[syslog-ng] syslog-ng Digest, Vol 166, Issue 14

Lin, Victor victor.lin at rbc.com
Wed Feb 27 13:56:05 UTC 2019


Thanks a lot Kokan!!!!! 
After I put the individual name for each persist-name, no error any more :-).

Have a great day!

VL

-----Original Message-----
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of syslog-ng-request at lists.balabit.hu
Sent: 2019, February, 27 3:25 AM
To: syslog-ng at lists.balabit.hu
Subject: syslog-ng Digest, Vol 166, Issue 14

Send syslog-ng mailing list submissions to
	syslog-ng at lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
	syslog-ng-request at lists.balabit.hu

You can reach the person managing the list at
	syslog-ng-owner at lists.balabit.hu

When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."


Today's Topics:

   1. Re:  syslog-ng.conf error (Péter)


----------------------------------------------------------------------

Message: 1
Date: Wed, 27 Feb 2019 09:24:50 +0100
From: Péter, Kókai <peter.kokai at oneidentity.com>
To: "Syslog-ng users' and developers' mailing list"
	<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] syslog-ng.conf error
Message-ID:
	<CABxQCpj_YRnzzkskbCoi_CULFEuNskO=X1OpsKrQ0T=0V3crug at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hello,

In order to point out the exact location of issue, you have to share your configuration.

If you do not want to share it, there is two hint to find it yourself:

1) The message "Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting" actually truncated (possible by journalctl), and the full version should contain the location of the item that has conflicting persist-name.

2) About persist-name, syslog-ng uses a persist file to store some information (for example to keep data between restart/reload). Date is stored in that file via its key, those keys are generated based on the configuration item options (for file source it could be the path of the file, etc...), sometimes it could collide with other configured item and syslog-ng cannot resolve the name collition; but the user could with specifying the *persist-name* option, which override the default generated option.

An example:
source s {
   file("/tmp/file" persist-name("my-tmp-file") ); };


--
Kokan

On Tue, Feb 26, 2019 at 9:57 PM Lin, Victor <victor.lin at rbc.com> wrote:

> Dear all,
>
>   I am a newbie for syslog-ng J, could you please help me to figure 
> out my issues with syslog-ng.conf ?
>
> After modified syslog-ng.conf by adding more source, destination and 
> filter, try to restart syslog-ng by  /etc/init.d/syslog-ng restart
>
> Got the following error
> *********************************************
> # */etc/init.d/syslog-ng restart*
> Restarting syslog-ng (via systemctl):  Job for syslog-ng.service 
> failed because the control process exited with error code. See 
> "systemctl status syslog-ng.service" and "journalctl -xe" for details.
> [FAILED]
>
> ****************************************
> # *systemctl status syslog-ng.service* â— syslog-ng.service - LSB: 
> start and stop syslog-NG daemon
>    Loaded: loaded (/etc/rc.d/init.d/syslog-ng; bad; vendor preset: 
> enabled
> )
>    Active: failed (Result: exit-code) since Tue 2019-02-26 15:17:04 
> EST; 30s ago
>      Docs: man:systemd-sysv-generator(8)
>   Process: 53303 ExecStop=/etc/rc.d/init.d/syslog-ng stop 
> (code=exited,
> status=0/SUCCESS)
>   Process: 292500 ExecReload=/etc/rc.d/init.d/syslog-ng reload 
> (code=exited, status=0/SUCCESS)
>   Process: 53320 ExecStart=/etc/rc.d/init.d/syslog-ng start 
> (code=exited,
> status=1/FAILURE)
> Main PID: 116276
>
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083451]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083503]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083554]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.250946] Error checking the uniqueness of the 
> persist names, please override it with persist-name op...conf:131:9'
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.250984] Error checking the uniqueness of the 
> persist names, please override it with persist-name op...conf:132:9'
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: [FAILED] Feb 26 15:17:04 
> ABCD.com systemd[1]: syslog-ng.service: control process exited, 
> code=exited status=1 Feb 26 15:17:04 ABCD.com systemd[1]: Failed to 
> start LSB: start and stop syslog-NG daemon.
> Feb 26 15:17:04 ABCD.com systemd[1]: Unit syslog-ng.service entered 
> failed state.
> Feb 26 15:17:04 ABCD.com systemd[1]: syslog-ng.service failed.
> Hint: Some lines were ellipsized, use -l to show in full.
>
>
> # *journalctl -xe*
> Feb 26 15:05:28 ABCD.com puppet-agent[48945]: Could not send report:
> getaddrinfo: No address associated with hostname Feb 26 15:09:40 
> ABCD.com sshd[51578]: pam_sss(sshd:auth): authentication success; 
> logname= uid=0 euid=0 tty=ssh ruser= rhost= 
> m3vrb434.rbc1.royalbank.com user=VL51 Feb 26 15:09:40 ABCD.com 
> sshd[51578]: Accepted password for VL51 from
> 10.94.201.168 port 62031 ssh2
> Feb 26 15:10:02 ABCD.com crond[51740]: pam_unix(crond:account): 
> password for user root will expire in 8 days Feb 26 15:10:02 ABCD.com 
> crond[51741]: pam_unix(crond:account): password for user root will 
> expire in 8 days Feb 26 15:10:02 ABCD.com crond[51740]: 
> pam_unix(crond:session): session opened for user root by (uid=0) Feb 
> 26 15:10:02 ABCD.com crond[51741]: pam_unix(crond:session): session 
> opened for user root by (uid=0) Feb 26 15:10:02 ABCD.com CROND[51743]: 
> (root) CMD (/usr/lib64/sa/sa1 1 1) Feb 26 15:10:02 ABCD.com 
> CROND[51742]: (root) CMD (/bin/printf 
> '\n*******************************************************************
> ****************\n\n
> For filesize:' >> /app/
> Feb 26 15:10:02 ABCD.com CROND[51740]: pam_unix(crond:session): 
> session closed for user root Feb 26 15:10:02 ABCD.com sendmail[51759]: 
> x1QKA2Bw051759: from=root, size=1598, class=-60, nrcpts=1, msgid=<
> *201902262010.x1QKA2Bw051759 at ABCD.com*
> <201902262010.x1QKA2Bw051759 at ABCD.com>>, relay=root at localho Feb 26 
> 15:10:02 ABCD.com sendmail[51759]: x1QKA2Bw051759: to=root, 
> ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, 
> pri=139598, relay=[127.0.0.1] [127.0.0.1], Feb 26 15:10:02 ABCD.com 
> CROND[51741]: pam_unix(crond:session): session closed for user root 
> Feb 26 15:10:50 ABCD.com sudo[51905]:  VL51 : TTY=pts/0 ; 
> PWD=/app/syslog-ng/custom/conf ; USER=root ; COMMAND=/usr/bin/su - Feb 
> 26 15:10:50 ABCD.com su[51909]: (to root) VL51 on pts/0 Feb 26 
> 15:10:50 ABCD.com su[51909]: pam_unix(su-l:session): session opened 
> for user root by VL51(uid=0) Feb 26 15:15:01 ABCD.com crond[52764]: 
> pam_unix(crond:account): password for user root will expire in 8 days 
> Feb 26 15:15:01 ABCD.com crond[52764]: pam_unix(crond:session): 
> session opened for user root by (uid=0) Feb 26 15:15:01 ABCD.com 
> CROND[52765]: (root) CMD (/usr/sbin/logrotate
> /app/syslog-ng/custom/conf/syslog-ng-rotate.conf)
> Feb 26 15:15:01 ABCD.com CROND[52764]: pam_unix(crond:session): 
> session closed for user root Feb 26 15:17:02 ABCD.com polkitd[1117]: 
> Registered Authentication Agent for unix-process:53295:2185270730 
> (system bus name :1.268 [/usr/bin/pkttyagent --notify-fd 5 
> --fallback], Feb 26 15:17:02 ABCD.com systemd[1]: Stopping LSB: start 
> and stop syslog-NG daemon...
> -- Subject: Unit syslog-ng.service has begun shutting down
> -- Defined-By: systemd
> -- Support: 
> *http://lists.freedesktop.org/mailman/listinfo/systemd-devel*
> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
> --
> -- Unit syslog-ng.service has begun shutting down.
> Feb 26 15:17:02 ABCD.com supervise/syslog-ng[116275]: Daemon exited 
> gracefully, not restarting; exitcode='0'
> Feb 26 15:17:03 ABCD.com syslog-ng[53303]: Stopping syslog-ng: [  OK  
> ] Feb 26 15:17:03 ABCD.com systemd[1]: Starting LSB: start and stop 
> syslog-NG daemon...
> -- Subject: Unit syslog-ng.service has begun start-up
> -- Defined-By: systemd
> -- Support: 
> *http://lists.freedesktop.org/mailman/listinfo/systemd-devel*
> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
> --
> -- Unit syslog-ng.service has begun starting up.
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: Starting syslog-ng:
> [2019-02-26T15:17:04.082875] WARNING: With use-dns(no), dns-cache() 
> will be forced to 'no' too!; Feb 26 15:17:04 ABCD.com 
> syslog-ng[53320]: [2019-02-26T15:17:04.083333]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083396]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083451]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083503]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.083554]
> WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.250946] Error checking the uniqueness of the 
> persist names, please override it with persist-name option. Shutting 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: 
> [2019-02-26T15:17:04.250984] Error checking the uniqueness of the 
> persist names, please override it with persist-name option. Shutting 
> Feb 26 15:17:04 ABCD.com syslog-ng[53320]: [FAILED] Feb 26 15:17:04 
> ABCD.com systemd[1]: syslog-ng.service: control process exited, 
> code=exited status=1 Feb 26 15:17:04 ABCD.com systemd[1]: Failed to 
> start LSB: start and stop syslog-NG daemon.
> -- Subject: Unit syslog-ng.service has failed
> -- Defined-By: systemd
> -- Support: 
> *http://lists.freedesktop.org/mailman/listinfo/systemd-devel*
> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
> --
> -- Unit syslog-ng.service has failed.
> --
> -- The result is failed.
> Feb 26 15:17:04 ABCD.com systemd[1]: Unit syslog-ng.service entered 
> failed state.
> Feb 26 15:17:04 ABCD.com systemd[1]: syslog-ng.service failed.
> Feb 26 15:17:04 ABCD.com polkitd[1117]: Unregistered Authentication 
> Agent for unix-process:53295:2185270730 (system bus name :1.268, 
> object path /org/freedesktop/PolicyKit1/Auth Feb 26 15:20:01 ABCD.com 
> crond[53909]: pam_unix(crond:account): password for user root will 
> expire in 8 days Feb 26 15:20:01 ABCD.com crond[53908]: 
> pam_unix(crond:account): password for user root will expire in 8 days 
> Feb 26 15:20:01 ABCD.com crond[53909]: pam_unix(crond:session): 
> session opened for user root by (uid=0) Feb 26 15:20:01 ABCD.com 
> crond[53908]: pam_unix(crond:session): session opened for user root by 
> (uid=0) Feb 26 15:20:01 ABCD.com CROND[53910]: (root) CMD 
> (/usr/lib64/sa/sa1 1 1) Feb 26 15:20:01 ABCD.com CROND[53911]: (root) 
> CMD (/bin/printf 
> '\n*******************************************************************
> ****************\n\n
> For filesize:' >> /app/
> Feb 26 15:20:01 ABCD.com CROND[53908]: pam_unix(crond:session): 
> session closed for user root Feb 26 15:20:01 ABCD.com sendmail[53926]: 
> x1QKK1vA053926: from=root, size=1805, class=-60, nrcpts=1, msgid=<
> *201902262020.x1QKK1vA053926 at ABCD.com*
> <201902262020.x1QKK1vA053926 at ABCD.com>>, relay=root at localho Feb 26 
> 15:20:01 ABCD.com sendmail[53926]: x1QKK1vA053926: to=root, 
> ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, 
> pri=139805, relay=[127.0.0.1] [127.0.0.1], Feb 26 15:20:01 ABCD.com 
> CROND[53909]: pam_unix(crond:session): session closed for user root
>
>
> Thank you very much for your expertize and instruction!!!!!
>
> *VL*
>
>
>
>
>
>
> ______________________________________________________________________
> _
>
> If you received this email in error, please advise the sender (by 
> return email or otherwise) immediately. You have consented to receive 
> the attached electronically at the above-noted email address; please 
> retain a copy of this confirmation for future reference.
>
> Si vous recevez ce courriel par erreur, veuillez en aviser 
> l'expéditeur immédiatement, par retour de courriel ou par un autre 
> moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par 
> voie électronique à l'adresse courriel indiquée ci-dessus; veuillez 
> conserver une copie de cette confirmation pour les fins de reference future.
>
>
> ______________________________________________________________________
> ________ Member info: 
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190227/351df70d/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng


------------------------------

End of syslog-ng Digest, Vol 166, Issue 14
******************************************
_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.  

Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.


More information about the syslog-ng mailing list