>> #unix-stream("/dev/log");
>>         internal();
>>         network(
>>                 port(6514)
>> #       tcp(port(5140));
>> #       file("/proc/kmsg" log_prefix("kernel: "));
>>                 transport("tls")
>>                 tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>                 cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>                 ca_dir("/etc/syslog-ng/ca.d"))
>>                 );
>>         };
>>
>>
>> destination d_mongodb {
>>         mongodb(
>>         servers("localhost:27017")
>> #        database("syslog")
>>         uri('mongodb://localhost/syslog-ng'
>> <mongodb://localhost/syslog-ng%27>)
>>         collection("messages")
>>         value-pairs(
>>         scope("selected-macros" "nv-pairs" "sdata")
>>                         )
>>                 );
>>         };
>>
>>
>>
>>
>>
>> destination d_cons { file("/dev/console"); };
>> destination d_mesg { file("/var/log/messages"); };
>> destination d_auth { file("/var/log/secure"); };
>> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
>> destination d_spol { file("/var/log/spooler"); };
>> destination d_boot { file("/var/log/boot.log"); };
>> destination d_cron { file("/var/log/cron"); };
>> destination d_kern { file("/var/log/kern"); };
>> destination d_mlal { usertty("*"); };
>>
>> filter f_kernel     { facility(kern); };
>> filter f_default    { level(info..emerg) and
>>                         not (facility(mail)
>>                         or facility(authpriv)
>>                         or facility(cron)); };
>> filter f_auth       { facility(authpriv); };
>> filter f_mail       { facility(mail); };
>> filter f_emergency  { level(emerg); };
>> filter f_news       { facility(uucp) or
>>                         (facility(news)
>>                         and level(crit..emerg)); };
>> filter f_boot   { facility(local7); };
>> filter f_cron   { facility(cron); };
>>
>> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
>> log { source(s_sys); filter(f_kernel); destination(d_mongodb); };
>> log { source(s_sys); filter(f_default); destination(d_mongodb); };
>> log { source(s_sys); filter(f_auth); destination(d_mongodb); };
>> log { source(s_sys); filter(f_mail); destination(d_mongodb); };
>> log { source(s_sys); filter(f_emergency); destination(d_mongodb); };
>> log { source(s_sys); filter(f_news); destination(d_mongodb); };
>> log { source(s_sys); filter(f_boot); destination(d_mongodb); };
>> log { source(s_sys); filter(f_cron); destination(d_mongodb); };
>>
>>
>> log { source(s_sys); destination(d_mongodb); };
>>
>> # Source additional configuration files (.conf extension only)
>> @include "/etc/syslog-ng/conf.d/*.conf"
>>
>>
>> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
>>
>>
>>
>>
>>
>>
>>
>> On 04/21/2016 06:12 PM, Scot Needy wrote:
>>> Or the module does not die on stop and tries to start another. 
>>>
>>>> On Apr 21, 2016, at 11:20 AM, Balazs Scheidler <bazsi77 at gmail.com
>>>> <mailto:bazsi77 at gmail.com>> wrote:
>>>>
>>>> maybe you have two sources binding on the same port?
>>>>
>>>>
>>>> On Thu, Apr 21, 2016 at 4:36 PM, Scot Needy <scotrn at gmail.com> wrote:
>>>>
>>>>     I don’t see your conf files but I suspect it’s trying to load
>>>>     the tls module twice ? 
>>>>
>>>>
>>>>>     On Apr 21, 2016, at 10:04 AM, Ivan Adji - Krstev
>>>>>     <akivanradix at gmail.com> wrote:
>>>>>
>>>>>     It is the same ... if i restart the syslog-ng after that ill
>>>>>     get the same error. If i stop the syslog-ng that port is not
>>>>>     used anymore ...
>>>>>     Here is the output of the *syslog-ng -Fevd*
>>>>>
>>>>>     [2016-04-21T16:02:41.478174] WARNING: Starting with syslog-ng
>>>>>     3.6, the system() source performs JSON parsing of messages
>>>>>     starting with the '@cim:' prefix. No additional action is needed;
>>>>>     [2016-04-21T16:02:41.478635] Module loaded and initialized
>>>>>     successfully; module='sdjournal'
>>>>>     [2016-04-21T16:02:41.478776] Finishing include;
>>>>>     content='source confgen system', depth='1'
>>>>>     [2016-04-21T16:02:41.479601] Module loaded and initialized
>>>>>     successfully; module='afsocket'
>>>>>     [2016-04-21T16:02:41.481135] Module loaded and initialized
>>>>>     successfully; module='afmongodb'
>>>>>     [2016-04-21T16:02:41.481914] Module loaded and initialized
>>>>>     successfully; module='affile'
>>>>>     [2016-04-21T16:02:41.482779] Module loaded and initialized
>>>>>     successfully; module='afuser'
>>>>>     [2016-04-21T16:02:41.484211] Unable to detect fully qualified
>>>>>     hostname for localhost, use_fqdn() will use the short hostname;
>>>>>     [2016-04-21T16:02:41.484252] Compiling #unnamed sequence [log]
>>>>>     at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>     [2016-04-21T16:02:41.484264]   Compiling s_sys reference
>>>>>     [source] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>     [2016-04-21T16:02:41.484276]     Compiling s_sys sequence
>>>>>     [source] at [/etc/syslog-ng/syslog-ng.conf:29:1]
>>>>>     [2016-04-21T16:02:41.484286]       Compiling #unnamed junction
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:29:15]
>>>>>     [2016-04-21T16:02:41.484295]         Compiling #unnamed
>>>>>     sequence [log] at [source confgen system:2:5]
>>>>>     [2016-04-21T16:02:41.484304]           Compiling #unnamed
>>>>>     sequence [source] at [source confgen system:2:5]
>>>>>     [2016-04-21T16:02:41.484314]             Compiling #unnamed
>>>>>     junction [log] at [source confgen system:2:13]
>>>>>     [2016-04-21T16:02:41.484323]               Compiling #unnamed
>>>>>     single [log] at [source confgen system:3:1]
>>>>>     [2016-04-21T16:02:41.484337]         Compiling #unnamed single
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:32:2]
>>>>>     [2016-04-21T16:02:41.484347]         Compiling #unnamed single
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:33:2]
>>>>>     [2016-04-21T16:02:41.484363]   Compiling f_auth reference
>>>>>     [filter] at [/etc/syslog-ng/syslog-ng.conf:128:22]
>>>>>     [2016-04-21T16:02:41.484374]     Compiling f_auth sequence
>>>>>     [filter] at [/etc/syslog-ng/syslog-ng.conf:112:1]
>>>>>     [2016-04-21T16:02:41.484383]       Compiling #unnamed single
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:112:22]
>>>>>     [2016-04-21T16:02:41.484393]   Compiling d_mongodb reference
>>>>>     [destination] at [/etc/syslog-ng/syslog-ng.conf:128:38]
>>>>>     [2016-04-21T16:02:41.484403]     Compiling d_mongodb sequence
>>>>>     [destination] at [/etc/syslog-ng/syslog-ng.conf:57:1]
>>>>>     [2016-04-21T16:02:41.484413]       Compiling #unnamed junction
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:57:24]
>>>>>     [2016-04-21T16:02:41.484422]         Compiling #unnamed single
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:58:5]
>>>>>     [2016-04-21T16:02:41.484434] Compiling #unnamed sequence [log]
>>>>>     at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>     [2016-04-21T16:02:41.484445]   Compiling s_sys reference
>>>>>     [source] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>     [2016-04-21T16:02:41.484456]   Compiling f_emergency reference
>>>>>     [filter] at [/etc/syslog-ng/syslog-ng.conf:133:22]
>>>>>     [2016-04-21T16:02:41.484467]     Compiling f_emergency
>>>>>     sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:114:1]
>>>>>     [2016-04-21T16:02:41.484476]       Compiling #unnamed single
>>>>>     [log] at [/etc/syslog-ng/syslog-ng.conf:114:22]
>>>>>     [2016-04-21T16:02:41.484486]   Compiling d_mongodb reference
>>>>>     [destination] at [/etc/syslog-ng/syslog-ng.conf:133:43]
>>>>>     [2016-04-21T16:02:41.484497] Compiling #unnamed sequence [log]
>>>>>     at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>     [2016-04-21T16:02:41.484506]   Compiling s_sys reference
>>>>>     [source] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>     [2016-04-21T16:02:41.484517]   Compiling d_mongodb reference
>>>>>     [destination] at [/etc/syslog-ng/syslog-ng.conf:152:22]
>>>>>     [2016-04-21T16:02:41.484873] Seeking the journal to the last
>>>>>     cursor position;
>>>>>     cursor='s=9383cb3eb8ee41eda3468d9841333aef;i=131c;b=0f07653f04794e14beeeebb18131926b;m=214f74fdf;t=530ff299a3a8e;x=d0f0c56745dc963a'
>>>>>     [2016-04-21T16:02:41.485562] Module loaded and initialized
>>>>>     successfully; module='syslogformat'
>>>>>     [2016-04-21T16:02:41.485834] Error binding socket;
>>>>>     addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>>>>     [2016-04-21T16:02:41.485874] Error initializing message pipeline;
>>>>>
>>>>>
>>>>>     On 04/21/2016 03:40 PM, Scot Needy wrote:
>>>>>>     kill -9 2411 
>>>>>>
>>>>>>>     On Apr 21, 2016, at 7:58 AM, Ivan Adji - Krstev
>>>>>>>     <akivanradix at gmail.com> wrote:
>>>>>>>
>>>>>>>     2411
>>>>>>
>>>>>>
>>>>>>
>>>>>>     ______________________________________________________________________________
>>>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>     Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>
>>>>>     ______________________________________________________________________________
>>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>     Documentation:
>>>>>     http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>
>>>>
>>>>     ______________________________________________________________________________
>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>     Documentation:
>>>>     http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> Bazsi
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160422/f219b30e/attachment-0001.htm 


More information about the syslog-ng mailing list