|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
syslog-ng running but not writing logs
Hello forum members,
Am having a bit of trouble getting syslog-ng 3.9.1 to write log files on OpenBSD 6.2. The O/S was installed from scratch, then syslog-ng, then BIND. No other packages except syslog-ng and BIND dependencies have been installed. No binaries or libs from BIND conflict or replace any from the syslog-ng installation. The configuration was copied over from another OpenBSD system running an older syslog-ng. The required changes to the .conf file were made so that syslog-ng with supervisor starts and remains running. By killing the syslog-ng process I was able to test that the supervisor process restarts syslog-ng. The rc.d script starts, stops and restarts syslog-ng as expected. /usr/local/sbin/syslog-ng -s returns no errors, indicating that the config file is sane. In /var/log the only thing it writes are kernel and syslog-ng start/stop messages. In an effort to find the problem, a stub syslog-ng.conf file was created with the following contents: Code:
@version: 3.9.1 source s_local { unix-dgram("/dev/log"); file("/dev/klog" program_override("kernel: ")); internal(); }; # destination catchall { file(/var/log/catchall); }; log { source(s_local); destination(catchall); }; Code:
"-R /var/run/syslog_ng.persist -c /var/run/syslog_ng.ctl -p /var/run/syslog_ng.pid" Code:
syslog-ng 3.9.1 Installer-Version: 3.9.1 Revision: Module-Directory: /usr/local/lib/syslog-ng Module-Path: /usr/local/lib/syslog-ng Available-Modules: affile,afprog,afsocket,afsql,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,curl,date,dbparser,disk-buffer,geoip-plugin,graphite,kvformat,linux-kmsg-format,pseudofile,system-source,add-contextual-data,json-plugin,syslogformat Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: off Many thanks in advance. CB |
|
|||
Hello,
Thank you for your Welcome, information and the speedy reply. Will contact Steven and see what he says. Any solution will be posted here so it can help others. Cheers, CB |
|
|||
A bit of an update:
In an effort to determine exactly when the problem started, I set up 5 OBSD (5.[5-9]) VM servers from scratch. The last version under which I could get syslog-ng to work under was OBSD 5.5 with syslog-ng 3.4.7, installed from OBSD package mirrors. After subscribing to the syslog-ng forums I have found no help from that avenue either. Having tried sending several e-mails from different e-mail addresses to the developer responsible for the syslog-ng package, I only receive an error from shear.ucar.edu each time. Lastly I sent an e-mail to the Admins of the OpenBSD forum requesting info on the best OBSD forum (5 in total) to register in for my problem, but it went un-answered. It would interest me if any forum member has had success in running syslog-ng on OBSD 5.5 or later, in particular versions 6.[0-2]. It begs the question: Did the OBSD developers simply compile syslog-ng without testing it under each OBSD version. Have not had any luck in compiling syslog-ng myself, maybe I will set up a new VM for that. Cheers, Christopher |
|
|||
Many Thanks.
Have registered in the relevant forum but I will wait for Steven to make contact before I mention the e-mail problem. Cheers, Christopher |
|
||||
It isn't a forum. It is a mailing list. If your mail to Steven has been returned to you (bounced), he is likely unaware of it.
|
|
||||
I see you published to the ports@ mailing list. Your post (plain text Email) was a copy/paste of the top post in this thread, and included vBulletin markup language, which will not be helpful to Email readers. You may not get a lot of positive response to your post, as it is difficult to read in plain text. Calling the mailing list subscribers "forum members" may not have helped plead your case.
|
|
|||
When I said forum it was in the old sense of the word, as I am a bit older, I understand the definition as "a medium (such as a newspaper or online service) of open discussion or expression of ideas" as indicated in the Webster and Oxford dictionaries.
The reason I sent a duplicate to the OBSD list is so that the same facts were in that post as here. Your point on the copy/paste having carried over the vBulletin markup language is noted and will be avoided in future. It was confirmed by Stu on the OBSD ports list, since OBSD 5.6 syslogd indeed uses sendsyslog and not /dev/log. After he offered a couple of suggestions I choose to have syslogd send everything to localhost on a TCP high-port. Syslog-ng was then configured to receive messages from localhost on the same port and not /dev/log. It is not pretty but maybe it is just until Balabit or OBSD developers adapt the software. In the end all the messages are going to their correct files. Many Thanks. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD 5.2 & Syslog-ng | CyberJet | OpenBSD Installation and Upgrading | 22 | 31st January 2019 08:22 PM |
wierd logs in pf | kondziq | FreeBSD Security | 6 | 19th June 2010 04:27 PM |
Syslog-ng Monitor | plexter | OpenBSD Packages and Ports | 8 | 5th February 2010 09:38 PM |
tftp logs | syrushcw | FreeBSD General | 1 | 25th June 2008 04:06 PM |
How do I get network logs? | Johnny2Bad | FreeBSD General | 2 | 22nd May 2008 05:37 PM |