[syslog-ng] Syslog-ng 3.16 unable to write to pipe

Tue Apr 9 14:57:41 UTC 2019

You keep referring to /opt/log  but your configuration is for /var/log/nco.pipe

destination netcool        { pipe("/var/log/nco.pipe"); };

Is this a simple typo?

On 4/9/19 6:38 AM, Aguilu, Miguel wrote:
>
> We are in the middle of a project to Migrate from 3.0 to 3.16 (latest in redhat distro)
>
> The standard 3.14 config works fine writing to some standard logs in /var/log
>
> But we need to write special files to /opt/log/
>
>   * In this directory will be a file type pipe to be read by a syslog probe (parse messages into alerts). Using the following configuration NG returns unable to write.
>
> source s_dgram
>
>   { unix-dgram("/dev/log"); };
>
> source s_kernel
>
>   { file("/proc/kmsg" program_override("kernel: ")); };
>
> source s_udp
>
>   { udp(); };
>
> destination netcool        { pipe("/var/log/nco.pipe"); };
>
> log { source(s_dgram);
>
>       source(s_kernel);
>
>       source(s_udp); filter(f_NOfwflow);
>
>              filter(f_NOdata_cent);
>
>              filter(f_NOtacacs);
>
>              filter(f_netcool);        destination(netcool); };
>
>   * Even if I remove the filter I get the same error.
>   * Also removed all of the sources with the exception of the upd and got the same error.
>   * Changed the file type to file and getting:
>       o OLLERR occurred while idle; fd='66'
>       o Apr  9 13:17:45 wbucrp-isdmz1a-lb err syslog-ng[2475]: Connection broken; time_reopen='60'
>       o Apr  9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: POLLERR occurred while idle; fd='66'
>       o Apr  9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: Connection broken; time_reopen='60'
>       o Apr  9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: I/O error occurred while writing; fd='38', error='Connection refused (111)'
>       o Apr  9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: Connection broken; time_reopen='60'
>       o Apr  9 13:17:51 wapcrp-isdmz0a-lb notice syslog-ng[3713]: Suspending write operation because of an I/O error; fd='38', time_reopen='60'
>   * The permissions in /opt/log are 777 and owned by root which is the user syslog-ng is running under.
>   * Also change the path to where the config was updating file (/varr/log) and attemted to create the pipe and no luck
>
> Here are my global options:
>
>   * options {
>   *     flush_lines (0);
>   * #    time_reopen (10);
>   *     log_fifo_size (1000);
>   *     chain_hostnames (on);
>   *     use_dns (yes);  ## changed test
>   *     use_fqdn (yes);
>   *     keep_hostname (yes);
>   *     owner("root");
>   *     group("root");
>   *     create_dirs(yes);   #Test
>   *     dir_perm(0755);
>   *     perm(0644);
>   * };
>
> ANY Ideas?
>
> Thanks
>
> Miguel
>

-- 
Evan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190409/e1cbff88/attachment.html>