[syslog-ng] syslog-ng service keeps restarting on systemd

Steve Bernacki steve at copacetic.net
Wed Feb 28 19:09:45 UTC 2024 

Darren,

In your syslog-ng.service definition, change:

Type=notify

to

Type=simple

and $ sudo systemctl daemon-reload to reload the unit.

This is occurring because Type=notify requires syslog-ng to tell systemd 
that it has started successfully, and your self-compiled syslog-ng 
wasn't compiled with systemd support (--enable-systemd).

Steve

On 2/28/2024 10:35 AM, Darren Fuller wrote:
> Hello,
>
> I have installed syslog-ng OSE from source on Amazon Linux 2023 
> distribution (as there is no EPEL available on that distribution nor 
> are there any precompiled binaries for it)
>
> When i start up syslog-ng in the local terminal with syslog-ng -Fedv , 
> it runs fine forever..      But when i start it with systemd : 
> systemctl start syslog-ng, the command times out (but does start in 
> the background) and then it the service restarts every two minutes or so.
>
> I am stumped.    any thoughts?   where have i gone wrong?
>
> appreciate any assistance you can offer.
>
> thanks,
> Darren
>
>
> More information:
> ------------
> i compiled with the following and saw no errors:
>
> > ./configure --disable-smtp --disable-http --disable-python 
> --disable-json
> > make
> > make install
> ------------
> I created the systemd service file as so:
>
> > cat /etc/systemd/system/syslog-ng.service
> [Unit]
> Description=System Logger Daemon
> Documentation=man:syslog-ng(8)
> After=network.target
>
> [Service]
> Type=notify
> PIDFile=/run/syslogd.pid
> ExecStart=/usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
> ExecReload=/bin/kill -HUP $MAINPID
> StandardOutput=null
> Restart=on-failure
>
> [Install]
> WantedBy=multi-user.target
> ------------
>
> My config is here:
> ------------
> > cat /usr/local/etc/syslog-ng.conf
> @include “scl.conf”
> source s_local {
>     system();
>     internal();
> };
> destination d_local {
>     file(“/var/log/messages”);
>     file(“/var/log/messages-kv.log” template(“$ISODATE $HOST 
> $(format-welf --scope all-nv-pairs)\n”) frac-digits(3));
> };
> log {
>     source(s_local);
>     destination(d_local);
> };
> @include /etc/syslog-ng.d/*.conf
>
> > cat /etc/syslog.d/syslognet.conf
> options {
>     long_hostnames(off);
>     sync(0);
>     keep_hostname(yes);
>     owner(“splunk”);
>     group(“splunk”);
>     perm(0640);
>     create_dirs(yes);
>     dir_perm(0750);
> };
> source s_tcp_net {
>     tcp(ip(0.0.0.0) port(41514));
> };
> source s_tls_net {
>     network (
>         ip(0.0.0.0) port(42514)
>         transport(“tls”)
>         tls(
>             key-file(“/path/to/syslog-ng.key”)
>             cert-file(“/path/to/syslog-ng.crt”)
>             peer-verify(no)
>         )
>     );
> };
> destination d_net {
> file(“/data/syslog/app/${SOURCEIP}/${YEAR}${MONTH}${DAY}-app-data.log”);
> };
> log {
>     source(s_tcp_net);
>     source(s_tls_net);
>     destination(d_net);
> };
>
> ------------
> Here is what i see when i start it with systemd:
>
> > systemctl start syslog-ng
> Job for syslog-ng.service failed because a timeout was exceeded.
> See “systemctl status syslog-ng.service” and “journalctl -xeu 
> syslog-ng.service” for details.
>
> > systemctl status syslog-ng.service
>    syslog-ng.service - System Logger Daemon
>      Loaded: loaded (/etc/systemd/system/syslog-ng.service; enabled; 
> preset: enabled)
>      Active: activating (start) since Wed 2024-02-28 15:25:01 UTC; 35s ago
>        Docs: man:syslog-ng(8)
>    Main PID: 488557 (syslog-ng)
>       Tasks: 4 (limit: 2322)
>      Memory: 2.5M
>         CPU: 39ms
>      CGroup: /system.slice/syslog-ng.service
>              └─488557 /usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
> Feb 28 15:25:01 ip-172-31-7-110.ca-central-1.compute.internal 
> systemd[1]: Starting syslog-ng.service - System Logger Daemon...
> ------------
>
> And here is what's in /var/log/messages showing the restart:
>
> > cat /var/log/messages | grep syslog-ng
> Feb 28 14:38:24 ip-172-31-7-110 syslog-ng[447117]: syslog-ng shutting 
> down; version=‘4.6.0’
> Feb 28 14:38:25 ip-172-31-7-110 syslog-ng[447177]: syslog-ng starting 
> up; version=‘4.6.0’
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection 
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:27717)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection 
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:2300)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection 
> accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:31585)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection 
> accepted; fd=‘29’, client=‘AF_INET(1.2.3.4:17761)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447177]: syslog-ng shutting 
> down; version=‘4.6.0’
> Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447234]: syslog-ng starting 
> up; version=‘4.6.0’
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection 
> accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:7213)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection 
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:9268)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection 
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:13128)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection 
> accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:3928)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:41:25 ip-172-31-7-110 syslog-ng[447234]: syslog-ng shutting 
> down; version=‘4.6.0’
> Feb 28 14:41:26 ip-172-31-7-110 syslog-ng[447385]: syslog-ng starting 
> up; version=‘4.6.0’
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection 
> accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:1382)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection 
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:5430)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection 
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:6373)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection 
> accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:26287)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447385]: syslog-ng shutting 
> down; version=‘4.6.0’
> Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447443]: syslog-ng starting 
> up; version=‘4.6.0’
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection 
> accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:15165)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection 
> accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:6967)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection 
> accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:27444)’, 
> local=‘AF_INET(0.0.0.0:41514)’
> Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection 
> accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:20758)’, 
> local=‘AF_INET(0.0.0.0:41514)’
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list