[syslog-ng] syslog doesn't log if system date is older than date on last reboot

Abhi Arora engr.abhiarora at gmail.com
Thu Feb 6 09:34:56 UTC 2020 

"ls -l /dev/log" returns:
> lrwxrwxrwx 1 root root 28 Sep 30 13:28 /dev/log ->
/run/systemd/journal/dev-log

"lsof" returns a huge list of open files. I am putting few related to
sysnlog

> 363     /usr/sbin/syslog-ng     /dev/null
363     /usr/sbin/syslog-ng     socket:[6284]
363     /usr/sbin/syslog-ng     socket:[6284]
363     /usr/sbin/syslog-ng     anon_inode:[eventpoll]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     socket:[6522]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
363     /usr/sbin/syslog-ng     /var/lib/syslog-ng/syslog-ng.persist
363     /usr/sbin/syslog-ng     socket:[6537]
363     /usr/sbin/syslog-ng     /proc/kmsg
363     /usr/sbin/syslog-ng     anon_inode:[timerfd]

On Thu, Feb 6, 2020 at 2:39 PM Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:

> On 06.02.20 12:30, Abhi Arora wrote:
> >I don't see service start fail messages. However, even with the latest
> >date, syslog doesn't show any logs from my applications. However,
> >journalctl is showing the logs after a latest date update.
> >
> >source s_src { unix-dgram("/dev/log"); internal();
> >             file("/proc/kmsg" program_override("kernel"));
> >};
>
> try "ls -l /dev/log"
> in this case:
>
> lrwxrwxrwx 1 root root 28 apr 14  2018 /dev/log ->
> /run/systemd/journal/dev-log
>
> is the log redirected to journald
> and in this case:
>
> srw-rw-rw- 1 root root 0 Dec 16 06:54 /dev/log
>
> you can verify it's used by syslog-ng:
>
> # lsof /dev/log
> COMMAND    PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
> syslog-ng 1747 root   14u  unix 0x00000000364c47ad      0t0 1544 /dev/log
> type=DGRAM
>
> >On Thu, Feb 6, 2020 at 12:21 PM Nagy Gábor <gabor.hl at gmail.com> wrote:
> >
> >> I think you need to add /dev/log to unix-dgram.
> >>
> >> source s_src { unix-dgram("/dev/log");
> >> internal();
> >>              file("/proc/kmsg" program_override("kernel"));
> >> };
> >>
> >> Regards,
> >> Gábor
> >>
> >>
> >>
> ______________________________________________________________________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation:
> >> http://www.balabit.com/support/documentation/?product=syslog-ng
> >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >>
> >>
>
>
> >______________________________________________________________________________
> >Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> >FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "Where do you want to go to die?" [Microsoft]
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200206/a9f1caab/attachment.html>

More information about the syslog-ng mailing list