[syslog-ng] syslog-ng running but not writing logs

Mon Nov 27 12:21:06 UTC 2017

Try /dev/log or /dev/klog ?
https://man.openbsd.org/syslogd.8
*syslogd* opens a UDP socket, as specified in */etc/services*, for sending
forwarded messages. By default all incoming data on this socket is
discarded. If insecure mode is switched on with *-u*, it will also read
messages from the socket. *syslogd* also opens and reads messages from the
UNIX-domain socket */dev/log*, and from the special device */dev/klog* (to
read kernel messages), and from sendsyslog(2)
<https://man.openbsd.org/sendsyslog.2> (to read messages from userland
processes).

On Wed, Nov 22, 2017 at 6:49 AM, <buckingham at nym.hush.com> wrote:

> Hello forum members,
>
> Having spent a couple of weeks on this problem I thought someone might be
> able to help getting syslog-ng 3.9.1 to write log files on OpenBSD 6.2.
>
> The O/S was a fresh install, then syslog-ng and lastly BIND. No other
> packages except syslog-ng and BIND dependencies have been installed. No
> binaries or libs from BIND conflict or replace any from the syslog-ng
> installation.
>
> The .conf file was copied over from an older OpenBSD system, also running
> an older WORKING syslog-ng (3.1.1). The required changes to the .conf were
> made so that syslog-ng 3.9.1 with supervisor starts and remains running. By
> killing the syslog-ng process I was able to test that the supervisor
> process restarts syslog-ng. The rc.d script starts, stops and restarts
> syslog-ng as expected. /usr/local/sbin/syslog-ng -s returns no errors,
> indicating that the config file is sane.
>
> In /var/log the only thing it writes are syslog-ng start/stop messages. In
> an effort to localise the problem, a stub syslog-ng.conf was created with
> the following contents:
>
> @version: 3.9.1
> source s_local {
>         unix-dgram("/dev/log");
>         };
> #
> destination catchall { file(/var/log/catchall); };
> log { source(s_local);  destination(catchall);  };
>
>
> The permissions and ownership on /var, /var/log, /var/run, and /etc are
> correct according to the OpenBSD /etc/mtree/special file.  Syslog-ng starts
> retaining root permissions (default) and creates /dev/log if it does not
> exist. The syslog_ng_flags I use are:
>
> "-R /var/run/syslog_ng.persist -c /var/run/syslog_ng.ctl -p /var/run/syslog_ng.pid"
>
> Have tried running without any flags to see if that would help, but did
> not help.
>
> The output of syslog-ng -V is:
>
> syslog-ng 3.9.1
> Installer-Version: 3.9.1
> Revision:
> Module-Directory: /usr/local/lib/syslog-ng
> Module-Path: /usr/local/lib/syslog-ng
> Available-Modules: affile,afprog,afsocket,afsql,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,curl,date,dbparser,disk-buffer,geoip-plugin,graphite,kvformat,linux-kmsg-format,pseudofile,system-source,add-contextual-data,json-plugin,syslogformat
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: off
>
>
> On my hunt I foud a message on NARKIVE where a user was having the same
> problem with syslog-ng 3.6 on OpenBSD 5.9, there was no solution. There was
> a reply saying: "With the changes in 5.6 using sendsyslog(2), only syslogd
> picks up local syslog. Search the openbsd-ports list for syslog-ng to see
> some comments on it.".
>
>  After a further search I turned up nothing that would help.
>
> Have also tried to compile syslog-ng 3.12 from source to see if that might
> help solve the problem, but no success on OpenBSD.
>
> Many thanks in advance.
> CB
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171127/347f968e/attachment.html>