[syslog-ng] syslog doesn't log if system date is older than date on last reboot

Abhi Arora engr.abhiarora at gmail.com
Thu Feb 6 06:25:47 UTC 2020 

Looks like putting the following was causing some trouble:

source s_src { unix-dgram(); internal();
             file("/proc/kmsg" program_override("kernel"));
};

I tired running "journalctl" and it has all the logs. However,
/var/log/syslog doesn't have the logs if date is older than the date on
last shutdown. Any help?

On Thu, Feb 6, 2020 at 11:46 AM Abhi Arora <engr.abhiarora at gmail.com> wrote:

> I tried checking journctld logs.
>
> Running the following command returned: journalctl
>
> Feb 04 12:42:57 f1 systemd[1]: Starting System Logger Daemon "scl"
> instance...
> Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.093710] Error
> opening control socket, bind() failed;
> socket='/var/run/syslog-ng/syslog-ng.ctl', erro
> r='No such file or directory (2)'
> Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.098856] Error
> opening configuration file; filename='--control', error='No such file or
> directory (2)
> '
> Feb 04 12:42:57 f1 systemd[1]:
> [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng at scl.service: Main process exited,
> code=exited, status=1/FAILURE[[0m
> Feb 04 12:42:57 f1 systemd[1]:
> [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng at scl.service: Failed with result
> 'exit-code'.[[0m
> Feb 04 12:42:57 f1 systemd[1]: [[0;1;31m[[0;1;39m[[0;1;31mFailed to start
> System Logger Daemon "scl" instance.[[0m
> :
>
> On Wed, Feb 5, 2020 at 9:28 PM Abhi Arora <engr.abhiarora at gmail.com>
> wrote:
>
>> Hi,
>> Is there anything I can to debug it? Any pointer to debug it and find the
>> root cause?
>> Should I modify my syslog conf file to
>>
>> source s_src { unix-dgram(); internal();
>>              file("/proc/kmsg" program_override("kernel"));
>> };
>> ?
>> Can you help me more with "bypass journald by making sure /dev/log points
>> to syslog-ng."?
>>
>> On Wed, Feb 5, 2020 at 1:57 PM Balazs Scheidler <bazsi77 at gmail.com>
>> wrote:
>>
>>> But you are using journal source, so it might be related to that.
>>>
>>> I am not sure weather you rely on journald or not, but as a workaround
>>> you could just use a unix-dgram() source and bypass journald by making sure
>>> /dev/log points to syslog-ng.
>>>
>>> Journald based logging is pretty slow and unless you have a usecase for
>>> it, it might be easier to bypass it completely. Makes the local logging
>>> path much simpler.
>>>
>>> On Tue, Feb 4, 2020, 13:23 Matus UHLAR - fantomas <uhlar at fantomas.sk>
>>> wrote:
>>>
>>>> On 04.02.20 13:59, Abhi Arora wrote:
>>>> >Continuing my previous email....
>>>> >> Can you share your configuration, please?
>>>> >I have shared over my last email
>>>>
>>>> well, gmail does not have a good interface to mailing list.
>>>> (html mail with very bad plaintext conversion.
>>>>
>>>> >> Are you using system() source?
>>>> >I didn't get you. Please elaborate. You mean source code system()
>>>> library
>>>> >function. If that you mean, then no we don't use it.
>>>>
>>>> However I saw there:
>>>>
>>>>    source s_src { systemd_journal(); internal();
>>>>                 file("/proc/kmsg" program_override("kernel"));
>>>>    };
>>>>
>>>> No, you don't use system() source, it looks like:
>>>>
>>>> source s_src {
>>>>        system();
>>>> ...
>>>> };
>>>>
>>>> --
>>>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>>> 2B|!2B, that's a question!
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200206/e4c4ff81/attachment.html>

More information about the syslog-ng mailing list