[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7

Ivan Adji - Krstev akivanradix at gmail.com
Thu May 12 13:45:52 CEST 2016


Hi,
I have stoped now and here it is:
[root at syslogserver syslog-ng]# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
   Active: inactive (dead) since Thu 2016-05-12 13:34:10 CEST; 10min ago
     Docs: man:syslog-ng(8)
  Process: 2692 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p
/var/run/syslogd.pid (code=exited, status=0/SUCCESS)
 Main PID: 2692 (code=exited, status=0/SUCCESS)
   Status: "Shutting down... (Thu May 12 13:34:10 2016"

May 12 13:34:01 syslogserver.novalocal systemd[1]: Starting System
Logger Daemon...
May 12 13:34:01 syslogserver.novalocal systemd[1]: Started System Logger
Daemon.
May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopping System
Logger Daemon...
May 12 13:34:10 syslogserver.novalocal systemd[1]: Stopped System Logger
Daemon.

And *Syslog-ng -Fevd *gives me lot of output:

[2016-05-12T13:45:14.913916] Filter rule evaluation begins;
rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:45:14.913925] Filter node evaluation result;
result='not-match', type='facility'
[2016-05-12T13:45:14.913936] Filter rule evaluation result;
result='not-match', rule='f_cron',
location='/etc/syslog-ng/syslog-ng.conf:60:18'
[2016-05-12T13:45:14.914140] Outgoing message; message='May 12 13:45:14
syslogserver.novalocal nm-dispatcher[2935]: Dispatching action
\'dhcp4-change\' for eth0
'
[2016-05-12T13:45:18.702887] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such
file or directory (2)'
[2016-05-12T13:45:18.702938] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No
such file or directory (2)'
[2016-05-12T13:45:18.703025] Error setting up TLS session context;
tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned'
[2016-05-12T13:45:28.718534] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/serverkey.pem', error='No such
file or directory (2)'
[2016-05-12T13:45:28.718625] Error opening TLS file;
filename='/usr/local/etc/syslog-ng/cert.d/servercert.pem', error='No
such file or directory (2)'
[2016-05-12T13:45:28.718652] Error setting up TLS session context;
tls_error='SSL routines:SSL_CTX_check_private_key:no certificate assigned'


Kind regards
Ivan



On 05/12/2016 01:43 PM, Várady, László wrote:
> Hi,
>
> Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before
> running 'syslog-ng -Fevd' manually?
>
> --
> László Várady
>
> On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev
> <akivanradix at gmail.com <mailto:akivanradix at gmail.com>> wrote:
>
>     OK so i get syslog-ng running with the default configuration....
>     this  have some problem with the TLS configuration.
>
>     What i have done i have create the certificate procedures ( self
>     signed certificate ) on my laptop following this article:
>     https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
>
>     So i generate the server certificate on my laptop and the other
>     certificates for the clients. I copy them and put the configuration.
>
>     Any other configuration in syslog-ng.conf to put and try to
>     working with TLS ?
>
>     Kind regards
>
>
>
>     On 05/12/2016 12:42 PM, jrhendri wrote:
>>     This has to be something very basic.
>>     Have you tried checking if another syslog server is running? 
>>     ps -aef |grep syslog
>>
>>     Assuming this shows nothing, try a very simple syslog-ng config
>>     file and a manual start on the command line. 
>>
>>     Make sure you check all the things in your configuration that
>>     your copy should open beforehand. 
>>
>>     This should narrow down the problem I hope :-)
>>
>>     Jim
>>
>>
>>
>>
>>
>>
>>
>>     Sent from my Verizon, Samsung Galaxy smartphone
>>
>>     -------- Original message --------
>>     From: Ivan Adji - Krstev <akivanradix at gmail.com>
>>     <mailto:akivanradix at gmail.com>
>>     Date: 5/12/16 5:26 AM (GMT-05:00)
>>     To: syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>
>>     Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>>
>>     So i have install EPEL and i have install syslog-ng and mongodb
>>     and when i start the syslog-ng service with *syslog-ng -Fevd
>>     *command i have the following error AGAIN :).
>>
>>     Im not sure what is it and how to prevent it and what to do. But
>>     i really need this to work :(.
>>
>>     [2016-05-12T05:21:10.739940] Error binding socket;
>>     addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>     [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>>
>>
>>     [root at syslogserver loganalyzer]# netstat -tupl
>>     Active Internet connections (only servers)
>>     Proto Recv-Q Send-Q Local Address           Foreign
>>     Address         State       PID/Program name   
>>     tcp        0      0 localhost:27017        
>>     0.0.0.0:*               LISTEN      1352/mongod        
>>     tcp        0      0 0.0.0.0:syslog-tls     
>>     0.0.0.0:*               LISTEN      11377/syslog-ng    
>>     tcp        0      0 0.0.0.0:ssh            
>>     0.0.0.0:*               LISTEN      8562/sshd          
>>     tcp        0      0 localhost:smtp         
>>     0.0.0.0:*               LISTEN      1778/master        
>>     tcp6       0      0 [::]:http              
>>     [::]:*                  LISTEN      11264/httpd        
>>     tcp6       0      0 [::]:ssh               
>>     [::]:*                  LISTEN      8562/sshd          
>>     tcp6       0      0 localhost:smtp         
>>     [::]:*                  LISTEN      1778/master        
>>     udp        0      0 0.0.0.0:bootpc         
>>     0.0.0.0:*                           638/dhclient       
>>     udp        0      0 0.0.0.0:60094
>>     <http://0.0.0.0:60094>          
>>     0.0.0.0:*                           638/dhclient       
>>     udp6       0      0 [::]:3126              
>>     [::]:*                              638/dhclient
>>
>>
>>
>>     [root at syslogserver loganalyzer]# lsof | grep LISTEN
>>     mongod     1352        mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  1393  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2028  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2033  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2034  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2138  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2139  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2141  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2148  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2404  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2446  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2447  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2448  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2449  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2450  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352  2451  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     mongod     1352 11380  mongod    6u     IPv4             
>>     17057       0t0        TCP localhost:27017 (LISTEN)
>>     master     1778          root   13u     IPv4             
>>     15893       0t0        TCP localhost:smtp (LISTEN)
>>     master     1778          root   14u     IPv6             
>>     15894       0t0        TCP localhost:smtp (LISTEN)
>>     sshd       8562          root    3u     IPv4             
>>     23963       0t0        TCP *:ssh (LISTEN)
>>     sshd       8562          root    4u     IPv6             
>>     23965       0t0        TCP *:ssh (LISTEN)
>>     httpd     11264          root    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11265        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11267        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11268        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11269        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11270        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11275        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11276        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11277        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     httpd     11278        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>     syslog-ng 11377          root   14u     IPv4             
>>     34906       0t0        TCP *:syslog-tls (LISTEN)
>>     syslog-ng 11377 11378    root   14u     IPv4             
>>     34906       0t0        TCP *:syslog-tls (LISTEN)
>>     syslog-ng 11377 11541    root   14u     IPv4             
>>     34906       0t0        TCP *:syslog-tls (LISTEN)
>>     httpd     11384        apache    4u     IPv6             
>>     32697       0t0        TCP *:http (LISTEN)
>>
>>
>>
>>     and the source config is as follow:
>>
>>     source s_sys {
>>         system();
>>         unix-stream("/dev/log");
>>         internal();
>>         network(
>>         port(6514)
>>     #       tcp(port(5140));
>>     #    file("/proc/kmsg" log_prefix("kernel: "));
>>         transport("tls")
>>         tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>         cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>         ca_dir("/etc/syslog-ng/ca.d"))
>>         );
>>         };
>>
>>
>>
>>
>>     destination d_mongodb {
>>         mongodb(
>>     #    servers("localhost:27017")
>>     #        database("syslog")
>>     #    uri('mongodb://localhost/syslog-ng')
>>         collection("messages")
>>         value-pairs(
>>         scope("selected-macros" "nv-pairs" "sdata")
>>         )
>>         );
>>         };
>>
>>
>>     Kind regards
>>     Ivan
>>
>>     On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>>>     Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
>>>     as some of the dependencies are missing from the base distribution:
>>>     https://fedoraproject.org/wiki/EPEL
>>>
>>>     Bye,
>>>     Peter Czanik (CzP) <peter.czanik at balabit.com> <mailto:peter.czanik at balabit.com>
>>>     Balabit / syslog-ng upstream
>>>     http://czanik.blogs.balabit.com/
>>>     https://twitter.com/PCzanik
>>>
>>>
>>>     On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev
>>>     <akivanradix at gmail.com> <mailto:akivanradix at gmail.com> wrote:
>>>>     Hi i note this error of mine but i try the other one:
>>>>
>>>>     https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>>>     And i have the similar errors when ever i try to install on new CentOS
>>>>
>>>>     The procedure im doing is: Fresh installation of CentOS
>>>>     yum update
>>>>     yum install httpd php vim wget
>>>>     then install mongodb ( add repo )
>>>>     then install syslog-ng ( add repo )
>>>>
>>>>     I'm using: CentOS Linux release 7.2.1511 (Core)
>>>>     And im having the following repos:
>>>>
>>>>     [root at syslogserver ~]# yum repolist
>>>>     Loaded plugins: fastestmirror
>>>>     Loading mirror speeds from cached hostfile
>>>>      * base: mirror.switch.ch <http://mirror.switch.ch>
>>>>      * extras: mirror.switch.ch <http://mirror.switch.ch>
>>>>      * updates: mirror.switch.ch <http://mirror.switch.ch>
>>>>     repo id
>>>>     repo name
>>>>     status
>>>>     base/7/x86_64
>>>>     CentOS-7 - Base
>>>>     9,007
>>>>     czanik-syslog-ng37/x86_64
>>>>     Copr repo for syslog-ng37 owned by czanik
>>>>     59
>>>>     extras/7/x86_64
>>>>     CentOS-7 - Extras
>>>>     266
>>>>     mongodb-org-3.2/7
>>>>     MongoDB Repository
>>>>     35
>>>>     updates/7/x86_64
>>>>     CentOS-7 - Updates
>>>>     1,437
>>>>     repolist: 10,804
>>>>
>>>>
>>>>     [root at syslogserver ~]# yum install syslog-ng
>>>>     Loaded plugins: fastestmirror
>>>>     Loading mirror speeds from cached hostfile
>>>>      * base: mirror.switch.ch <http://mirror.switch.ch>
>>>>      * extras: mirror.switch.ch <http://mirror.switch.ch>
>>>>      * updates: mirror.switch.ch <http://mirror.switch.ch>
>>>>     Resolving Dependencies
>>>>     --> Running transaction check
>>>>     ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>>>     --> Processing Dependency: ivykis >= 0.36.1 for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libnet.so.1()(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Running transaction check
>>>>     ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
>>>>     ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>>>     --> Processing Dependency: ivykis >= 0.36.1 for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>>>     syslog-ng-3.7.3-3.el7.centos.x86_64
>>>>     --> Finished Dependency Resolution
>>>>     Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>>                Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
>>>>     Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>>                Requires: libivykis.so.0()(64bit)
>>>>     Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>>                Requires: ivykis >= 0.36.1
>>>>     Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>>                Requires: libevtlog.so.0()(64bit)
>>>>     Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>>>                Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
>>>>      You could try using --skip-broken to work around the problem
>>>>      You could try running: rpm -Va --nofiles --nodigest
>>>>
>>>>
>>>>     Any idea ?
>>>>
>>>>
>>>>     On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>>>>
>>>>     Hi,
>>>>
>>>>     You should add the repository using the file:
>>>>     https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>>>     to yum and not just download individual packages. You can use then
>>>>     "yum install syslog-ng" which will also download all necessary
>>>>     dependencies.
>>>>
>>>>     Bye,
>>>>     Peter Czanik (CzP) <peter.czanik at balabit.com> <mailto:peter.czanik at balabit.com>
>>>>     Balabit / syslog-ng upstream
>>>>     http://czanik.blogs.balabit.com/
>>>>     https://twitter.com/PCzanik
>>>>
>>>>
>>>>     On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev
>>>>     <akivanradix at gmail.com> <mailto:akivanradix at gmail.com> wrote:
>>>>
>>>>     I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>>>>
>>>>
>>>>     I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>>>>
>>>>     The following errors i get:
>>>>
>>>>     --> Finished Dependency Resolution
>>>>     Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>>                Requires: libevtlog.so.0()(64bit)
>>>>     Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>>>                Requires: libpcre.so.0()(64bit)
>>>>      You could try using --skip-broken to work around the problem
>>>>      You could try running: rpm -Va --nofiles --nodigest
>>>>
>>>>
>>>>     Any hints on this ?
>>>>
>>>>     Kind regards
>>>>     Ivan
>>>>
>>>>     ______________________________________________________________________________
>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>     Documentation:
>>>>     http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>     ______________________________________________________________________________
>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>     Documentation:
>>>>     http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>     ______________________________________________________________________________
>>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>     Documentation:
>>>>     http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>     ______________________________________________________________________________
>>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>     Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>>
>>
>>     ______________________________________________________________________________
>>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>     Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/7a90aca5/attachment-0001.htm 


More information about the syslog-ng mailing list