[syslog-ng] SSL Problem after update

Scot Needy scotrn at gmail.com
Fri Apr 22 16:27:38 CEST 2016


As a test try to load a minimal conf with no includes and add them manually using a full path. 

I had to do that to troubleshoot java module. 


> On Apr 21, 2016, at 6:39 PM, Ivan Adji - Krstev <akivanradix at gmail.com> wrote:
> 
> in scl.conf file there is nothing except this line
> @include 'scl/*/*.conf'
> So i don't think so.? I get your point that tls on port 6514 may be used twice but can't find anything like that ... it is the same config file that i have used before removing the old version and putting the new one. From 3.5 to 3.8.
> 
> 
> On 04/21/2016 08:58 PM, Scot Needy wrote:
>> All of my conf files are included in scl.conf is scl.conf and @include "/etc/syslog-ng/conf.d/*.conf loading the same module twice  ?
>> 
>>> On Apr 21, 2016, at 1:58 PM, Ivan Adji - Krstev <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>> 
>>> Hi yes i start to put the file but i have some other problems... anyway here it's the config file ( syslog-ng.conf )
>>> 
>>> 
>>> @version:3.8
>>> @include "scl.conf"
>>> 
>>> # syslog-ng configuration file.
>>> #
>>> # This should behave pretty much like the original syslog on RedHat. But
>>> # it could be configured a lot smarter.
>>> #
>>> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>>> #
>>> # Note: it also sources additional configuration files (*.conf)
>>> #       located in /etc/syslog-ng/conf.d/
>>> 
>>> 
>>> options {
>>>         flush_lines (0);
>>>         time_reopen (10);
>>>         log_fifo_size (1000);
>>> #
>>>         log_iw_size(100);
>>>         log_fetch_limit(100);
>>> #
>>>         chain_hostnames (off);
>>>         use_dns (no);
>>>         use_fqdn (no);
>>>         create_dirs (no);
>>>         keep_hostname (yes);
>>>         };
>>> 
>>> source s_sys {
>>>         system();
>>> #unix-stream("/dev/log");
>>>         internal();
>>>         network(
>>>                 port(6514)
>>> #       tcp(port(5140));
>>> #       file("/proc/kmsg" log_prefix("kernel: "));
>>>                 transport("tls")
>>>                 tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>>                 cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>>                 ca_dir("/etc/syslog-ng/ca.d"))
>>>                 );
>>>         };
>>> 
>>> 
>>> destination d_mongodb {
>>>         mongodb(
>>>         servers("localhost:27017")
>>> #        database("syslog")
>>>         uri('mongodb://localhost/syslog-ng' <mongodb://localhost/syslog-ng%27>)
>>>         collection("messages")
>>>         value-pairs(
>>>         scope("selected-macros" "nv-pairs" "sdata")
>>>                         )
>>>                 );
>>>         };
>>> 
>>> 
>>> 
>>> 
>>> 
>>> destination d_cons { file("/dev/console"); };
>>> destination d_mesg { file("/var/log/messages"); };
>>> destination d_auth { file("/var/log/secure"); };
>>> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
>>> destination d_spol { file("/var/log/spooler"); };
>>> destination d_boot { file("/var/log/boot.log"); };
>>> destination d_cron { file("/var/log/cron"); };
>>> destination d_kern { file("/var/log/kern"); };
>>> destination d_mlal { usertty("*"); };
>>> 
>>> filter f_kernel     { facility(kern); };
>>> filter f_default    { level(info..emerg) and
>>>                         not (facility(mail)
>>>                         or facility(authpriv)
>>>                         or facility(cron)); };
>>> filter f_auth       { facility(authpriv); };
>>> filter f_mail       { facility(mail); };
>>> filter f_emergency  { level(emerg); };
>>> filter f_news       { facility(uucp) or
>>>                         (facility(news)
>>>                         and level(crit..emerg)); };
>>> filter f_boot   { facility(local7); };
>>> filter f_cron   { facility(cron); };
>>> 
>>> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
>>> log { source(s_sys); filter(f_kernel); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_default); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_auth); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_mail); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_emergency); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_news); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_boot); destination(d_mongodb); };
>>> log { source(s_sys); filter(f_cron); destination(d_mongodb); };
>>> 
>>> 
>>> log { source(s_sys); destination(d_mongodb); };
>>> 
>>> # Source additional configuration files (.conf extension only)
>>> @include "/etc/syslog-ng/conf.d/*.conf"
>>> 
>>> 
>>> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 04/21/2016 06:12 PM, Scot Needy wrote:
>>>> Or the module does not die on stop and tries to start another. 
>>>> 
>>>>> On Apr 21, 2016, at 11:20 AM, Balazs Scheidler <bazsi77 at gmail.com <mailto:bazsi77 at gmail.com>> wrote:
>>>>> 
>>>>> maybe you have two sources binding on the same port?
>>>>> 
>>>>> 
>>>>> On Thu, Apr 21, 2016 at 4:36 PM, Scot Needy < <mailto:scotrn at gmail.com>scotrn at gmail.com <mailto:scotrn at gmail.com>> wrote:
>>>>> I don’t see your conf files but I suspect it’s trying to load the tls module twice ? 
>>>>> 
>>>>> 
>>>>>> On Apr 21, 2016, at 10:04 AM, Ivan Adji - Krstev < <mailto:akivanradix at gmail.com>akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>>>>> 
>>>>>> It is the same ... if i restart the syslog-ng after that ill get the same error. If i stop the syslog-ng that port is not used anymore ... 
>>>>>> Here is the output of the syslog-ng -Fevd
>>>>>> 
>>>>>> [2016-04-21T16:02:41.478174] WARNING: Starting with syslog-ng 3.6, the system() source performs JSON parsing of messages starting with the '@cim:' prefix. No additional action is needed;
>>>>>> [2016-04-21T16:02:41.478635] Module loaded and initialized successfully; module='sdjournal'
>>>>>> [2016-04-21T16:02:41.478776] Finishing include; content='source confgen system', depth='1'
>>>>>> [2016-04-21T16:02:41.479601] Module loaded and initialized successfully; module='afsocket'
>>>>>> [2016-04-21T16:02:41.481135] Module loaded and initialized successfully; module='afmongodb'
>>>>>> [2016-04-21T16:02:41.481914] Module loaded and initialized successfully; module='affile'
>>>>>> [2016-04-21T16:02:41.482779] Module loaded and initialized successfully; module='afuser'
>>>>>> [2016-04-21T16:02:41.484211] Unable to detect fully qualified hostname for localhost, use_fqdn() will use the short hostname;
>>>>>> [2016-04-21T16:02:41.484252] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>> [2016-04-21T16:02:41.484264]   Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:128:7]
>>>>>> [2016-04-21T16:02:41.484276]     Compiling s_sys sequence [source] at [/etc/syslog-ng/syslog-ng.conf:29:1]
>>>>>> [2016-04-21T16:02:41.484286]       Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:29:15]
>>>>>> [2016-04-21T16:02:41.484295]         Compiling #unnamed sequence [log] at [source confgen system:2:5]
>>>>>> [2016-04-21T16:02:41.484304]           Compiling #unnamed sequence [source] at [source confgen system:2:5]
>>>>>> [2016-04-21T16:02:41.484314]             Compiling #unnamed junction [log] at [source confgen system:2:13]
>>>>>> [2016-04-21T16:02:41.484323]               Compiling #unnamed single [log] at [source confgen system:3:1]
>>>>>> [2016-04-21T16:02:41.484337]         Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:32:2]
>>>>>> [2016-04-21T16:02:41.484347]         Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:33:2]
>>>>>> [2016-04-21T16:02:41.484363]   Compiling f_auth reference [filter] at [/etc/syslog-ng/syslog-ng.conf:128:22]
>>>>>> [2016-04-21T16:02:41.484374]     Compiling f_auth sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:112:1]
>>>>>> [2016-04-21T16:02:41.484383]       Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:112:22]
>>>>>> [2016-04-21T16:02:41.484393]   Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:128:38]
>>>>>> [2016-04-21T16:02:41.484403]     Compiling d_mongodb sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:57:1]
>>>>>> [2016-04-21T16:02:41.484413]       Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:57:24]
>>>>>> [2016-04-21T16:02:41.484422]         Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:58:5]
>>>>>> [2016-04-21T16:02:41.484434] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>> [2016-04-21T16:02:41.484445]   Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:133:7]
>>>>>> [2016-04-21T16:02:41.484456]   Compiling f_emergency reference [filter] at [/etc/syslog-ng/syslog-ng.conf:133:22]
>>>>>> [2016-04-21T16:02:41.484467]     Compiling f_emergency sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:114:1]
>>>>>> [2016-04-21T16:02:41.484476]       Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:114:22]
>>>>>> [2016-04-21T16:02:41.484486]   Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:133:43]
>>>>>> [2016-04-21T16:02:41.484497] Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>> [2016-04-21T16:02:41.484506]   Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:152:7]
>>>>>> [2016-04-21T16:02:41.484517]   Compiling d_mongodb reference [destination] at [/etc/syslog-ng/syslog-ng.conf:152:22]
>>>>>> [2016-04-21T16:02:41.484873] Seeking the journal to the last cursor position; cursor='s=9383cb3eb8ee41eda3468d9841333aef;i=131c;b=0f07653f04794e14beeeebb18131926b;m=214f74fdf;t=530ff299a3a8e;x=d0f0c56745dc963a'
>>>>>> [2016-04-21T16:02:41.485562] Module loaded and initialized successfully; module='syslogformat'
>>>>>> [2016-04-21T16:02:41.485834] Error binding socket; addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>>>>> [2016-04-21T16:02:41.485874] Error initializing message pipeline;
>>>>>> 
>>>>>> 
>>>>>> On 04/21/2016 03:40 PM, Scot Needy wrote:
>>>>>>> kill -9 2411 
>>>>>>> 
>>>>>>>> On Apr 21, 2016, at 7:58 AM, Ivan Adji - Krstev < <mailto:akivanradix at gmail.com>akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>>>>>>>> 
>>>>>>>> 2411
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>>>>> 
>>>>>> 
>>>>>> ______________________________________________________________________________
>>>>>> Member info:  <https://lists.balabit.hu/mailman/listinfo/syslog-ng>https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>>>> Documentation:  <http://www.balabit.com/support/documentation/?product=syslog-ng>http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>>>> FAQ:  <http://www.balabit.com/wiki/syslog-ng-faq>http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>>>> 
>>>>> 
>>>>> 
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>>> Documentation:  <http://www.balabit.com/support/documentation/?product=syslog-ng>http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> Bazsi
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>>> 
>>> 
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>>> 
>> 
>> 
>> 
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160422/f83b9efc/attachment-0001.htm 


More information about the syslog-ng mailing list