[syslog-ng] Syslog-ng 3.8
Ivan Adji - Krstev
akivanradix at gmail.com
Thu May 12 12:17:16 CEST 2016
Here is some additional information
[2016-05-12T06:16:34.111561] Compiling f_news sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:82:1]
[2016-05-12T06:16:34.111572] Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:82:22]
[2016-05-12T06:16:34.111582] Compiling d_mongodb reference
[destination] at [/etc/syslog-ng/syslog-ng.conf:94:38]
[2016-05-12T06:16:34.111594] Compiling #unnamed sequence [log] at
[/etc/syslog-ng/syslog-ng.conf:95:7]
[2016-05-12T06:16:34.111603] Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:95:7]
[2016-05-12T06:16:34.111612] Compiling f_boot reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:95:22]
[2016-05-12T06:16:34.111664] Compiling f_boot sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:85:1]
[2016-05-12T06:16:34.111675] Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:85:18]
[2016-05-12T06:16:34.111684] Compiling d_mongodb reference
[destination] at [/etc/syslog-ng/syslog-ng.conf:95:38]
[2016-05-12T06:16:34.111695] Compiling #unnamed sequence [log] at
[/etc/syslog-ng/syslog-ng.conf:96:7]
[2016-05-12T06:16:34.111703] Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:96:7]
[2016-05-12T06:16:34.111713] Compiling f_cron reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:96:22]
[2016-05-12T06:16:34.111722] Compiling f_cron sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:86:1]
[2016-05-12T06:16:34.111729] Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:86:18]
[2016-05-12T06:16:34.111738] Compiling d_mongodb reference
[destination] at [/etc/syslog-ng/syslog-ng.conf:96:38]
[2016-05-12T06:16:34.111747] Compiling #unnamed sequence [log] at
[/etc/syslog-ng/syslog-ng.conf:97:7]
[2016-05-12T06:16:34.111756] Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:97:7]
[2016-05-12T06:16:34.111764] Compiling d_mongodb reference
[destination] at [/etc/syslog-ng/syslog-ng.conf:97:22]
[2016-05-12T06:16:34.112063] Seeking the journal to the last cursor
position;
cursor='s=45e493f939fe45439dc7263dbac327e7;i=14bb;b=a99860976f4b493db69999b0b65079a8;m=1686b19ee;t=532a2738500ce;x=76df0459e1f9692e'
[2016-05-12T06:16:34.112746] Module loaded and initialized successfully;
module='syslogformat'
[2016-05-12T06:16:34.112781] Failed to acquire
/run/systemd/journal/syslog socket, disabling systemd-syslog source;
[2016-05-12T06:16:34.113286] Error binding socket;
addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
[2016-05-12T06:16:34.113320] Error initializing message pipeline;
On 05/10/2016 12:30 PM, Czanik, Péter wrote:
> Hi,
>
> First of all, as it was already stated here, and also on the Copr
> website: 3.8 is still a development version. It works fine on my
> server, passes the tests, still as it's a development version,
> mysterious things can happen.
>
> I tried to reproduce your problem, but I could not. I followed
> instructions from
> https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-tutorial-mutual-auth-tls/html-single/index.html
> to generate self signed certificates and used the following config:
>
> [root at localhost conf.d]# cat tls.conf
> source demo_tls_source {
> network(ip(0.0.0.0) port(6514)
> transport("tls")
> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
> ca_dir("/etc/syslog-ng/ca.d")
> peer-verify(optional-untrusted))
> ); };
>
> log { source(demo_tls_source); destination(d_mesg); };
>
> First I tested the configuration by starting syslog-ng from the
> command line: syslog-ng -Fvd, and it worked fine. Next I started it
> with "systemctl start syslog-ng" and that worked as well.
>
> In both cases I tested using:
>
> [root at localhost conf.d]# loggen -U -i -S 127.0.0.1 6514
> average rate = 1030.54 msg/sec, count=10315, time=10.009, (average)
> msg size=256, bandwidth=257.49 kB/sec
>
> Note: all my test machines have SELinux and iptables disabled. Check
> /var/log/audit/audit.log for SELinux related messages, and your
> firewall config if it blocks port 6514. If needed, change your
> configurations.
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> http://czanik.blogs.balabit.com/
> https://twitter.com/PCzanik
>
>
> On Tue, May 10, 2016 at 11:03 AM, Czanik, Péter
> <peter.czanik at balabit.com> wrote:
>> Oh, that's my repository. TLS worked fine for me earlier. I'll try to
>> reproduce the problem later this week.
>>
>> Bye,
>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstream
>> http://czanik.blogs.balabit.com/
>> https://twitter.com/PCzanik
>>
>>
>> On Mon, May 9, 2016 at 5:43 PM, Ivan Adji - Krstev
>> <akivanradix at gmail.com> wrote:
>>> I'm using this one:
>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/
>>> To be more specific
>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czanik-syslog-ng38-epel-7.repo
>>>
>>> And im truing to use it with TLS, self signed certificate
>>>
>>> Kind regards
>>> Ivan
>>>
>>> On 05/09/2016 04:37 PM, Scot Needy wrote:
>>>
>>> What repo are you using ?
>>>
>>>
>>> On May 9, 2016, at 5:02 AM, Ivan Adji - Krstev <akivanradix at gmail.com>
>>> wrote:
>>>
>>> Guys,
>>> Any news on this ? I relay need this syslog up and running.
>>>
>>> Kind regards
>>>
>>>
>>> On 05/06/2016 02:35 PM, Tibor Benke wrote:
>>>
>>> If you get the mentioned errors right after the upgrade, maybe the install
>>> scripts are not able to stop syslog-ng -> the upgraded syslog-ng isn't able
>>> to start. Could you check the install scripts, please?
>>>
>>> 2016-05-06 14:28 GMT+02:00 Ivan Adji - Krstev <akivanradix at gmail.com>:
>>>> Here it is
>>>>
>>>> [root at syslogserver syslog-ng]# lsof | grep LISTEN
>>>> sshd 854 root 3u IPv4 15103 0t0
>>>> TCP *:ssh (LISTEN)
>>>> sshd 854 root 4u IPv6 15105 0t0
>>>> TCP *:ssh (LISTEN)
>>>> mongod 1325 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 1346 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 1922 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 1923 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 1924 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2010 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2011 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2012 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2013 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2165 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2167 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2168 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2169 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2170 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2171 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 2172 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 27857 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 27874 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 27876 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> mongod 1325 28175 mongod 6u IPv4 15950 0t0
>>>> TCP localhost:27017 (LISTEN)
>>>> master 1577 root 13u IPv4 16582 0t0
>>>> TCP localhost:smtp (LISTEN)
>>>> master 1577 root 14u IPv6 16583 0t0
>>>> TCP localhost:smtp (LISTEN)
>>>> syslog-ng 28172 root 21u IPv4 3116883 0t0
>>>> TCP *:syslog-tls (LISTEN)
>>>> syslog-ng 28172 28173 root 21u IPv4 3116883 0t0
>>>> TCP *:syslog-tls (LISTEN)
>>>>
>>>>
>>>> [root at syslogserver syslog-ng]# netstat -antp | grep 6514
>>>> tcp 0 0 0.0.0.0:6514 0.0.0.0:* LISTEN
>>>> 28172/syslog-ng
>>>> [root at syslogserver syslog-ng]#
>>>>
>>>> Kind regards
>>>> Ivan
>>>>
>>>>
>>>>
>>>> On 05/06/2016 02:25 PM, Tibor Benke wrote:
>>>>
>>>> Hi Ivan,
>>>>
>>>> Could you check what program listens on 0.0.0.0:6514? Thanks! (I suppose
>>>> it's a syslog-ng which failed to stop from some unknown reason.)
>>>>
>>>> Tibor
>>>>
>>>> 2016-05-06 14:18 GMT+02:00 Ivan Adji - Krstev <akivanradix at gmail.com>:
>>>>> I have to say ... defenetly we have a problem with this version. I have
>>>>> install minimal CentOS 7 (CentOS Linux release 7.2.1511 (Core) ) and
>>>>> Syslog-NG 3.8 and again i have the problem when i update from 3.7 to 3.8.
>>>>>
>>>>> [2016-05-06T08:14:35.480042] Error binding socket;
>>>>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>>>> [2016-05-06T08:14:35.480091] Error initializing message pipeline;
>>>>>
>>>>> If you have any suggestions about this problem pleas do it as im on the
>>>>> way to go back on 3.7
>>>>>
>>>>> Kind regards
>>>>> Ivan
>>>>>
>>>>> On 04/26/2016 02:40 AM, Scot Needy wrote:
>>>>>
>>>>> No issues on CentOS 7.1
>>>>>
>>>>> On Apr 25, 2016, at 1:11 PM, Scheidler, Balázs
>>>>> <balazs.scheidler at balabit.com> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> 3.8 is not yet considered stable, although we do everything to keep it
>>>>> that way. It is where we integrate new stuff, both features and bugfixes. I
>>>>> would stick to 3.7 in a production environment, even though your feedback of
>>>>> 3.8 is very valuable and appreciated, so it becomes really stable when we
>>>>> get to the release button.
>>>>>
>>>>> Anyway, I don't think your "address is already in use" is a 3.8 related
>>>>> issue, it is most probably systemd/initscript related.
>>>>>
>>>>>
>>>>> --
>>>>> Bazsi
>>>>>
>>>>> On Mon, Apr 25, 2016 at 2:18 PM, Ivan Adji - Krstev
>>>>> <akivanradix at gmail.com> wrote:
>>>>>> Hi all,
>>>>>> I have open a issue about the error i got when i update the Syslog-NG to
>>>>>> 3.8 for "syslog-ng Address already in use (98)". I'm still working on
>>>>>> the issue, but i would like to know if this newest version 3.8 is
>>>>>> stabled as im building new environment and im asking myself do i use
>>>>>> this 3.8 version or 3.7 ?
>>>>>>
>>>>>> Thanks
>>>>>> Ivan
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/76a67a4c/attachment-0001.htm
More information about the syslog-ng
mailing list