[syslog-ng] syslog-ng service keeps restarting on systemd

Darren Fuller unconventionalsplunkist at gmail.com
Wed Feb 28 15:35:41 UTC 2024 

Hello,

I have installed syslog-ng OSE from source on Amazon Linux 2023
distribution (as there is no EPEL available on that distribution nor are
there any precompiled binaries for it)

When i start up syslog-ng in the local terminal with syslog-ng -Fedv , it
runs fine forever..      But when i start it with systemd : systemctl start
syslog-ng, the command times out (but does start in the background) and
then it the service restarts every two minutes or so.

I am stumped.    any thoughts?   where have i gone wrong?

appreciate any assistance you can offer.

thanks,
Darren


More information:
------------
i compiled with the following and saw no errors:

> ./configure --disable-smtp --disable-http --disable-python --disable-json
> make
> make install
------------
I created the systemd service file as so:

> cat /etc/systemd/system/syslog-ng.service
[Unit]
Description=System Logger Daemon
Documentation=man:syslog-ng(8)
After=network.target

[Service]
Type=notify
PIDFile=/run/syslogd.pid
ExecStart=/usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
Restart=on-failure

[Install]
WantedBy=multi-user.target
------------

My config is here:
------------
> cat /usr/local/etc/syslog-ng.conf
@include “scl.conf”
source s_local {
    system();
    internal();
};
destination d_local {
    file(“/var/log/messages”);
    file(“/var/log/messages-kv.log” template(“$ISODATE $HOST $(format-welf
--scope all-nv-pairs)\n”) frac-digits(3));
};
log {
    source(s_local);
    destination(d_local);
};
@include /etc/syslog-ng.d/*.conf

> cat /etc/syslog.d/syslognet.conf
options {
    long_hostnames(off);
    sync(0);
    keep_hostname(yes);
    owner(“splunk”);
    group(“splunk”);
    perm(0640);
    create_dirs(yes);
    dir_perm(0750);
};
source s_tcp_net {
    tcp(ip(0.0.0.0) port(41514));
};
source s_tls_net {
    network (
        ip(0.0.0.0) port(42514)
        transport(“tls”)
        tls(
            key-file(“/path/to/syslog-ng.key”)
            cert-file(“/path/to/syslog-ng.crt”)
            peer-verify(no)
        )
    );
};
destination d_net {
    file(“/data/syslog/app/${SOURCEIP}/${YEAR}${MONTH}${DAY}-app-data.log”);
};
log {
    source(s_tcp_net);
    source(s_tls_net);
    destination(d_net);
};

------------
Here is what i see when i start it with systemd:

> systemctl start syslog-ng
Job for syslog-ng.service failed because a timeout was exceeded.
See “systemctl status syslog-ng.service” and “journalctl -xeu
syslog-ng.service” for details.

> systemctl status syslog-ng.service
   syslog-ng.service - System Logger Daemon
     Loaded: loaded (/etc/systemd/system/syslog-ng.service; enabled;
preset: enabled)
     Active: activating (start) since Wed 2024-02-28 15:25:01 UTC; 35s ago
       Docs: man:syslog-ng(8)
   Main PID: 488557 (syslog-ng)
      Tasks: 4 (limit: 2322)
     Memory: 2.5M
        CPU: 39ms
     CGroup: /system.slice/syslog-ng.service
             └─488557 /usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
Feb 28 15:25:01 ip-172-31-7-110.ca-central-1.compute.internal systemd[1]:
Starting syslog-ng.service - System Logger Daemon...
------------

And here is what's in /var/log/messages showing the restart:

> cat /var/log/messages | grep syslog-ng
Feb 28 14:38:24 ip-172-31-7-110 syslog-ng[447117]: syslog-ng shutting down;
version=‘4.6.0’
Feb 28 14:38:25 ip-172-31-7-110 syslog-ng[447177]: syslog-ng starting up;
version=‘4.6.0’
Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:27717)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:2300)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:31585)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
accepted; fd=‘29’, client=‘AF_INET(1.2.3.4:17761)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447177]: syslog-ng shutting down;
version=‘4.6.0’
Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447234]: syslog-ng starting up;
version=‘4.6.0’
Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:7213)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:9268)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:13128)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:3928)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:41:25 ip-172-31-7-110 syslog-ng[447234]: syslog-ng shutting down;
version=‘4.6.0’
Feb 28 14:41:26 ip-172-31-7-110 syslog-ng[447385]: syslog-ng starting up;
version=‘4.6.0’
Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:1382)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:5430)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:6373)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:26287)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447385]: syslog-ng shutting down;
version=‘4.6.0’
Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447443]: syslog-ng starting up;
version=‘4.6.0’
Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:15165)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:6967)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:27444)’,
local=‘AF_INET(0.0.0.0:41514)’
Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:20758)’,
local=‘AF_INET(0.0.0.0:41514)’
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20240228/064fcda6/attachment.htm>

More information about the syslog-ng mailing list