Hello forum members,
Am having a bit of trouble getting syslog-ng 3.9.1 to write log files on OpenBSD 6.2. The O/S was installed from scratch, then syslog-ng, then BIND. No other packages except syslog-ng and BIND dependencies have been installed. No binaries or libs from BIND conflict or replace any from the syslog-ng installation.
The configuration was copied over from another OpenBSD system running an older syslog-ng. The required changes to the .conf file were made so that syslog-ng with supervisor starts and remains running. By killing the syslog-ng process I was able to test that the supervisor process restarts syslog-ng. The rc.d script starts, stops and restarts syslog-ng as expected. /usr/local/sbin/syslog-ng -s returns no errors, indicating that the config file is sane. In /var/log the only thing it writes are kernel and syslog-ng start/stop messages.
In an effort to find the problem, a stub syslog-ng.conf file was created with the following contents:
Code:
@version: 3.9.1
source s_local {
unix-dgram("/dev/log");
file("/dev/klog" program_override("kernel: "));
internal();
};
#
destination catchall { file(/var/log/catchall); };
log { source(s_local); destination(catchall); };
The permissions and ownership on /var, /var/log, /var/run, and /etc are correct according to /etc/mtree/special. Syslog-ng starts so that it retains root permissions (default) and creates /dev/log if it does not exist. My syslog_ng_flags are:
Code:
"-R /var/run/syslog_ng.persist -c /var/run/syslog_ng.ctl -p /var/run/syslog_ng.pid"
The output of syslog-ng -V is:
Code:
syslog-ng 3.9.1
Installer-Version: 3.9.1
Revision:
Module-Directory: /usr/local/lib/syslog-ng
Module-Path: /usr/local/lib/syslog-ng
Available-Modules: affile,afprog,afsocket,afsql,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,curl,date,dbparser,disk-buffer,geoip-plugin,graphite,kvformat,linux-kmsg-format,pseudofile,system-source,add-contextual-data,json-plugin,syslogformat
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: off
On my hunt I foud a message on NARKIVE where a user was having the same problem with syslog-ng 3.6 on OpenBSD 5.9, there was no solution. There was a reply saying: "With the changes in 5.6 using sendsyslog(2), only syslogd picks up local syslog. Search the openbsd-ports list for syslog-ng to see some comments on it.". A further search turned up nothing. This begs the question: Is this the same problem and if so, how did this package make it onto the official OpenBSD package mirror-sites?
Many thanks in advance.
CB