[syslog-ng] unable to start syslog-ng.

Czanik, Péter peter.czanik at balabit.com
Mon May 1 19:14:52 UTC 2017 

Hi,

The first problem is the lack of the JSON module. For the second one there
is not enough information to see, if it is a syslog-ng or a systemd service
file problem. Can you start syslog-ng from the command line? I mean using
the following command line to catch any problems on the terminal:

syslog-ng -Fvde

Bye,


Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik

On Mon, May 1, 2017 at 9:11 PM, Dwijadas Dey <dwijad at gmail.com> wrote:

> Hi
>     Vijay
>             I don't see json-plugin under Available-Modules section in the
> output of # syslog-ng -V
>
> I have also compiled syslog-ng from source (3.6.4), and it shows
> json-plugin in the output of syslog-ng -V You may need to pass enable-json
> flag while compiling it from source.
>
> # syslog-ng -V
> syslog-ng 3.6.4
> Installer-Version: 3.6.4
> Revision:
> Compile-Date: Dec 18 2016 15:02:59
> Available-Modules: pseudofile,graphite,sdjournal,afsocket,syslogformat,
> afsocket-notls,afsocket-tls,affile,afprog,afuser,afamqp,
> afmongodb,csvparser,confgen,system-source,linux-kmsg-
> format,basicfuncs,cryptofuncs,dbparser,json-plugin,tfgeoip,afstomp
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: off
>
> Since you are using the version 3.9.1, i am not 100% sure that, this is
> the issue.
>
> Also, you can try this link.
> https://lists.balabit.hu/pipermail/syslog-ng/2016-February/022667.html
>
> Regards
>
>
>
> On Tue, May 2, 2017 at 12:00 AM, vijay amruth <vijayamruth at gmail.com>
> wrote:
>
>> Hello All, Hope you are all doing great. I am unable to start syslog-ng
>> service
>>
>> Here is some information:
>>
>> *OS Version: Cent OS 7.3*
>>
>> *I compiled it from a tar ball..*
>>
>> [root at xxxxx system]# syslog-ng -V
>> syslog-ng 3.9.1
>> Installer-Version: 3.9.1
>> Revision:
>> Module-Directory: /usr/local/lib/syslog-ng
>> Module-Path: /usr/local/lib/syslog-ng
>> Available-Modules: kvformat,cef,disk-buffer,add-c
>> ontextual-data,syslogformat,afsocket,affile,afprog,afuser,af
>> amqp,afmongodb,csvparser,confgen,system-source,linux-kmsg-
>> format,basicfuncs,cryptofuncs,dbparser,afstomp,pseudofile,
>> graphite,sdjournal,date
>> Enable-Debug: off
>> Enable-GProf: off
>> Enable-Memtrace: off
>> Enable-IPv6: on
>> Enable-Spoof-Source: off
>> Enable-TCP-Wrapper: off
>> Enable-Linux-Caps: off
>>
>>
>> *I manually added this file, this didn't come with install...*
>>
>> [root at xxxxx system]# cat syslog-ng.service
>> [Unit]
>> Description=System Logger Daemon
>> Documentation=man:syslog-ng(8)
>>
>> [Service]
>> Type=notify
>> Sockets=syslog.socket
>> ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd-ng.pid --fd-limit
>> 50000
>> ExecReload=/bin/kill -HUP $MAINPID
>> StandardOutput=null
>> Restart=on-failure
>>
>> [Install]
>> WantedBy=multi-user.target
>> Alias=syslog.service
>> [root at sl-sz3-splunk01 system]# pwd
>> /lib/systemd/system
>>
>> *Had parser errors:*
>>
>> [root at xxxxxx  ~]# syslog-ng -s
>> Error parsing config, Error compiling template (Unknown template function
>> "format-json") in /usr/local/share/syslog-ng/include/scl/cim/template.conf
>> at line 23, column 32:
>>
>>     included from /usr/local/etc/scl.conf line 29, column 1
>>
>>     included from /usr/local/etc/syslog-ng.conf line 8, column 1
>>
>> template-function "format-cim" "$(format-json --pair
>> @timestamp='${R_ISODATE}' --pair @message='${MSG}' --key .cim.* --shift 5
>> --key _* --key .* --replace-prefix .=_ --key *.*)\n";
>>                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> syslog-ng documentation: http://www.balabit.com/support
>> /documentation/?product=syslog-ng
>> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>
>> *Moved /usr/local/share/syslog-ng/include/scl/cim and no parser errors.*
>> *But still unable to start.*
>>
>> [root at xxxxx system]# systemctl status syslog-ng.service
>> ● syslog-ng.service - System Logger Daemon
>>    Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; disabled;
>> vendor preset: enabled)
>>    Active: failed (Result: start-limit) since Mon 2017-05-01 10:46:58
>> PDT; 7s ago
>>      Docs: man:syslog-ng(8)
>>   Process: 2170 ExecStart=/usr/sbin/syslog-ng -F -p
>> /var/run/syslogd-ng.pid --fd-limit 50000 (code=exited, status=203/EXEC)
>>  Main PID: 2170 (code=exited, status=203/EXEC)
>>
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]:
>> syslog-ng.service: main process exited, code=exited, status=203/EXEC
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Failed to start
>> System Logger Daemon.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Unit
>> syslog-ng.service entered failed state.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]:
>> syslog-ng.service failed.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]:
>> syslog-ng.service holdoff time over, scheduling restart.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: start request
>> repeated too quickly for syslog-ng.service
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Failed to start
>> System Logger Daemon.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]: Unit
>> syslog-ng.service entered failed state.
>> May 01 10:46:58 sl-sz3-splunk01.slc.ebay.com systemd[1]:
>> syslog-ng.service failed.
>>
>> What I am I missing? Any help is appreciated. Thank you.
>>
>>
>> --
>> Thanks,
>> Vijay Amrut.
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170501/4002f0ec/attachment.html>

More information about the syslog-ng mailing list