[syslog-ng] syslog-ng won't talk to systemd?

Tue Jan 26 05:37:43 UTC 2021

Does the journal contain log records? E.g. list the logs using journalctl
and check that records are indeed there.

If they are, I would check if syslog-ng has the necessary permissions to
access them, start syslog-ng under strace and see if there are relevant
failures. Check syslog-ng debug output.

On Mon, Jan 25, 2021, 19:19 Dan Egli <dan at newideatest.site> wrote:

> Okay. That does explain the error about multiple systemd-journal sources.
> But the bigger issue remains untouched. Why isn't syslog reading from the
> journal? I finally wound up removing systemd all together and going back to
> openrc. But we we can figure out what went wrong, then that would be much
> better.
>
>
> On 1/24/21 2:14 PM, Balazs Scheidler wrote:
>
> system () automatically adds systemd-journald(), that's why your second
> such source triggers the error about duplicate sources.
>
> With that said, why syslog-ng doesn't get messages from systems is a a
> different issue.
>
>
>
> On Sun, Jan 24, 2021, 08:07 Dan Egli <dan at newideatest.site>
> <dan at newideatest.site> wrote:
>
>> I'm trying to setup syslog-ng on a systemd system. But even though I have
>> several things writing to syslog, syslog-ng doesn't write ANYTHING to the
>> /var/log/messages except kernel messages and it's own info. So I searched
>> around, and found the systemd-journal() source. So I tried it. And I get an
>> error that says syslog-ng can't initialize the logger plugin:
>>
>>
>> # syslog-ng -F
>> [2021-01-23T23:25:36.525097] The configuration must not contain more than one systemd-journal() source;
>> [2021-01-23T23:25:36.525157] Error initializing journal_reader;
>> [2021-01-23T23:25:36.525173] Error initializing message pipeline; plugin_name='systemd-journal', location='/etc/syslog-ng/syslog-ng.conf:26:5'
>>
>>
>> Here's the config, basically copied from the syslog-ng.com page:
>>
>> @version: 3.26
>> #
>> # Syslog-ng default configuration file for Gentoo Linux
>>
>> # https://bugs.gentoo.org/426814
>> @include "scl.conf"
>>
>> options {
>> 	threaded(yes);
>> 	chain_hostnames(no);
>> 	stats_freq(43200);
>> 	mark_freq(3600);
>> };
>>
>> source s_journald {
>>
>>     systemd-journal(prefix(".SDATA.journald."));
>>
>> };
>>
>>
>> source src { system(); internal(); file("/proc/kmsg"); };
>>
>> destination messages { file("/var/log/messages"); };
>> destination console_all { file("/dev/tty12"); };
>>
>> log { source(src); destination(messages); };
>> log { source(s_journald); destination(messages); };
>> log { source(src); destination(console_all); };
>>
>>
>> What am I doing wrong? I am POSITIVE things are sending to the syslog
>> sub-system. I have ensured several programs have sent something. But
>> without the systemd-journal line syslog-ng loads fine, recording /proc/kmsg
>> and syslog-ng messages but nothing else.
>>
>> I am completely stumped here.
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210126/fa85b7bd/attachment.html>