[syslog-ng] syslog-ng won't talk to systemd?

Dan Egli dan at newideatest.site
Mon Jan 25 11:19:47 UTC 2021 

Okay. That does explain the error about multiple systemd-journal 
sources. But the bigger issue remains untouched. Why isn't syslog 
reading from the journal? I finally wound up removing systemd all 
together and going back to openrc. But we we can figure out what went 
wrong, then that would be much better.


On 1/24/21 2:14 PM, Balazs Scheidler wrote:
> system () automatically adds systemd-journald(), that's why your 
> second such source triggers the error about duplicate sources.
>
> With that said, why syslog-ng doesn't get messages from systems is a a 
> different issue.
>
>
>
> On Sun, Jan 24, 2021, 08:07 Dan Egli <dan at newideatest.site> wrote:
>
>     I'm trying to setup syslog-ng on a systemd system. But even though
>     I have several things writing to syslog, syslog-ng doesn't write
>     ANYTHING to the /var/log/messages except kernel messages and it's
>     own info. So I searched around, and found the systemd-journal()
>     source. So I tried it. And I get an error that says syslog-ng
>     can't initialize the logger plugin:
>
>
>     # syslog-ng -F
>     [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source;
>     [2021-01-23T23:25:36.525157] Error initializing journal_reader;
>     [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
>
>     Here's the config, basically copied from the syslog-ng.com
>     <http://syslog-ng.com> page:
>
>     @version: 3.26
>     #
>     # Syslog-ng default configuration file for Gentoo Linux
>
>     #https://bugs.gentoo.org/426814  <https://bugs.gentoo.org/426814>
>     @include "scl.conf"
>
>     options {
>     	threaded(yes);
>     	chain_hostnames(no);
>     	stats_freq(43200);
>     	mark_freq(3600);
>     };
>
>     source s_journald {
>
>          systemd-journal(prefix(".SDATA.journald."));
>
>     };
>
>
>     source src { system(); internal(); file("/proc/kmsg"); };
>
>     destination messages { file("/var/log/messages"); };
>     destination console_all { file("/dev/tty12"); };
>
>     log { source(src); destination(messages); };
>     log { source(s_journald); destination(messages); };
>     log { source(src); destination(console_all); };
>
>
>     What am I doing wrong? I am POSITIVE things are sending to the
>     syslog sub-system. I have ensured several programs have sent
>     something. But without the systemd-journal line syslog-ng loads
>     fine, recording /proc/kmsg and syslog-ng messages but nothing else.
>
>     I am completely stumped here.
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     <http://www.balabit.com/support/documentation/?product=syslog-ng>
>     FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>     <http://www.balabit.com/wiki/syslog-ng-faq>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210125/5c5ae14f/attachment.html>

More information about the syslog-ng mailing list