[syslog-ng] use /dev/log on systemd machines

Antal Nemes (anemes) Antal.Nemes at oneidentity.com
Wed Mar 18 11:56:06 UTC 2020 

> if I understand properly, the system() source opens /dev/log socket when
machine does not run systemd, am I right?

You are right.
https://github.com/syslog-ng/syslog-ng/blob/531d70bfbcf19a97a5278f324d141386d568ce7f/modules/system-source/system-source.c#L253

If you want to be sure, you can check the expanded source code with starting syslog-ng syslog-ng <args> --preprocess-into=/tmp/expanded-config.txt
or by calling
./syslog-ng-ctl config -p
to get the expanded config of a running instance.

> Can I force syslog-ng to open /dev/log socket in this case or have I to
configure it explicitly?

Unfortunately currently there is no way to influence system() source this way. You need to add the unix-dgram source for /dev/log manually.


Br,
  Antal
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Matus UHLAR - fantomas <uhlar at fantomas.sk>
Sent: Wednesday, March 18, 2020 12:15
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] use /dev/log on systemd machines

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hello,

if I understand properly, the system() source opens /dev/log socket when
machine does not run systemd, am I right?

Can I force syslog-ng to open /dev/log socket in this case or have I to
configure it explicitly?


--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&sdata=jc%2BKHiIzkrw%2Bv3jNifkwHFz5DVIqi6Py9BYubnOhbkM%3D&reserved=0
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
______________________________________________________________________________
Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&sdata=vLapo1XL7o4WbGS%2BEb2rL8TWXQ8f%2BASCG5kuGNcOh%2BQ%3D&reserved=0
Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&sdata=WMGDE8HMabOAzaxqZVqHlhjQymo7i8GX4hYYPtqX3YA%3D&reserved=0
FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAntal.Nemes%40oneidentity.com%7C23fcd497454540e3b66808d7cb2daf3a%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637201269400286718&sdata=%2FutxF2L2%2FMpHFvJRx3YmzmnVJbMKrv2YrVQzhBtsQEk%3D&reserved=0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200318/73ca6ca0/attachment-0001.html>

More information about the syslog-ng mailing list