[syslog-ng] syslog-ng service keeps restarting on systemd
Balazs Scheidler
bazsi77 at gmail.com
Thu Feb 29 19:16:26 UTC 2024
Hi,
Steve, this is spot on. Thanks a lot for helping out Darren :) I am not
sure why systemd support was compiled in, it should be auto-detected if
the systemd-devel package is installed.
On Wed, Feb 28, 2024 at 8:09 PM Steve Bernacki <steve at copacetic.net> wrote:
> Darren,
>
> In your syslog-ng.service definition, change:
>
> Type=notify
>
> to
>
> Type=simple
>
> and $ sudo systemctl daemon-reload to reload the unit.
>
> This is occurring because Type=notify requires syslog-ng to tell systemd
> that it has started successfully, and your self-compiled syslog-ng
> wasn't compiled with systemd support (--enable-systemd).
>
> Steve
>
> On 2/28/2024 10:35 AM, Darren Fuller wrote:
> > Hello,
> >
> > I have installed syslog-ng OSE from source on Amazon Linux 2023
> > distribution (as there is no EPEL available on that distribution nor
> > are there any precompiled binaries for it)
> >
> > When i start up syslog-ng in the local terminal with syslog-ng -Fedv ,
> > it runs fine forever.. But when i start it with systemd :
> > systemctl start syslog-ng, the command times out (but does start in
> > the background) and then it the service restarts every two minutes or so.
> >
> > I am stumped. any thoughts? where have i gone wrong?
> >
> > appreciate any assistance you can offer.
> >
> > thanks,
> > Darren
> >
> >
> > More information:
> > ------------
> > i compiled with the following and saw no errors:
> >
> > > ./configure --disable-smtp --disable-http --disable-python
> > --disable-json
> > > make
> > > make install
> > ------------
> > I created the systemd service file as so:
> >
> > > cat /etc/systemd/system/syslog-ng.service
> > [Unit]
> > Description=System Logger Daemon
> > Documentation=man:syslog-ng(8)
> > After=network.target
> >
> > [Service]
> > Type=notify
> > PIDFile=/run/syslogd.pid
> > ExecStart=/usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
> > ExecReload=/bin/kill -HUP $MAINPID
> > StandardOutput=null
> > Restart=on-failure
> >
> > [Install]
> > WantedBy=multi-user.target
> > ------------
> >
> > My config is here:
> > ------------
> > > cat /usr/local/etc/syslog-ng.conf
> > @include “scl.conf”
> > source s_local {
> > system();
> > internal();
> > };
> > destination d_local {
> > file(“/var/log/messages”);
> > file(“/var/log/messages-kv.log” template(“$ISODATE $HOST
> > $(format-welf --scope all-nv-pairs)\n”) frac-digits(3));
> > };
> > log {
> > source(s_local);
> > destination(d_local);
> > };
> > @include /etc/syslog-ng.d/*.conf
> >
> > > cat /etc/syslog.d/syslognet.conf
> > options {
> > long_hostnames(off);
> > sync(0);
> > keep_hostname(yes);
> > owner(“splunk”);
> > group(“splunk”);
> > perm(0640);
> > create_dirs(yes);
> > dir_perm(0750);
> > };
> > source s_tcp_net {
> > tcp(ip(0.0.0.0) port(41514));
> > };
> > source s_tls_net {
> > network (
> > ip(0.0.0.0) port(42514)
> > transport(“tls”)
> > tls(
> > key-file(“/path/to/syslog-ng.key”)
> > cert-file(“/path/to/syslog-ng.crt”)
> > peer-verify(no)
> > )
> > );
> > };
> > destination d_net {
> > file(“/data/syslog/app/${SOURCEIP}/${YEAR}${MONTH}${DAY}-app-data.log”);
> > };
> > log {
> > source(s_tcp_net);
> > source(s_tls_net);
> > destination(d_net);
> > };
> >
> > ------------
> > Here is what i see when i start it with systemd:
> >
> > > systemctl start syslog-ng
> > Job for syslog-ng.service failed because a timeout was exceeded.
> > See “systemctl status syslog-ng.service” and “journalctl -xeu
> > syslog-ng.service” for details.
> >
> > > systemctl status syslog-ng.service
> > syslog-ng.service - System Logger Daemon
> > Loaded: loaded (/etc/systemd/system/syslog-ng.service; enabled;
> > preset: enabled)
> > Active: activating (start) since Wed 2024-02-28 15:25:01 UTC; 35s
> ago
> > Docs: man:syslog-ng(8)
> > Main PID: 488557 (syslog-ng)
> > Tasks: 4 (limit: 2322)
> > Memory: 2.5M
> > CPU: 39ms
> > CGroup: /system.slice/syslog-ng.service
> > └─488557 /usr/local/sbin/syslog-ng -F -p /run/syslogd.pid
> > Feb 28 15:25:01 ip-172-31-7-110.ca-central-1.compute.internal
> > systemd[1]: Starting syslog-ng.service - System Logger Daemon...
> > ------------
> >
> > And here is what's in /var/log/messages showing the restart:
> >
> > > cat /var/log/messages | grep syslog-ng
> > Feb 28 14:38:24 ip-172-31-7-110 syslog-ng[447117]: syslog-ng shutting
> > down; version=‘4.6.0’
> > Feb 28 14:38:25 ip-172-31-7-110 syslog-ng[447177]: syslog-ng starting
> > up; version=‘4.6.0’
> > Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
> > accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:27717)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
> > accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:2300)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
> > accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:31585)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:38:26 ip-172-31-7-110 syslog-ng[447177]: Syslog connection
> > accepted; fd=‘29’, client=‘AF_INET(1.2.3.4:17761)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447177]: syslog-ng shutting
> > down; version=‘4.6.0’
> > Feb 28 14:39:55 ip-172-31-7-110 syslog-ng[447234]: syslog-ng starting
> > up; version=‘4.6.0’
> > Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
> > accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:7213)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
> > accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:9268)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
> > accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:13128)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:39:56 ip-172-31-7-110 syslog-ng[447234]: Syslog connection
> > accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:3928)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:41:25 ip-172-31-7-110 syslog-ng[447234]: syslog-ng shutting
> > down; version=‘4.6.0’
> > Feb 28 14:41:26 ip-172-31-7-110 syslog-ng[447385]: syslog-ng starting
> > up; version=‘4.6.0’
> > Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
> > accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:1382)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
> > accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:5430)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
> > accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:6373)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:41:27 ip-172-31-7-110 syslog-ng[447385]: Syslog connection
> > accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:26287)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447385]: syslog-ng shutting
> > down; version=‘4.6.0’
> > Feb 28 14:42:56 ip-172-31-7-110 syslog-ng[447443]: syslog-ng starting
> > up; version=‘4.6.0’
> > Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
> > accepted; fd=‘25’, client=‘AF_INET(1.2.3.4:15165)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
> > accepted; fd=‘26’, client=‘AF_INET(1.2.3.4:6967)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
> > accepted; fd=‘27’, client=‘AF_INET(1.2.3.4:27444)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> > Feb 28 14:42:57 ip-172-31-7-110 syslog-ng[447443]: Syslog connection
> > accepted; fd=‘28’, client=‘AF_INET(1.2.3.4:20758)’,
> > local=‘AF_INET(0.0.0.0:41514)’
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20240229/8047bbe2/attachment.htm>
More information about the syslog-ng
mailing list