[syslog-ng] ECONNREFUSED on /dev/log
Scheidler, Balázs
balazs.scheidler at balabit.com
Mon Feb 22 07:17:16 CET 2016
Hmmm, maybe that symlink should have been there in the first place and
something (syslog-ng even...) may have removed it.
On Feb 22, 2016 12:54 AM, "Árpád Magosányi" <mag at magwas.rulez.org> wrote:
> On 02/22/2016 12:14 AM, Scheidler, Balázs wrote:
> >
> >
> > Seems that system() generates /dev/log but probably the systemd
> > workaround in the unix-dgram driver kicks in and that makes syslog-ng
> > to open the systemd forwarder socket in /run/...
> >
> > That means that for some reason journald doesn't open /dev/log and
> > that's why logger doesn't work. Can you check if systemd-journal
> operates?
> >
> # ps ax |grep systemd-journal
> 192 ? Ss 0:14 /lib/systemd/systemd-journald
> # lsof -p 192
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> systemd-j 192 root cwd DIR 254,17 4096 2 /
> systemd-j 192 root rtd DIR 254,17 4096 2 /
> systemd-j 192 root txt REG 254,17 231664 2099945
> /lib/systemd/systemd-journald
> systemd-j 192 root mem REG 0,15 8388608 313224
> /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal
> systemd-j 192 root mem REG 254,17 18640 2097405
> /lib/x86_64-linux-gnu/libattr.so.1.1.0
> systemd-j 192 root mem REG 254,17 448440 2097688
> /lib/x86_64-linux-gnu/libpcre.so.3.13.1
> systemd-j 192 root mem REG 254,17 72136 2097738
> /lib/x86_64-linux-gnu/libgpg-error.so.0.13.0
> systemd-j 192 root mem REG 254,17 14664 2100020
> /lib/x86_64-linux-gnu/libdl-2.19.so
> systemd-j 192 root mem REG 254,17 35288 2097409
> /lib/x86_64-linux-gnu/libacl.so.1.1.0
> systemd-j 192 root mem REG 254,17 142728 2099705
> /lib/x86_64-linux-gnu/libselinux.so.1
> systemd-j 192 root mem REG 254,17 924096 2097740
> /lib/x86_64-linux-gnu/libgcrypt.so.20.0.3
> systemd-j 192 root mem REG 254,17 141752 2097693
> /lib/x86_64-linux-gnu/liblzma.so.5.0.0
> systemd-j 192 root mem REG 254,17 1738176 2100017
> /lib/x86_64-linux-gnu/libc-2.19.so
> systemd-j 192 root mem REG 254,17 137440 2100013
> /lib/x86_64-linux-gnu/libpthread-2.19.so
> systemd-j 192 root mem REG 254,17 140928 2100014
> /lib/x86_64-linux-gnu/ld-2.19.so
> systemd-j 192 root mem REG 0,15 8 1404
> /run/systemd/journal/kernel-seqnum
> systemd-j 192 root 0r CHR 1,3 0t0 1028
> /dev/null
> systemd-j 192 root 1w CHR 1,3 0t0 1028
> /dev/null
> systemd-j 192 root 2w CHR 1,3 0t0 1028
> /dev/null
> systemd-j 192 root 3u unix 0xffff8800d8aea000 0t0 1323
> /run/systemd/journal/stdout
> systemd-j 192 root 4u unix 0xffff8800db5fec00 0t0 1325
> /run/systemd/journal/socket
> systemd-j 192 root 5u unix 0xffff8800d8aea800 0t0 1316
> /run/systemd/journal/dev-log
> systemd-j 192 root 6w CHR 1,11 0t0 1034
> /dev/kmsg
> systemd-j 192 root 7u 0000 0,9 0 6651
> anon_inode
> systemd-j 192 root 8u 0000 0,9 0 6651
> anon_inode
> systemd-j 192 root 9u CHR 1,11 0t0 1034
> /dev/kmsg
> systemd-j 192 root 10r REG 0,3 0 1405
> /proc/sys/kernel/hostname
> systemd-j 192 root 11u 0000 0,9 0 6651
> anon_inode
> systemd-j 192 root 13u 0000 0,9 0 6651
> anon_inode
> systemd-j 192 root 14u unix 0xffff8800db63fc00 0t0 1674
> /run/systemd/journal/stdout
> systemd-j 192 root 15u unix 0xffff8800d8a7ac00 0t0 1678
> /run/systemd/journal/stdout
> systemd-j 192 root 16u unix 0xffff8800d8a7a400 0t0 1689
> /run/systemd/journal/stdout
> systemd-j 192 root 17u unix 0xffff8800db053400 0t0 366405
> /run/systemd/journal/stdout
> systemd-j 192 root 18u unix 0xffff8800d8a57400 0t0 1696
> /run/systemd/journal/stdout
> systemd-j 192 root 19u unix 0xffff8800d886ec00 0t0 12637
> /run/systemd/journal/stdout
> systemd-j 192 root 20u unix 0xffff8800d886e400 0t0 16602
> /run/systemd/journal/stdout
> systemd-j 192 root 21u REG 0,15 8388608 313224
> /run/log/journal/b53205d836a20f21da45fc9300685526/system.journal
> systemd-j 192 root 22u unix 0xffff8800d8b2d800 0t0 9746
> /run/systemd/journal/stdout
>
> # cat journald.conf
> # This file is part of systemd.
> #
> # systemd is free software; you can redistribute it and/or modify it
> # under the terms of the GNU Lesser General Public License as published by
> # the Free Software Foundation; either version 2.1 of the License, or
> # (at your option) any later version.
> #
> # See journald.conf(5) for details
>
> [Journal]
> #Storage=auto
> #Compress=yes
> #Seal=yes
> #SplitMode=uid
> #SyncIntervalSec=5m
> #RateLimitInterval=30s
> #RateLimitBurst=1000
> #SystemMaxUse=
> #SystemKeepFree=
> #SystemMaxFileSize=
> #RuntimeMaxUse=
> #RuntimeKeepFree=
> #RuntimeMaxFileSize=
> #MaxRetentionSec=
> #MaxFileSec=1month
> #ForwardToSyslog=yes
> #ForwardToKMsg=no
> #ForwardToConsole=no
> #ForwardToWall=yes
> #TTYPath=/dev/console
> #MaxLevelStore=debug
> #MaxLevelSyslog=debug
> #MaxLevelKMsg=notice
> #MaxLevelConsole=info
> #MaxLevelWall=emerg
>
> tried to uncomment ForwardToSyslog=yes and reboot.
> journald does not have /dev/log open after that. however the symlink
> /dev/log -> /run/systemd/journal/dev-log survived the reboot, and I can
> still use logger, so functionally my system is okay for now.
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160222/abc0480f/attachment.htm
More information about the syslog-ng
mailing list