[syslog-ng] syslog doesn't log if system date is older than date on last reboot

Abhi Arora engr.abhiarora at gmail.com
Thu Feb 6 06:27:51 UTC 2020 

I would to correct myself. The journalctl has old logs. I thought they are
latest logs. So journalctl isn't logging the log if date is older than the
date on last shutdown.

On Thu, Feb 6, 2020 at 11:55 AM Abhi Arora <engr.abhiarora at gmail.com> wrote:

> Looks like putting the following was causing some trouble:
>
> source s_src { unix-dgram(); internal();
>              file("/proc/kmsg" program_override("kernel"));
> };
>
> I tired running "journalctl" and it has all the logs. However,
> /var/log/syslog doesn't have the logs if date is older than the date on
> last shutdown. Any help?
>
> On Thu, Feb 6, 2020 at 11:46 AM Abhi Arora <engr.abhiarora at gmail.com>
> wrote:
>
>> I tried checking journctld logs.
>>
>> Running the following command returned: journalctl
>>
>> Feb 04 12:42:57 f1 systemd[1]: Starting System Logger Daemon "scl"
>> instance...
>> Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.093710] Error
>> opening control socket, bind() failed;
>> socket='/var/run/syslog-ng/syslog-ng.ctl', erro
>> r='No such file or directory (2)'
>> Feb 04 12:42:57 f1 syslog-ng[9777]: [2020-02-04T12:42:57.098856] Error
>> opening configuration file; filename='--control', error='No such file or
>> directory (2)
>> '
>> Feb 04 12:42:57 f1 systemd[1]:
>> [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng at scl.service: Main process exited,
>> code=exited, status=1/FAILURE[[0m
>> Feb 04 12:42:57 f1 systemd[1]:
>> [[0;1;39m[[0;1;31m[[0;1;39msyslog-ng at scl.service: Failed with result
>> 'exit-code'.[[0m
>> Feb 04 12:42:57 f1 systemd[1]: [[0;1;31m[[0;1;39m[[0;1;31mFailed to start
>> System Logger Daemon "scl" instance.[[0m
>> :
>>
>> On Wed, Feb 5, 2020 at 9:28 PM Abhi Arora <engr.abhiarora at gmail.com>
>> wrote:
>>
>>> Hi,
>>> Is there anything I can to debug it? Any pointer to debug it and find
>>> the root cause?
>>> Should I modify my syslog conf file to
>>>
>>> source s_src { unix-dgram(); internal();
>>>              file("/proc/kmsg" program_override("kernel"));
>>> };
>>> ?
>>> Can you help me more with "bypass journald by making sure /dev/log
>>> points to syslog-ng."?
>>>
>>> On Wed, Feb 5, 2020 at 1:57 PM Balazs Scheidler <bazsi77 at gmail.com>
>>> wrote:
>>>
>>>> But you are using journal source, so it might be related to that.
>>>>
>>>> I am not sure weather you rely on journald or not, but as a workaround
>>>> you could just use a unix-dgram() source and bypass journald by making sure
>>>> /dev/log points to syslog-ng.
>>>>
>>>> Journald based logging is pretty slow and unless you have a usecase for
>>>> it, it might be easier to bypass it completely. Makes the local logging
>>>> path much simpler.
>>>>
>>>> On Tue, Feb 4, 2020, 13:23 Matus UHLAR - fantomas <uhlar at fantomas.sk>
>>>> wrote:
>>>>
>>>>> On 04.02.20 13:59, Abhi Arora wrote:
>>>>> >Continuing my previous email....
>>>>> >> Can you share your configuration, please?
>>>>> >I have shared over my last email
>>>>>
>>>>> well, gmail does not have a good interface to mailing list.
>>>>> (html mail with very bad plaintext conversion.
>>>>>
>>>>> >> Are you using system() source?
>>>>> >I didn't get you. Please elaborate. You mean source code system()
>>>>> library
>>>>> >function. If that you mean, then no we don't use it.
>>>>>
>>>>> However I saw there:
>>>>>
>>>>>    source s_src { systemd_journal(); internal();
>>>>>                 file("/proc/kmsg" program_override("kernel"));
>>>>>    };
>>>>>
>>>>> No, you don't use system() source, it looks like:
>>>>>
>>>>> source s_src {
>>>>>        system();
>>>>> ...
>>>>> };
>>>>>
>>>>> --
>>>>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>>>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>>>> 2B|!2B, that's a question!
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200206/47304643/attachment.html>

More information about the syslog-ng mailing list