[syslog-ng] SSL Problem after update
Ivan Adji - Krstev
akivanradix at gmail.com
Fri Apr 22 13:24:21 CEST 2016
And is like creating two sockets ... when i do lsof i have the following
output
lsof | grep LISTEN
syslog-ng 14265 root 12u IPv4 315900
0t0 TCP *:syslog-tls (LISTEN)
syslog-ng 14265 14266 root 12u IPv4 315900
0t0 TCP *:syslog-tls (LISTEN)
and when i do
netstat -antp | grep 6514
tcp 0 0 0.0.0.0:6514 0.0.0.0:*
LISTEN 14265/syslog-ng
so they have the same pid. Also when i stop syslog-ng there is nothing.
Thanks !
On 04/22/2016 11:50 AM, Ivan Adji - Krstev wrote:
> Also i have change the port and again the same problem/error i have.
> Is this some kind of bug in this new version as i can see there is not
> much downloads
>
>> in scl.conf file there is nothing except this line
>> *@include 'scl/*/*.conf'*
>> So i don't think so.? I get your point that tls on port 6514 may be
>> used twice but can't find anything like that ... it is the same
>> config file that i have used before removing the old version and
>> putting the new one. From 3.5 to 3.8.
>>
>>
>> On 04/21/2016 08:58 PM, Scot Needy wrote:
>>> All of my conf files are included in scl.conf is scl.conf and
>>> @include "/etc/syslog-ng/conf.d/*.conf loading the same module twice ?
>>>
>>>> On Apr 21, 2016, at 1:58 PM, Ivan Adji - Krstev
>>>> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>>>
>>>> Hi yes i start to put the file but i have some other problems...
>>>> anyway here it's the config file ( syslog-ng.conf )
>>>>
>>>>
>>>> @version:3.8
>>>> @include "scl.conf"
>>>>
>>>> # syslog-ng configuration file.
>>>> #
>>>> # This should behave pretty much like the original syslog on
>>>> RedHat. But
>>>> # it could be configured a lot smarter.
>>>> #
>>>> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>>>> #
>>>> # Note: it also sources additional configuration files (*.conf)
>>>> # located in /etc/syslog-ng/conf.d/
>>>>
>>>>
>>>> options {
>>>> flush_lines (0);
>>>> time_reopen (10);
>>>> log_fifo_size (1000);
>>>> #
>>>> log_iw_size(100);
>>>> log_fetch_limit(100);
>>>> #
>>>> chain_hostnames (off);
>>>> use_dns (no);
>>>> use_fqdn (no);
>>>> create_dirs (no);
>>>> keep_hostname (yes);
>>>> };
>>>>
>>>> source s_sys {
>>>> system();
>>>> #unix-stream("/dev/log");
>>>> internal();
>>>> network(
>>>> port(6514)
>>>> # tcp(port(5140));
>>>> # file("/proc/kmsg" log_prefix("kernel: "));
>>>> transport("tls")
>>>> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>>> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>>> ca_dir("/etc/syslog-ng/ca.d"))
>>>> );
>>>> };
>>>>
>>>>
>>>> destination d_mongodb {
>>>> mongodb(
>>>> servers("localhost:27017")
>>>> # database("syslog")
>>>> uri('mongodb://localhost/syslog-ng'
>>>> <mongodb://localhost/syslog-ng%27>)
>>>> collection("messages")
>>>> value-pairs(
>>>> scope("selected-macros" "nv-pairs" "sdata")
>>>> )
>>>> );
>>>> };
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> destination d_cons { file("/dev/console"); };
>>>> destination d_mesg { file("/var/log/messages"); };
>>>> destination d_auth { file("/var/log/secure"); };
>>>> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
>>>> destination d_spol { file("/var/log/spooler"); };
>>>> destination d_boot { file("/var/log/boot.log"); };
>>>> destination d_cron { file("/var/log/cron"); };
>>>> destination d_kern { file("/var/log/kern"); };
>>>> destination d_mlal { usertty("*"); };
>>>>
>>>> filter f_kernel { facility(kern); };
>>>> filter f_default { level(info..emerg) and
>>>> not (facility(mail)
>>>> or facility(authpriv)
>>>> or facility(cron)); };
>>>> filter f_auth { facility(authpriv); };
>>>> filter f_mail { facility(mail); };
>>>> filter f_emergency { level(emerg); };
>>>> filter f_news { facility(uucp) or
>>>> (facility(news)
>>>> and level(crit..emerg)); };
>>>> filter f_boot { facility(local7); };
>>>> filter f_cron { facility(cron); };
>>>>
>>>> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
>>>> log { source(s_sys); filter(f_kernel); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_default); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_auth); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_mail); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_emergency); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_news); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_boot); destination(d_mongodb); };
>>>> log { source(s_sys); filter(f_cron); destination(d_mongodb); };
>>>>
>>>>
>>>> log { source(s_sys); destination(d_mongodb); };
>>>>
>>>> # Source additional configuration files (.conf extension only)
>>>> @include "/etc/syslog-ng/conf.d/*.conf"
>>>>
>>>>
>>>> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 04/21/2016 06:12 PM, Scot Needy wrote:
>>>>> Or the module does not die on stop and tries to start another.
>>>>>
>>>>>> On Apr 21, 2016, at 11:20 AM, Balazs Scheidler
>>>>>> <bazsi77 at gmail.com> wrote:
>>>>>>
>>>>>> maybe you have two sources binding on the same port?
>>>>>>
>>>>>>
>>>>>> On Thu, Apr 21, 2016 at 4:36 PM, Scot Needy <scotrn at gmail.com> wrote:
>>>>>>
>>>>>> I don’t see your conf files but I suspect it’s trying to load
>>>>>> the tls module twice ?
>>>>>>
>>>>>>
>>>>>>> On Apr 21, 2016, at 10:04 AM, Ivan Adji - Krstev
>>>>>>> <akivanradix at gmail.com> wrote:
>>>>>>>
>>>>>>> It is the same ... if i restart the syslog-ng after that ill
>>>>>>> get the same error. If i stop the syslog-ng that port is not
>>>>>>> used anymore ...
>>>>>>> Here is the output of the *syslog-ng -Fevd*
>>>>>>>
>>>>>>> [2016-04-21T16:02:41.478174] WARNING: Starting with
>>>>>>> syslog-ng 3.6, the system() source performs JSON parsing of
>>>>>>> messages starting with the '@cim:' prefix. No additional
>>>>>>> action is needed;
>>>>>>> [2016-04-21T16:02:41.478635] Module loaded and initialized
>>>>>>> successfully; module='sdjournal'
>>>>>>> [2016-04-21T16:02:41.478776] Finishing include;
>>>>>>> content='source confgen system', depth='1'
>>>>>>> [2016-04-21T16:02:41.479601] Module loaded and initialized
>>>>>>> successfully; module='afsocket'
>>>>>>> [2016-04-21T16:02:41.481135] Module loaded and initialized
>>>>>>> successfully; module='afmongodb'
>>>>>>> [2016-04-21T16:02:41.481914] Module loaded and initialized
>>>>>>> successfully; module='affile'
>>>>>>> [2016-04-21T16:02:41.482779] Module loaded and initialized
>>>>>>> successfully; module='afuser'
>>>>>>> [2016-04-21T16:02:41.484211] Unable to detect fully
>>>>>>> qualified hostname for localhost, use_fqdn() will use the
>>>>>>> short hostname;
>>>>>>> [2016-04-21T16:02:41.484252] Compiling #unnamed sequence
>>>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>>> [2016-04-21T16:02:41.484264] Compiling s_sys reference
>>>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>>> [2016-04-21T16:02:41.484276] Compiling s_sys sequence
>>>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:29:1]
>>>>>>> [2016-04-21T16:02:41.484286] Compiling #unnamed
>>>>>>> junction [log] at [/etc/syslog-ng/syslog-ng.conf:29:15]
>>>>>>> [2016-04-21T16:02:41.484295] Compiling #unnamed
>>>>>>> sequence [log] at [source confgen system:2:5]
>>>>>>> [2016-04-21T16:02:41.484304] Compiling #unnamed
>>>>>>> sequence [source] at [source confgen system:2:5]
>>>>>>> [2016-04-21T16:02:41.484314] Compiling #unnamed
>>>>>>> junction [log] at [source confgen system:2:13]
>>>>>>> [2016-04-21T16:02:41.484323] Compiling
>>>>>>> #unnamed single [log] at [source confgen system:3:1]
>>>>>>> [2016-04-21T16:02:41.484337] Compiling #unnamed
>>>>>>> single [log] at [/etc/syslog-ng/syslog-ng.conf:32:2]
>>>>>>> [2016-04-21T16:02:41.484347] Compiling #unnamed
>>>>>>> single [log] at [/etc/syslog-ng/syslog-ng.conf:33:2]
>>>>>>> [2016-04-21T16:02:41.484363] Compiling f_auth reference
>>>>>>> [filter] at [/etc/syslog-ng/syslog-ng.conf:128:22]
>>>>>>> [2016-04-21T16:02:41.484374] Compiling f_auth sequence
>>>>>>> [filter] at [/etc/syslog-ng/syslog-ng.conf:112:1]
>>>>>>> [2016-04-21T16:02:41.484383] Compiling #unnamed single
>>>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:112:22]
>>>>>>> [2016-04-21T16:02:41.484393] Compiling d_mongodb reference
>>>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:128:38]
>>>>>>> [2016-04-21T16:02:41.484403] Compiling d_mongodb
>>>>>>> sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:57:1]
>>>>>>> [2016-04-21T16:02:41.484413] Compiling #unnamed
>>>>>>> junction [log] at [/etc/syslog-ng/syslog-ng.conf:57:24]
>>>>>>> [2016-04-21T16:02:41.484422] Compiling #unnamed
>>>>>>> single [log] at [/etc/syslog-ng/syslog-ng.conf:58:5]
>>>>>>> [2016-04-21T16:02:41.484434] Compiling #unnamed sequence
>>>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>>> [2016-04-21T16:02:41.484445] Compiling s_sys reference
>>>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>>> [2016-04-21T16:02:41.484456] Compiling f_emergency
>>>>>>> reference [filter] at [/etc/syslog-ng/syslog-ng.conf:133:22]
>>>>>>> [2016-04-21T16:02:41.484467] Compiling f_emergency
>>>>>>> sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:114:1]
>>>>>>> [2016-04-21T16:02:41.484476] Compiling #unnamed single
>>>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:114:22]
>>>>>>> [2016-04-21T16:02:41.484486] Compiling d_mongodb reference
>>>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:133:43]
>>>>>>> [2016-04-21T16:02:41.484497] Compiling #unnamed sequence
>>>>>>> [log] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>>> [2016-04-21T16:02:41.484506] Compiling s_sys reference
>>>>>>> [source] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>>> [2016-04-21T16:02:41.484517] Compiling d_mongodb reference
>>>>>>> [destination] at [/etc/syslog-ng/syslog-ng.conf:152:22]
>>>>>>> [2016-04-21T16:02:41.484873] Seeking the journal to the last
>>>>>>> cursor position;
>>>>>>> cursor='s=9383cb3eb8ee41eda3468d9841333aef;i=131c;b=0f07653f04794e14beeeebb18131926b;m=214f74fdf;t=530ff299a3a8e;x=d0f0c56745dc963a'
>>>>>>> [2016-04-21T16:02:41.485562] Module loaded and initialized
>>>>>>> successfully; module='syslogformat'
>>>>>>> [2016-04-21T16:02:41.485834] Error binding socket;
>>>>>>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use
>>>>>>> (98)'
>>>>>>> [2016-04-21T16:02:41.485874] Error initializing message
>>>>>>> pipeline;
>>>>>>>
>>>>>>>
>>>>>>> On 04/21/2016 03:40 PM, Scot Needy wrote:
>>>>>>>> kill -9 2411
>>>>>>>>
>>>>>>>>> On Apr 21, 2016, at 7:58 AM, Ivan Adji - Krstev
>>>>>>>>> <akivanradix at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> 2411
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ______________________________________________________________________________
>>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>>
>>>>>>>
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation:
>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Bazsi
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160422/3d61e3ec/attachment-0001.htm
More information about the syslog-ng
mailing list