[syslog-ng] syslog-ng doesn't log if system date is older (in the past) than date on last shutdown

Abhi Arora engr.abhiarora at gmail.com
Tue Feb 18 08:22:45 UTC 2020


Hi,
I have one embedded device running Linux which doesn't have RTC. So it
loses date and time after every halt.

*uname -a:*
*Linux f1 4.9.175+g0746276 #1 SMP PREEMPT Tue Jan 14 03:09:19 UTC 2020
armv7l armv7l armv7l GNU/Linux*

I have observed after every reboot, my board starts with some older time
and my application running in user-space corrects the system time from a
timestamp saved on a file (which is updated every hour). Application also
connects with some server to get latest time. I have noticed that if system
date and time is less than date and time which it had at last shutdown,
then syslog doesn't get any logs from my applications till it has a time
atleast greater than  date and time which it had at last shutdown.

My source was "systemd_journal()" and I changed it to
"unix-dgram("/dev/log");". However, after changing it to unix-dgram, I
don't see any logs even if my system date and time are correct.


*"ls -l /dev/log":> lrwxrwxrwx 1 root root 28 Sep 30 13:28 /dev/log ->
/run/systemd/journal/dev-log  *

*This is my old /etc/syslog-ng/scl.conf* :


*@include 'scl/*/*.conf'@define java-module-dir
"`module-install-dir`/java-modules"*

******************** This by* *cat /etc/syslog-ng/syslog-ng.conf*




































































































































































*@version: 3.15## Syslog-ng configuration file, compatible with default
Debian syslogd# installation. Originally written by anonymous (I can't find
his name)# Revised, and rewrited by me (SZALAY Attila <sasa at debian.org
<sasa at debian.org>>)# First, set some global options.options {
chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$"); keep_hostname(yes);
keep_timestamp(yes);};#########################
Sources######################### This is the default behavior of sysklogd
package# Logs may come from unix stream, but not from another
machine.#source s_src { systemd_journal(); internal();
 file("/proc/kmsg" program_override("kernel"));};# If you wish to get logs
from remote machine you should uncomment# this and comment the above source
line.##source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required)
encrypt(allow)); };#########################
Destinations######################### First some standard
logfile#destination d_auth { file("/var/log/auth.log"); };destination
d_cron { file("/var/log/cron.log"); };destination d_daemon {
file("/var/log/daemon.log"); };destination d_kern {
file("/var/log/kern.log"); };destination d_lpr { file("/var/log/lpr.log");
};destination d_mail { file("/var/log/mail.log"); };destination d_syslog {
file("/var/log/syslog"); };destination d_user { file("/var/log/user.log");
};destination d_uucp { file("/var/log/uucp.log"); };# This files are the
log come from the mail subsystem.#destination d_mailinfo {
file("/var/log/mail/mail.info <http://mail.info/>"); };destination
d_mailwarn { file("/var/log/mail/mail.warn"); };destination d_mailerr {
file("/var/log/mail/mail.err"); };# Logging for INN news system#destination
d_newscrit { file("/var/log/news/news.crit"); };destination d_newserr {
file("/var/log/news/news.err"); };destination d_newsnotice {
file("/var/log/news/news.notice"); };# Some 'catch-all'
logfiles.#destination d_debug { file("/var/log/debug"); };destination
d_error { file("/var/log/error"); };destination d_messages {
file("/var/log/messages"); };# The root's console.#destination d_console {
usertty("root"); };# Virtual console.#destination d_console_all {
file("/dev/tty10"); };# The named pipe /dev/xconsole is for the nsole'
utility.  To use it,# you must invoke nsole' with the -file' option:##    $
xconsole -file /dev/xconsole [...]#destination d_xconsole {
pipe("/dev/xconsole"); };# Send the messages to an other host##destination
d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on)
log_fifo_size(1000)); };# Debian onlydestination d_ppp {
file("/var/log/ppp.log"); };#########################
Filters######################### Here's come the filter options. With this
rules, we can set which# message go where.filter f_dbg { level(debug);
};filter f_info { level(info); };filter f_notice { level(notice); };filter
f_warn { level(warn); };filter f_err { level(err); };filter f_crit {
level(crit .. emerg); };filter f_alllevel { level(debug, info, notice,
warn,err,crit,emerg) and not filter(f_daemon);};filter f_debug {
level(debug) and not facility(auth, authpriv, news, mail); };filter f_error
{ level(err .. emerg) ; };filter f_messages { level(info,notice,warn) and
                  not facility(auth,authpriv,cron,daemon,mail,news);
};filter f_auth { facility(auth, authpriv) and not filter(f_debug);
};filter f_cron { facility(cron) and not filter(f_debug); };filter f_daemon
{ facility(daemon) and not filter(f_debug); };filter f_kern {
facility(kern) and not filter(f_debug); };filter f_lpr { facility(lpr) and
not filter(f_debug); };filter f_local { facility(local0, local1, local3,
local4, local5,                        local6, local7) and not
filter(f_debug); };filter f_mail { facility(mail) and not filter(f_debug);
};filter f_news { facility(news) and not filter(f_debug); };filter
f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug);
};filter f_user { facility(user) and not filter(f_debug); };filter f_uucp {
facility(uucp) and not filter(f_debug); };filter f_cnews { level(notice,
err, crit) and facility(news); };filter f_cother { level(debug, info,
notice, warn) or facility(daemon, mail); };filter f_ppp { facility(local2)
and not filter(f_debug); };filter f_console { level(warn .. emerg);
};######################### Log paths########################log {
source(s_src); filter(f_auth); destination(d_auth); };log { source(s_src);
filter(f_cron); destination(d_cron); };log { source(s_src);
filter(f_daemon); destination(d_daemon); };log { source(s_src);
filter(f_kern); destination(d_Gateway); };log { source(s_src);
filter(f_lpr); destination(d_lpr); };log { source(s_src);
filter(f_syslog3); destination(d_syslog); };log { source(s_src);
filter(f_user); destination(d_user); };log { source(s_src); filter(f_uucp);
destination(d_uucp); };log { source(s_src); filter(f_mail);
destination(d_mail); };#log { source(s_src); filter(f_mail);
filter(f_info); destination(d_mailinfo); };#log { source(s_src);
filter(f_mail); filter(f_warn); destination(d_mailwarn); };#log {
source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };log
{ source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit);
};log { source(s_src); filter(f_news); filter(f_err);
destination(d_newserr); };log { source(s_src); filter(f_news);
filter(f_notice); destination(d_newsnotice); };#log { source(s_src);
filter(f_cnews); destination(d_console_all); };#log { source(s_src);
filter(f_cother); destination(d_console_all); };#log { source(s_src);
filter(f_ppp); destination(d_ppp); };log { source(s_src); filter(f_debug);
destination(d_debug); };log { source(s_src); filter(f_error);
destination(d_error); };log { source(s_src); filter(f_messages);
destination(d_messages); };log { source(s_src); filter(f_console);
destination(d_console_all);
destination(d_xconsole); };log { source(s_src); filter(f_crit);
destination(d_console); };# All messages send to a remote site##log {
source(s_src); destination(d_net); };# GentApp/GatewayAppdestination
d_Gateway { file("/var/log/Gateway.log"template("$FULLDATE $FULLHOST
$PROGRAM $PID [$FACILITY.$LEVEL] $MESSAGE\n") ); };filter f_Gateway {
match("Gate*") or match("Gent*") or match("Notifier*") or match("Alarm*");
};*
*log { source(s_src); filter(f_Gateway);filter(f_alllevel);
destination(d_Gateway);} ;*




Please help me in debugging the issue and fixing it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200218/2ece6b26/attachment.html>


More information about the syslog-ng mailing list