[syslog-ng] syslog doesn't log if system date is older than date on last reboot

Abhi Arora engr.abhiarora at gmail.com
Fri Feb 7 05:40:46 UTC 2020


Hello,
Any help?
If it is available online, please help me with a link as I am unable to
find anything useful over internet.

On Thu, Feb 6, 2020 at 3:04 PM Abhi Arora <engr.abhiarora at gmail.com> wrote:

> "ls -l /dev/log" returns:
> > lrwxrwxrwx 1 root root 28 Sep 30 13:28 /dev/log ->
> /run/systemd/journal/dev-log
>
> "lsof" returns a huge list of open files. I am putting few related to
> sysnlog
>
> > 363     /usr/sbin/syslog-ng     /dev/null
> 363     /usr/sbin/syslog-ng     socket:[6284]
> 363     /usr/sbin/syslog-ng     socket:[6284]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventpoll]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     socket:[6522]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     anon_inode:[eventfd]
> 363     /usr/sbin/syslog-ng     /var/lib/syslog-ng/syslog-ng.persist
> 363     /usr/sbin/syslog-ng     socket:[6537]
> 363     /usr/sbin/syslog-ng     /proc/kmsg
> 363     /usr/sbin/syslog-ng     anon_inode:[timerfd]
>
> On Thu, Feb 6, 2020 at 2:39 PM Matus UHLAR - fantomas <uhlar at fantomas.sk>
> wrote:
>
>> On 06.02.20 12:30, Abhi Arora wrote:
>> >I don't see service start fail messages. However, even with the latest
>> >date, syslog doesn't show any logs from my applications. However,
>> >journalctl is showing the logs after a latest date update.
>> >
>> >source s_src { unix-dgram("/dev/log"); internal();
>> >             file("/proc/kmsg" program_override("kernel"));
>> >};
>>
>> try "ls -l /dev/log"
>> in this case:
>>
>> lrwxrwxrwx 1 root root 28 apr 14  2018 /dev/log ->
>> /run/systemd/journal/dev-log
>>
>> is the log redirected to journald
>> and in this case:
>>
>> srw-rw-rw- 1 root root 0 Dec 16 06:54 /dev/log
>>
>> you can verify it's used by syslog-ng:
>>
>> # lsof /dev/log
>> COMMAND    PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
>> syslog-ng 1747 root   14u  unix 0x00000000364c47ad      0t0 1544 /dev/log
>> type=DGRAM
>>
>> >On Thu, Feb 6, 2020 at 12:21 PM Nagy Gábor <gabor.hl at gmail.com> wrote:
>> >
>> >> I think you need to add /dev/log to unix-dgram.
>> >>
>> >> source s_src { unix-dgram("/dev/log");
>> >> internal();
>> >>              file("/proc/kmsg" program_override("kernel"));
>> >> };
>> >>
>> >> Regards,
>> >> Gábor
>> >>
>> >>
>> >>
>> ______________________________________________________________________________
>> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> >> Documentation:
>> >> http://www.balabit.com/support/documentation/?product=syslog-ng
>> >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>> >>
>> >>
>>
>>
>> >______________________________________________________________________________
>> >Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> >Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> >FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>> >
>>
>>
>> --
>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> "Where do you want to go to die?" [Microsoft]
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200207/4331cefd/attachment.html>


More information about the syslog-ng mailing list