[syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
Várady, László
laszlo.varady at balabit.com
Thu May 12 14:14:26 CEST 2016
If I understand your problem correctly, you should just execute 'systemctl
start syslog-ng' to start it again in daemon mode.
On Thu, May 12, 2016 at 2:09 PM, Ivan Adji - Krstev <akivanradix at gmail.com>
wrote:
> Yes i guess but the syslog-ng is stop, how is it hes running ? I have
> execute
> *systemctl stop syslog-ng *How is that is running. And there is nothing
> in a process or in a network:
>
> [root at syslogserver syslog-ng]# ps axu | grep syslog
> root 3546 0.0 0.0 112644 964 pts/0 S+ 14:08 0:00 grep
> --color=auto syslog
>
> [root at syslogserver syslog-ng]# lsof | grep LISTEN
> sshd 825 root 3u IPv4 14259
> 0t0 TCP *:ssh (LISTEN)
> sshd 825 root 4u IPv6 14261
> 0t0 TCP *:ssh (LISTEN)
> mongod 1544 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1685 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1988 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1989 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1990 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1991 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1992 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1993 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1994 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1995 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1996 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 1999 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 2000 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 2001 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 2002 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> mongod 1544 2003 mongod 6u IPv4 15757
> 0t0 TCP localhost:27017 (LISTEN)
> master 1818 root 13u IPv4 16766
> 0t0 TCP localhost:smtp (LISTEN)
> master 1818 root 14u IPv6 16767
> 0t0 TCP localhost:smtp (LISTEN)
> [root at syslogserver syslog-ng]# netstat -antup | grep 6514
>
> [root at syslogserver syslog-ng]#
>
>
> On 05/12/2016 02:03 PM, Várady, László wrote:
>
> This output is all about the messages you received, so I think you have a
> working configuration now.
>
> --
> László Várady
>
> On Thu, May 12, 2016 at 1:49 PM, Ivan Adji - Krstev <akivanradix at gmail.com
> > wrote:
>
>> Sorry about the previus messages i was testing and so that i have put the
>> wrong path of the certificates here it is *syslog-ng -Fevd *output
>>
>> [2016-05-12T13:48:13.274891] Filter rule evaluation begins;
>> rule='f_cron', location='/etc/syslog-ng/syslog-ng.conf:60:18'
>> [2016-05-12T13:48:13.274901] Filter node evaluation result;
>> result='not-match', type='facility'
>> [2016-05-12T13:48:13.274912] Filter rule evaluation result;
>> result='not-match', rule='f_cron',
>> location='/etc/syslog-ng/syslog-ng.conf:60:18'
>> [2016-05-12T13:48:13.275397] Outgoing message; message='May 12 13:48:10
>> syslogserver.novalocal polkitd[630]: Unregistered Authentication Agent for
>> unix-process:3014:242607 (system bus name :1.74, object path
>> /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
>> (disconnected from bus)
>> '
>> [2016-05-12T13:48:13.275469] Outgoing message; message='May 12 13:48:11
>> syslogserver.novalocal sshd[3012]: Connection closed by 115.85.192.40
>> [preauth]
>> '
>> [2016-05-12T13:48:13.275519] Outgoing message; message='May 12 13:48:10
>> syslogserver.novalocal systemd[1]: Stopped System Logger Daemon.
>> '
>>
>> Ivan
>>
>> On 05/12/2016 01:43 PM, Várady, László wrote:
>>
>> Hi,
>>
>> Did you stop the syslog-ng daemon (systemctl stop syslog-ng) before
>> running 'syslog-ng -Fevd' manually?
>>
>> --
>> László Várady
>>
>> On Thu, May 12, 2016 at 1:16 PM, Ivan Adji - Krstev <
>> <akivanradix at gmail.com>akivanradix at gmail.com> wrote:
>>
>>> OK so i get syslog-ng running with the default configuration.... this
>>> have some problem with the TLS configuration.
>>>
>>> What i have done i have create the certificate procedures ( self signed
>>> certificate ) on my laptop following this article:
>>> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-tutorial-mutual-auth-tls/html/create-server-certificate.html
>>>
>>> So i generate the server certificate on my laptop and the other
>>> certificates for the clients. I copy them and put the configuration.
>>>
>>> Any other configuration in syslog-ng.conf to put and try to working with
>>> TLS ?
>>>
>>> Kind regards
>>>
>>>
>>>
>>> On 05/12/2016 12:42 PM, jrhendri wrote:
>>>
>>> This has to be something very basic.
>>> Have you tried checking if another syslog server is running?
>>> ps -aef |grep syslog
>>>
>>> Assuming this shows nothing, try a very simple syslog-ng config file and
>>> a manual start on the command line.
>>>
>>> Make sure you check all the things in your configuration that your copy
>>> should open beforehand.
>>>
>>> This should narrow down the problem I hope :-)
>>>
>>> Jim
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Sent from my Verizon, Samsung Galaxy smartphone
>>>
>>> -------- Original message --------
>>> From: Ivan Adji - Krstev <akivanradix at gmail.com><akivanradix at gmail.com>
>>> <akivanradix at gmail.com>
>>> Date: 5/12/16 5:26 AM (GMT-05:00)
>>> To: syslog-ng at lists.balabit.hu
>>> Subject: Re: [syslog-ng] Installing Syslog-NG 3.7 on CentOS 7
>>>
>>> So i have install EPEL and i have install syslog-ng and mongodb and when
>>> i start the syslog-ng service with *syslog-ng -Fevd *command i have the
>>> following error AGAIN :).
>>>
>>> Im not sure what is it and how to prevent it and what to do. But i
>>> really need this to work :(.
>>>
>>> [2016-05-12T05:21:10.739940] Error binding socket;
>>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>> [2016-05-12T05:21:10.739973] Error initializing message pipeline;
>>>
>>>
>>> [root at syslogserver loganalyzer]# netstat -tupl
>>> Active Internet connections (only servers)
>>> Proto Recv-Q Send-Q Local Address Foreign Address
>>> State PID/Program name
>>> tcp 0 0 localhost:27017 0.0.0.0:*
>>> LISTEN 1352/mongod
>>> tcp 0 0 0.0.0.0:syslog-tls 0.0.0.0:*
>>> LISTEN 11377/syslog-ng
>>> tcp 0 0 0.0.0.0:ssh 0.0.0.0:*
>>> LISTEN 8562/sshd
>>> tcp 0 0 localhost:smtp 0.0.0.0:*
>>> LISTEN 1778/master
>>> tcp6 0 0 [::]:http [::]:*
>>> LISTEN 11264/httpd
>>> tcp6 0 0 [::]:ssh [::]:*
>>> LISTEN 8562/sshd
>>> tcp6 0 0 localhost:smtp [::]:*
>>> LISTEN 1778/master
>>> udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
>>> 638/dhclient
>>> udp 0 0 0.0.0.0:60094 0.0.0.0:*
>>> 638/dhclient
>>> udp6 0 0 [::]:3126
>>> [::]:* 638/dhclient
>>>
>>>
>>>
>>> [root at syslogserver loganalyzer]# lsof | grep LISTEN
>>> mongod 1352 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 1393 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2028 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2033 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2034 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2138 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2139 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2141 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2148 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2404 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2446 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2447 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2448 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2449 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2450 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 2451 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> mongod 1352 11380 mongod 6u IPv4 17057
>>> 0t0 TCP localhost:27017 (LISTEN)
>>> master 1778 root 13u IPv4 15893
>>> 0t0 TCP localhost:smtp (LISTEN)
>>> master 1778 root 14u IPv6 15894
>>> 0t0 TCP localhost:smtp (LISTEN)
>>> sshd 8562 root 3u IPv4 23963
>>> 0t0 TCP *:ssh (LISTEN)
>>> sshd 8562 root 4u IPv6 23965
>>> 0t0 TCP *:ssh (LISTEN)
>>> httpd 11264 root 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11265 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11267 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11268 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11269 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11270 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11275 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11276 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11277 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> httpd 11278 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>> syslog-ng 11377 root 14u IPv4 34906
>>> 0t0 TCP *:syslog-tls (LISTEN)
>>> syslog-ng 11377 11378 root 14u IPv4 34906
>>> 0t0 TCP *:syslog-tls (LISTEN)
>>> syslog-ng 11377 11541 root 14u IPv4 34906
>>> 0t0 TCP *:syslog-tls (LISTEN)
>>> httpd 11384 apache 4u IPv6 32697
>>> 0t0 TCP *:http (LISTEN)
>>>
>>>
>>>
>>> and the source config is as follow:
>>>
>>> source s_sys {
>>> system();
>>> unix-stream("/dev/log");
>>> internal();
>>> network(
>>> port(6514)
>>> # tcp(port(5140));
>>> # file("/proc/kmsg" log_prefix("kernel: "));
>>> transport("tls")
>>> tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
>>> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
>>> ca_dir("/etc/syslog-ng/ca.d"))
>>> );
>>> };
>>>
>>>
>>>
>>>
>>> destination d_mongodb {
>>> mongodb(
>>> # servers("localhost:27017")
>>> # database("syslog")
>>> # uri('mongodb://localhost/syslog-ng')
>>> collection("messages")
>>> value-pairs(
>>> scope("selected-macros" "nv-pairs" "sdata")
>>> )
>>> );
>>> };
>>>
>>>
>>> Kind regards
>>> Ivan
>>>
>>> On 05/10/2016 01:35 PM, Czanik, Péter wrote:
>>>
>>> Do you also have EPEL? The RHEL7/CentOS7 repo is built against EPEL,
>>> as some of the dependencies are missing from the base distribution:https://fedoraproject.org/wiki/EPEL
>>>
>>> Bye,
>>> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
>>> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>>>
>>>
>>> On Tue, May 10, 2016 at 1:29 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>>>
>>> Hi i note this error of mine but i try the other one:
>>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>> And i have the similar errors when ever i try to install on new CentOS
>>>
>>> The procedure im doing is: Fresh installation of CentOS
>>> yum update
>>> yum install httpd php vim wget
>>> then install mongodb ( add repo )
>>> then install syslog-ng ( add repo )
>>>
>>> I'm using: CentOS Linux release 7.2.1511 (Core)
>>> And im having the following repos:
>>>
>>> [root at syslogserver ~]# yum repolist
>>> Loaded plugins: fastestmirror
>>> Loading mirror speeds from cached hostfile
>>> * base: mirror.switch.ch
>>> * extras: mirror.switch.ch
>>> * updates: mirror.switch.ch
>>> repo id
>>> repo name
>>> status
>>> base/7/x86_64
>>> CentOS-7 - Base
>>> 9,007
>>> czanik-syslog-ng37/x86_64
>>> Copr repo for syslog-ng37 owned by czanik
>>> 59
>>> extras/7/x86_64
>>> CentOS-7 - Extras
>>> 266
>>> mongodb-org-3.2/7
>>> MongoDB Repository
>>> 35
>>> updates/7/x86_64
>>> CentOS-7 - Updates
>>> 1,437
>>> repolist: 10,804
>>>
>>>
>>> [root at syslogserver ~]# yum install syslog-ng
>>> Loaded plugins: fastestmirror
>>> Loading mirror speeds from cached hostfile
>>> * base: mirror.switch.ch
>>> * extras: mirror.switch.ch
>>> * updates: mirror.switch.ch
>>> Resolving Dependencies
>>> --> Running transaction check
>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libnet.so.1()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Running transaction check
>>> ---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
>>> ---> Package syslog-ng.x86_64 0:3.7.3-3.el7.centos will be installed
>>> --> Processing Dependency: ivykis >= 0.36.1 for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libevtlog.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Processing Dependency: libivykis.so.0()(64bit) for package:
>>> syslog-ng-3.7.3-3.el7.centos.x86_64
>>> --> Finished Dependency Resolution
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>> Requires: libivykis.so.0(IVYKIS_0.30)(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>> Requires: libivykis.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>> Requires: ivykis >= 0.36.1
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>> Requires: libevtlog.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-3.el7.centos.x86_64 (czanik-syslog-ng37)
>>> Requires: libivykis.so.0(IVYKIS_0.29)(64bit)
>>> You could try using --skip-broken to work around the problem
>>> You could try running: rpm -Va --nofiles --nodigest
>>>
>>>
>>> Any idea ?
>>>
>>>
>>> On 05/09/2016 04:09 PM, Czanik, Péter wrote:
>>>
>>> Hi,
>>>
>>> You should add the repository using the file:https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng37/repo/epel-7/czanik-syslog-ng37-epel-7.repo
>>> to yum and not just download individual packages. You can use then
>>> "yum install syslog-ng" which will also download all necessary
>>> dependencies.
>>>
>>> Bye,
>>> Peter Czanik (CzP) <peter.czanik at balabit.com> <peter.czanik at balabit.com>
>>> Balabit / syslog-ng upstreamhttp://czanik.blogs.balabit.com/https://twitter.com/PCzanik
>>>
>>>
>>> On Mon, May 9, 2016 at 3:07 PM, Ivan Adji - Krstev<akivanradix at gmail.com> <akivanradix at gmail.com> wrote:
>>>
>>> I have the following errors when i try to install Syslog-NG 3.7 on CentOS 7
>>>
>>>
>>> I have problem when i try to install Syslog-NG 3.7 on CentOS 7.
>>>
>>> The following errors i get:
>>>
>>> --> Finished Dependency Resolution
>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>> Requires: libevtlog.so.0()(64bit)
>>> Error: Package: syslog-ng-3.7.3-1.el6.x86_64 (czanik-syslog-ng37epel6)
>>> Requires: libpcre.so.0()(64bit)
>>> You could try using --skip-broken to work around the problem
>>> You could try running: rpm -Va --nofiles --nodigest
>>>
>>>
>>> Any hints on this ?
>>>
>>> Kind regards
>>> Ivan
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160512/791d3eac/attachment-0001.htm
More information about the syslog-ng
mailing list