[syslog-ng] syslog-ng running but not writing logs
buckingham at nym.hush.com
buckingham at nym.hush.com
Wed Nov 22 11:49:45 UTC 2017
Hello forum members,
Having spent a couple of weeks on this problem I thought someone
might be able to help getting syslog-ng 3.9.1 to write log files on
OpenBSD 6.2.
The O/S was a fresh install, then syslog-ng and lastly BIND. No other
packages except syslog-ng and BIND dependencies have been installed.
No binaries or libs from BIND conflict or replace any from the
syslog-ng installation.
The .conf file was copied over from an older OpenBSD system, also
running an older WORKING syslog-ng (3.1.1). The required changes to
the .conf were made so that syslog-ng 3.9.1 with supervisor starts
and remains running. By killing the syslog-ng process I was able to
test that the supervisor process restarts syslog-ng. The rc.d script
starts, stops and restarts syslog-ng as expected.
/usr/local/sbin/syslog-ng -s returns no errors, indicating that the
config file is sane.
In /var/log the only thing it writes are syslog-ng start/stop
messages. In an effort to localise the problem, a stub syslog-ng.conf
was created with the following contents:
@version: 3.9.1 source s_local { unix-dgram("/dev/log");
}; # destination catchall { file(/var/log/catchall); }; log {
source(s_local); destination(catchall); };
The permissions and ownership on /var, /var/log, /var/run, and /etc
are correct according to the OpenBSD /etc/mtree/special file.
Syslog-ng starts retaining root permissions (default) and creates
/dev/log if it does not exist. The syslog_ng_flags I use are:
"-R /var/run/syslog_ng.persist -c /var/run/syslog_ng.ctl -p
/var/run/syslog_ng.pid"Have tried running without any flags to see if
that would help, but did not help.
The output of syslog-ng -V is:
syslog-ng 3.9.1 Installer-Version: 3.9.1 Revision: Module-Directory:
/usr/local/lib/syslog-ng Module-Path: /usr/local/lib/syslog-ng
Available-Modules:
affile,afprog,afsocket,afsql,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,curl,date,dbparser,disk-buffer,geoip-plugin,graphite,kvformat,linux-kmsg-format,pseudofile,system-source,add-contextual-data,json-plugin,syslogformat
Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6:
on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps:
off
On my hunt I foud a message on NARKIVE where a user was having the
same problem with syslog-ng 3.6 on OpenBSD 5.9, there was no
solution. There was a reply saying: "With the changes in 5.6 using
sendsyslog(2), only syslogd picks up local syslog. Search the
openbsd-ports list for syslog-ng to see some comments on it.".
After a further search I turned up nothing that would help.
Have also tried to compile syslog-ng 3.12 from source to see if that
might help solve the problem, but no success on OpenBSD.
Many thanks in advance.
CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171122/5d325cbe/attachment.html>
More information about the syslog-ng
mailing list