[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7

Ivan Adji - Krstev akivanradix at gmail.com
Thu May 12 13:04:08 CEST 2016


Here it is nothing special everything is active from syslog-ng

[2016-05-12T06:58:31.428821] Compiling #unnamed sequence [log] at
[/etc/syslog-ng/syslog-ng.conf:97:7]
[2016-05-12T06:58:31.428829]   Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:97:7]
[2016-05-12T06:58:31.428838]   Compiling d_mongodb reference
[destination] at [/etc/syslog-ng/syslog-ng.conf:97:22]
[2016-05-12T06:58:31.429227] Seeking the journal to the last cursor
position;
cursor='s=45e493f939fe45439dc7263dbac327e7;i=18d5;b=a99860976f4b493db69999b0b65079a8;m=1fe68c36f;t=532a30982aa4f;x=1dcbc3750c827c8b'
[2016-05-12T06:58:31.430095] Module loaded and initialized successfully;
module='syslogformat'
[2016-05-12T06:58:31.430130] Failed to acquire
/run/systemd/journal/syslog socket, disabling systemd-syslog source;
[2016-05-12T06:58:31.430749] Error binding socket;
addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
[2016-05-12T06:58:31.430783] Error initializing message pipeline;
[root at syslogserver syslog-ng]# netstat -antup | grep 6514
tcp        0      0 0.0.0.0:6514            0.0.0.0:*              
LISTEN      14256/syslog-ng    
tcp        0      0 192.168.111.231:6514    5.144.32.159:43921     
FIN_WAIT2   -                  
[root at syslogserver syslog-ng]# ps -aef |grep syslog
root     14256     1  0 06:58 ?        00:00:00 /usr/sbin/syslog-ng -F
-p /var/run/syslogd.pid
root     14266 10078  0 06:58 pts/0    00:00:00 grep --color=auto syslog


On 05/12/2016 12:42 PM, jrhendri wrote:
> This has to be something very basic.
> Have you tried checking if another syslog server is running? 
> ps -aef |grep syslog
>
> Assuming this shows nothing, try a very simple syslog-ng config file
> and a manual start on the command line. 
>
> Make sure you check all the things in your configuration that your
> copy should open beforehand. 
>
> This should narrow down the problem I hope :-)
>
> Jim
>
>
>
>
>
>
>
> Sent from my Verizon, Samsung Galaxy smartphone
>
> -------- Original message --------
> From: Ivan Adji - Krstev <akivanradix at gmail.com>
> Date: 5/12/16 5:26 AM (GMT-05:00)
> To: syslog-ng at lists.balabit.hu
> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>
> So i have install EPEL and i have install syslog-ng and mongodb and
> when i start the syslog-ng service with *syslog-ng -Fevd *command i
> have the following error AGAIN :).
>
> Im not sure what is it and how to prevent it and what to do. But i
> really need this to work :(.
>
> [2016-05-12T05:21:10.739940] Error binding socket;
> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
> [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>
>
> [root at syslogserver loganalyzer]# netstat -tupl
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address        
> State       PID/Program name   
> tcp        0      0 localhost:27017         0.0.0.0:*              
> LISTEN      1352/mongod        
> tcp        0      0 0.0.0.0:syslog-tls      0.0.0.0:*              
> LISTEN      11377/syslog-ng    
> tcp        0      0 0.0.0.0:ssh             0.0.0.0:*              
> LISTEN      8562/sshd          
> tcp        0      0 localhost:smtp          0.0.0.0:*              
> LISTEN      1778/master        
> tcp6       0      0 [::]:http               [::]:*                 
> LISTEN      11264/httpd        
> tcp6       0      0 [::]:ssh                [::]:*                 
> LISTEN      8562/sshd          
> tcp6       0      0 localhost:smtp          [::]:*                 
> LISTEN      1778/master        
> udp        0      0 0.0.0.0:bootpc         
> 0.0.0.0:*                           638/dhclient       
> udp        0      0 0.0.0.0:60094          
> 0.0.0.0:*                           638/dhclient       
> udp6       0      0 [::]:3126              
> [::]:*                              638/dhclient
>
>
>
> [root at syslogserver loganalyzer]# lsof | grep LISTEN
> mongod     1352        mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  1393  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2028  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2033  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2034  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2138  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2139  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2141  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2148  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2404  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2446  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2447  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2448  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2449  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2450  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352  2451  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> mongod     1352 11380  mongod    6u     IPv4              17057      
> 0t0        TCP localhost:27017 (LISTEN)
> master     1778          root   13u     IPv4              15893      
> 0t0        TCP localhost:smtp (LISTEN)
> master     1778          root   14u     IPv6              15894      
> 0t0        TCP localhost:smtp (LISTEN)
> sshd       8562          root    3u     IPv4              23963      
> 0t0        TCP *:ssh (LISTEN)
> sshd       8562          root    4u     IPv6              23965      
> 0t0        TCP *:ssh (LISTEN)
> httpd     11264          root    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11265        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11267        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11268        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11269        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11270        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11275        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11276        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11277        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> httpd     11278        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
> syslog-ng 11377          root   14u     IPv4              34906      
> 0t0        TCP *:syslog-tls (LISTEN)
> syslog-ng 11377 11378    root   14u     IPv4              34906      
> 0t0        TCP *:syslog-tls (LISTEN)
> syslog-ng 11377 11541    root   14u     IPv4              34906      
> 0t0        TCP *:syslog-tls (LISTEN)
> httpd     11384        apache    4u     IPv6              32697      
> 0t0        TCP *:http (LISTEN)
>
>
>
> and the source config is as follow:
>
> source s_sys {
>     system();
>     unix-stream("/dev/log");
>     internal();
>     network(
>     port(6514)
> #       tcp(port(5140));
> #    file("/proc/kmsg" log_prefix("kernel: "));
>     transport("tls")
>     tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>     cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>     ca_dir("/etc/syslog-ng/ca.d"))
>     );
>     };
>
>
>
>
> destination d_mongodb {
>     mongodb(
> #    servers("localhost:27017")
> #        database("syslog")
> #    uri('mongodb://localhost/syslog-ng')
>     collection("messages")
>     value-pairs(
>     scope("selected-macros" "nv-pairs" "sdata")
>     )
>     );
>     };
>
>
> Kind regards
> Ivan
>
> On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>> Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
>> as some of the dependencies are missing from the base distribution:
>> https://fedoraproject.org/wiki/EPEL
>>
>> Bye,
>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstream
>> http://czanik.blogs.balabit.com/
>> https://twitter.com/PCzanik
>>
>>
>> On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev
>> <akivanradix at gmail.com> wrote:
>>> Hi i note this error of mine but i try the other one:
>>>
>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>> And i have the similar errors when ever i try to install on new CentOS
>>>
>>> The procedure im doing is: Fresh installation of CentOS
>>> yum update
>>> yum install httpd php vim wget
>>> then install mongodb ( add repo )
>>> then install syslog-ng ( add repo )
>>>
>>> I'm using: CentOS Linux release 7.2.1511 (Core)
>>> And im having the following repos:
>>>
>>> [root at syslogserver ~]# yum repolist
>>> Loaded plugins: fastestmirror
>>> Loading mirror speeds from cached hostfile
>>>  * base: mirror.switch.ch
>>>  * extras: mirror.switch.ch
>>>  * updates: mirror.switch.ch
>>> repo id
>>> repo name
>>> status
>>> base/7/x86_64
>>> CentOS-7 - Base
>>> 9,007
>>> czanik-syslog-ng37/x86_64
>>> Copr repo for syslog-ng37 owned by czanik
>>> 59
>>> extras/7/x86_64
>>> CentOS-7 - Extras
>>> 266
>>> mongodb-org-3.2/7
>>> MongoDB Repository
>>> 35
>>> updates/7/x86_64
>>> CentOS-7 - Updates
>>> 1,437
>>> repolist: 10,804
>>>
>>>
>>> [root at syslogserver ~]# yum install syslog-ng
>>> Loaded plugins: fastestmirror
>>> Loading mirror speeds from cached hostfile
>>>  * base: mirror.switch.ch
>>>  * extras: mirror.switch.ch
>>>  * updates: mirror.switch.ch
>>> Resolving Dependencies
>>> --> Running transaction check
>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libnet.so.1()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Running transaction check
>>> ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Finished Dependency Resolution
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>            Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>            Requires: libivykis.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>            Requires: ivykis >= 0.36.1
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>            Requires: libevtlog.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>            Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
>>>  You could try using --skip-broken to work around the problem
>>>  You could try running: rpm -Va --nofiles --nodigest
>>>
>>>
>>> Any idea ?
>>>
>>>
>>> On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>>>
>>> Hi,
>>>
>>> You should add the repository using the file:
>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>> to yum and not just download individual packages. You can use then
>>> "yum install syslog-ng" which will also download all necessary
>>> dependencies.
>>>
>>> Bye,
>>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>>> Balabit / syslog-ng upstream
>>> http://czanik.blogs.balabit.com/
>>> https://twitter.com/PCzanik
>>>
>>>
>>> On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev
>>> <akivanradix at gmail.com> wrote:
>>>
>>> I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>>>
>>>
>>> I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>>>
>>> The following errors i get:
>>>
>>> --> Finished Dependency Resolution
>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>            Requires: libevtlog.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>            Requires: libpcre.so.0()(64bit)
>>>  You could try using --skip-broken to work around the problem
>>>  You could try running: rpm -Va --nofiles --nodigest
>>>
>>>
>>> Any hints on this ?
>>>
>>> Kind regards
>>> Ivan
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/865f728b/attachment-0001.htm 


More information about the syslog-ng mailing list