[syslog-ng] Syslog-ng Multiple Instances
Scheidler, Balázs
balazs.scheidler at balabit.com
Wed Jun 29 18:00:36 CEST 2016
Hi,
syslog-ng-ctl requires the same control file that you supplied to the 2nd
syslog-ng instance, so this should work:
$ syslog-ng-ctl
--control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl
If it started up, it should work though. Can you start syslog-ng in the
foreground (-F) and request debug logs using -de, so it should look like
this:
$ syslog-ng -Fed
--cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf
--persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist
--pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid
--control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl
This should display a couple of debugging messages during startup and also
whenever a message is received. You might find a clue there.
Also, this may or may not have a relation to the problem you are seeing,
but 3.3.4 is pretty old, probably more than 5 years old. Our current
version is 3.7.3.
--
Bazsi
On Wed, Jun 29, 2016 at 3:33 PM, David Campeau <David.Campeau at tn.gov> wrote:
> I'm not sure of the syntax needed to connect to the socket or how to
> prepare the system.
>
> Below is just a blind attempt to connect to a socket. The 2nd instance of
> syslog-ng is running and listening on port 518.
>
> I created a directory under /run called "syslog-ng-Second-Instance" and
> tried to connect... However Connection is refused.
>
> Command Used:
> root at syslog-ng:# syslog-ng-ctl verbose --set=on
> --control=/run/syslog-ng-Second-Instance
> Error connecting control socket, socket='/run/syslog-ng-Second-Instance',
> error='Connection refused'
>
>
> Any thoughts on the correct syntax and preparation needed?
>
>
> Best Regards,
>
>
>
>
>
> -----Original Message-----
> From: jrhendri at roadrunner.com [mailto:jrhendri at roadrunner.com]
> Sent: Tuesday, June 28, 2016 3:00 PM
> To: Syslog-ng users' and developers' mailing list; David Campeau
> Subject: RE: [syslog-ng] Syslog-ng Multiple Instances
>
> Maybe this?
>
> If you need to use a non-standard control socket to access syslog-ng,
> use the syslog-ng-ctl <command> --set=on --control=<socket> command
> to
> specify the socket to use.
>
>
>
> ---- David Campeau <David.Campeau at tn.gov> wrote:
> > Jim,
> >
> > No errors as the instance starts normally and listens on port 518.
> However, no logs are received or forwarded.
> >
> > root at syslog-ng1:/usr/local/bin/syslog-ng-Second-Instance# netstat -an
> |grep 518
> > udp 0 0 0.0.0.0:518 0.0.0.0:*
> >
> > The test device is on the same subnet as syslog-ng listening on port
> 518, so there aren't any firewall issues. I've verified the test device is
> configured for port 518.
> >
> > However, when I check ctl stats, it's seeing the stats of the production
> syslog-ng instance. So, it appears this is improperly configured, but it's
> unknown what needs to be changed.
> >
> > Best Regards,
> >
> >
> > -----Original Message-----
> > From: jrhendri at roadrunner.com [mailto:jrhendri at roadrunner.com]
> > Sent: Tuesday, June 28, 2016 12:53 PM
> > To: Syslog-ng users' and developers' mailing list
> > Cc: David Campeau
> > Subject: Re: [syslog-ng] Syslog-ng Multiple Instances
> >
> > The only thing that would limit the number of instances that I am aware
> of are conflicts for opening things like network ports, connections to
> databases, maybe FIFOs, etc.
> >
> > I would look at that as a place to start.
> >
> > What kind of errors are you getting when you try to start the second
> instance?
> >
> > Jim
> >
> > ---- David Campeau <David.Campeau at tn.gov> wrote:
> > > Hello,
> > >
> > > I've been using syslog-ng to filter syslog before forwarding on to a
> log collector. However, I need to spin up a second instance for testing
> purposes. I've found a little bit of information on-line, but it hasn't
> completed the entire picture.
> > >
> > > This is the command used to start up the 2nd instance. I'm pointing to
> separate .conf .persist .pid and .ctl files -- However, it's still not
> working. I suspect the issue is due to OS log sources. How do a change log
> sources?
> > >
> > > syslog-ng
> --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf
> --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist
> --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid
> --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl &
> > >
> > > This is the upper part of the syslog-ng.conf file for the 2nd instance
> I wish to run.
> > >
> > > @version: 3.3.4
> > > @include "scl.conf"
> > > options {
> > > time-reap(30);
> > > mark-freq(10);
> > > keep-hostname(yes);
> > > chain-hostnames(no);
> > > use-dns(no);
> > > ## log-fifo-size(500000); ## Tuning Options
> > > ## flush_lines(10000); ## Tuning Options
> > > ## flush_timeout(10000); ## Tuning Options
> > > };
> > >
> > > source s_second_instance {
> > > syslog(transport("udp") port("518")); #### Will receive
> test syslog on port 518
> > > };
> > >
> > > destination d_syslog_udp {
> > > syslog("10.X.X.X"
> > > transport("udp")
> > > port("514")
> > > throttle(4000)
> > > );
> > > };
> > >
> > >
> > >
> > > I'm hoping someone has experience or has seen information on how to
> run a 2nd instance on the same box.
> > >
> > > Best Regards,
> > >
> > > David
> >
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160629/21f9cb59/attachment.htm
More information about the syslog-ng
mailing list