[syslog-ng] Syslog-ng, centos7 and systemd seem to hate each other

Scheidler, Balázs balazs.scheidler at balabit.com
Fri Feb 17 01:54:41 UTC 2017 

I have now tested this combination on centos 7, and collecting local log
messages do seem to work for me.

Please note that syslog-ng will detect whether it is running under systemd
at runtime, and it does it this way:
```
  if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode))
```

e.g. it is checking whether /run/systemd/system is a directory. If it is,
the system() source will use systemd-journal() as its source. If this does
not exist, it will fall back to /dev/log.

syslog-ng would report the result of this check with a debug level message:
```
      msg_debug("Systemd is not detected as the running init system");
```

or

```
      msg_debug("Systemd is detected as the running init system");
```

The program destination stuff should really be independent of the init
system, but a different AppArmor/SELinux config might be the culprit
though. When you launch it from the console, it would be unconfined, but
with systemd, a policy might be applied that does NOT allow executing
external programs.

I hope this helps.


-- 
Bazsi

On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli at in2p3.fr> wrote:

> On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
> > If I do a 'systemctl stop syslog-ng' and then just simply type
> 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it
> works fine.
> > Rather confusing, but I can't see why the systemctl file is not working
> as it should.
> > Any ideas?
>
> try this: in a terminal run `journalctl -f` as root.
> In another terminal, run `systemctl start syslog-ng`.
>
> If you don't see anything useful on the journalctl terminal, try increasing
> the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`,
> or by modifying
> `/lib/systemd/system/syslog-ng.service` and running `systemctl
> daemon-reload`).
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170216/36716c0f/attachment.html>

More information about the syslog-ng mailing list