[syslog-ng] Syslog-ng, centos7 and systemd seem to hate each other

Anil Panchal anil.panchal8181 at gmail.com
Sat Feb 18 17:21:18 UTC 2017


Hi Guy's,
I have one question here for you..
What does filter (f_undebug) is used for..? what is the purpose of this
function in syslog-ng.conf file specially in syslog forwarding rules..?

Can someone help me on this..?

Thanks in Advance..!!

Thanks
Anil Panchal
On 17-Feb-2017 10:49 pm, "Jordan Ladora" <vicepresjoebiden at gmail.com> wrote:

> Yes, selinux indeed was the issue. Not sure why my selinux config in the
> past allowed this, but it was being blocked currently on the default port.
>
> Updating the policy with-
>
> sudo semanage port -a -t syslogd_port_t -p tcp 36598
>
> ...allows syslog-ng to log without having to start it manually from the
> terminal (where, as you pointed out, it runs unconfined. Otherwise it runs
> as syslogd_t and by default was limited to ports 514 & 601 and blocked on
> the default tcp 36598).
>
> Thank you!
>
>
> On Thu, Feb 16, 2017 at 6:54 PM, Scheidler, Bal√°zs <
> balazs.scheidler at balabit.com> wrote:
>
>> I have now tested this combination on centos 7, and collecting local log
>> messages do seem to work for me.
>>
>> Please note that syslog-ng will detect whether it is running under
>> systemd at runtime, and it does it this way:
>> ```
>>   if (lstat("/run/systemd/system/", &st) < 0 || !S_ISDIR(st.st_mode))
>> ```
>>
>> e.g. it is checking whether /run/systemd/system is a directory. If it is,
>> the system() source will use systemd-journal() as its source. If this does
>> not exist, it will fall back to /dev/log.
>>
>> syslog-ng would report the result of this check with a debug level
>> message:
>> ```
>>       msg_debug("Systemd is not detected as the running init system");
>> ```
>>
>> or
>>
>> ```
>>       msg_debug("Systemd is detected as the running init system");
>> ```
>>
>> The program destination stuff should really be independent of the init
>> system, but a different AppArmor/SELinux config might be the culprit
>> though. When you launch it from the console, it would be unconfined, but
>> with systemd, a policy might be applied that does NOT allow executing
>> external programs.
>>
>> I hope this helps.
>>
>>
>> --
>> Bazsi
>>
>> On Mon, Feb 13, 2017 at 6:54 AM, Fabien Wernli <wernli at in2p3.fr> wrote:
>>
>>> On Fri, Feb 10, 2017 at 09:32:21PM +0000, Clayton Dukes wrote:
>>> > If I do a 'systemctl stop syslog-ng' and then just simply type
>>> 'syslog-ng' (no foreground, debug, etc. switches) from the command line, it
>>> works fine.
>>> > Rather confusing, but I can't see why the systemctl file is not
>>> working as it should.
>>> > Any ideas?
>>>
>>> try this: in a terminal run `journalctl -f` as root.
>>> In another terminal, run `systemctl start syslog-ng`.
>>>
>>> If you don't see anything useful on the journalctl terminal, try
>>> increasing
>>> the verbosity of syslog-ng (either by editing `/etc/sysconfig/syslog-ng`,
>>> or by modifying
>>> `/lib/systemd/system/syslog-ng.service` and running `systemctl
>>> daemon-reload`).
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170218/38eb1a8a/attachment.html>


More information about the syslog-ng mailing list