[syslog-ng] ECONNREFUSED on /dev/log

Scheidler, Balázs balazs.scheidler at balabit.com
Mon Feb 22 00:14:23 CET 2016 

On Feb 21, 2016 10:35 PM, "Árpád Magosányi" <mag at magwas.rulez.org> wrote:
>
> On 02/20/2016 02:24 PM, Scheidler, Balázs wrote:
> > Hi,
> >
> > can you run syslog-ng with --preprocess-into=/dev/stdout so that we
> > can see what system() is being expanded to?
>
> Output is attached

Seems that system() generates /dev/log but probably the systemd workaround
in the unix-dgram driver kicks in and that makes syslog-ng to open the
systemd forwarder socket in /run/...

That means that for some reason journald doesn't open /dev/log and that's
why logger doesn't work. Can you check if systemd-journal operates?

>
> >
> > 1) maybe syslog-ng thinks you are running systemd and opens a
> > different socket for this reason
> > 2) a bug in the system() source
> > 3) something completely different.
> >
> > You might want to lsof the syslog-ng process only and see which socket
> > it does open.
> >
>
> Are we talking about /run/systemd/journal/syslog ?
> The system init is actually systemd. It is a debian 8 system, upgraded
> from debian 6.
>
> 'logger -u /run/systemd/journal/syslog' does work.
>
> As a workaround I did 'ln -s /run/systemd/journal/syslog /dev/log' .
>
> I feel like it is just a temporary solution. Would it be better to
> change syslog-ng.conf to read from /dev/log as well, or do the
> symlinking in boot time?
>
> Anyway, here is the lsof output:
>
>
> COMMAND     PID USER   FD   TYPE             DEVICE SIZE/OFF    NODE NAME
> syslog-ng 17901 root  cwd    DIR             254,17     4096       2 /
> syslog-ng 17901 root  rtd    DIR             254,17     4096       2 /
> syslog-ng 17901 root  txt    REG             254,17    15016  149028
> /usr/sbin/syslog-ng
> syslog-ng 17901 root  mem    REG             254,17    22952 2100025
> /lib/x86_64-linux-gnu/libnss_dns-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    10480 2102165
> /usr/lib/syslog-ng/3.5.6/liblinux-kmsg-format.so
> syslog-ng 17901 root  mem    REG             254,17    51952 2102166
> /usr/lib/syslog-ng/3.5.6/libsyslogformat.so
> syslog-ng 17901 root  mem    REG             254,17    77904 2102155
> /usr/lib/syslog-ng/3.5.6/libaffile.so
> syslog-ng 17901 root  mem    REG             254,17    40624 2097689
> /lib/x86_64-linux-gnu/libwrap.so.0.7.6
> syslog-ng 17901 root  mem    REG             254,17    96920 2101490
> /usr/lib/x86_64-linux-gnu/libnet.so.1.7.0
> syslog-ng 17901 root  mem    REG             254,17  2062720 2098102
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
> syslog-ng 17901 root  mem    REG             254,17   392312 2100757
> /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
> syslog-ng 17901 root  mem    REG             254,17    27440 2102154
> /usr/lib/syslog-ng/3.5.6/libsyslog-ng-crypto.so
> syslog-ng 17901 root  mem    REG             254,17   112432 2102157
> /usr/lib/syslog-ng/3.5.6/libafsocket-tls.so
> syslog-ng 17901 root  mem    REG             254,17    47712 2100026
> /lib/x86_64-linux-gnu/libnss_files-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    43592 2100028
> /lib/x86_64-linux-gnu/libnss_nis-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    31632 2100024
> /lib/x86_64-linux-gnu/libnss_compat-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    10440 2102161
> /usr/lib/syslog-ng/3.5.6/libconfgen.so
> syslog-ng 17901 root  mem    REG             254,17    14568 2102167
> /usr/lib/syslog-ng/3.5.6/libsystem-source.so
> syslog-ng 17901 root  mem    REG             254,17    72136 2097738
> /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0
> syslog-ng 17901 root  mem    REG             254,17    84856 2100031
> /lib/x86_64-linux-gnu/libresolv-2.19.so
> syslog-ng 17901 root  mem    REG             254,17   924096 2097740
> /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3
> syslog-ng 17901 root  mem    REG             254,17   141752 2097693
> /lib/x86_64-linux-gnu/liblzma.so.5.0.0
> syslog-ng 17901 root  mem    REG             254,17    18640 2097405
> /lib/x86_64-linux-gnu/libattr.so.1.1.0
> syslog-ng 17901 root  mem    REG             254,17   145688 2097769
> /lib/x86_64-linux-gnu/libsystemd.so.0.3.1
> syslog-ng 17901 root  mem    REG             254,17  1738176 2100017
> /lib/x86_64-linux-gnu/libc-2.19.so
> syslog-ng 17901 root  mem    REG             254,17   137440 2100013
> /lib/x86_64-linux-gnu/libpthread-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    48592 2101704
> /usr/lib/x86_64-linux-gnu/libivykis.so.0.3.5
> syslog-ng 17901 root  mem    REG             254,17    14664 2100020
> /lib/x86_64-linux-gnu/libdl-2.19.so
> syslog-ng 17901 root  mem    REG             254,17   448440 2097688
> /lib/x86_64-linux-gnu/libpcre.so.3.13.1
> syslog-ng 17901 root  mem    REG             254,17    19016 2097370
> /lib/x86_64-linux-gnu/libcap.so.2.24
> syslog-ng 17901 root  mem    REG             254,17    18840 2102113
> /usr/lib/x86_64-linux-gnu/libevtlog.so.0.0.0
> syslog-ng 17901 root  mem    REG             254,17  1107040 2100763
> /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1
> syslog-ng 17901 root  mem    REG             254,17     6112 2097853
> /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0.4200.1
> syslog-ng 17901 root  mem    REG             254,17    14624 2097851
> /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.4200.1
> syslog-ng 17901 root  mem    REG             254,17    89104 2100023
> /lib/x86_64-linux-gnu/libnsl-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    31784 2100032
> /lib/x86_64-linux-gnu/librt-2.19.so
> syslog-ng 17901 root  mem    REG             254,17   582064 2102153
> /usr/lib/syslog-ng/libsyslog-ng-3.5.6.so
> syslog-ng 17901 root  mem    REG             254,17   140928 2100014
> /lib/x86_64-linux-gnu/ld-2.19.so
> syslog-ng 17901 root  mem    REG             254,17    16384 2097337
> /var/lib/syslog-ng/syslog-ng.persist
> syslog-ng 17901 root    0r   CHR                1,3      0t0    1028
> /dev/null
> syslog-ng 17901 root    1w   CHR                1,3      0t0    1028
> /dev/null
> syslog-ng 17901 root    2w   CHR                1,3      0t0    1028
> /dev/null
> syslog-ng 17901 root    3u  unix 0xffff8800d8b04000      0t0 1761378
> /run/systemd/journal/syslog
> syslog-ng 17901 root    4u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root    5u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root    6u   REG             254,17    16384 2097337
> /var/lib/syslog-ng/syslog-ng.persist
> syslog-ng 17901 root    7r   CHR               1,11      0t0    1034
> /dev/kmsg
> syslog-ng 17901 root    9u  unix 0xffff880054b01000      0t0 1760410
> /var/lib/syslog-ng/syslog-ng.ctl
> syslog-ng 17901 root   10u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root   11u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root   12u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root   13u  0000                0,9        0    6651
> anon_inode
> syslog-ng 17901 root   14w   REG             254,17    60531 1048741
> /var/log/messages
> syslog-ng 17901 root   15u  FIFO                0,5      0t0   19564
> /dev/xconsole
>
>
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160222/1a6b0522/attachment-0001.htm

More information about the syslog-ng mailing list