Skip to main content
Topic: Syslog-ng stopped logging. (Read 456 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Syslog-ng stopped logging.

The Files auth.log, user.log, syslog.log, messages.log, kernel.log, iptables.log, everything.log, errors.log, daemon.log and crond.log are no longer updating. I have no idea what's causing this problem.

The Rc.log file is being updated.
There are some error messages, but I think they are caused by optional dependencies.

Code: [Select]
syslog-ng            |Error opening plugin module; module='afsql', error='libdbi.so.1: cannot open shared object file: No such file or directory'
syslog-ng            |Error opening plugin module; module='afmongodb', error='libmongoc-1.0.so.0: cannot open shared object file: No such file or directory'
syslog-ng            |Error opening plugin module; module='afsnmp', error='libnetsnmp.so.40: cannot open shared object file: No such file or directory'
syslog-ng            |Error opening plugin module; module='afsmtp', error='libesmtp.so.6.2.0: cannot open shared object file: No such file or directory'
syslog-ng            |Error opening plugin module; module='afamqp', error='librabbitmq.so.4: cannot open shared object file: No such file or directory'

Here is the content of the /etc/syslog-ng/syslog-ng.conf file.
Code: [Select]
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#

@version: 4.8
@include "scl.conf"

source s_local {
        system();
        internal();
};

source s_network {
        default-network-drivers(
                # NOTE: TLS support
                #
                # the default-network-drivers() source driver opens the TLS
                # enabled ports as well, however without an actual key/cert
                # pair they will not operate and syslog-ng would display a
                # warning at startup.
                #
                #tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
        );
};

destination d_local {
        file("/var/log/messages");
        file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
destination d_acpid {
        file("/var/log/acpid.log");
};
destination d_authlog {
        file("/var/log/auth.log");
};
destination d_console {
        usertty("root");
};
destination d_cron {
        file("/var/log/crond.log");
};
destination d_daemon {
        file("/var/log/daemon.log");
};
destination d_debug {
        file("/var/log/debug.log");
};
destination d_errors {
        file("/var/log/errors.log");
};
destination d_everything {
        file("/var/log/everything.log");
};
destination d_iptables {
        file("/var/log/iptables.log");
};
destination d_kernel {
        file("/var/log/kernel.log");
};
destination d_lpr {
        file("/var/log/lpr.log");
};
destination d_mail {
        file("/var/log/mail.log");
};
destination d_messages {
        file("/var/log/messages.log");
};
destination d_news {
        file("/var/log/news.log");
};
destination d_ppp {
        file("/var/log/ppp.log");
};
destination d_syslog {
        file("/var/log/syslog.log");
};
# Log everything to tty12
destination d_tty12 {
        file("/dev/tty12");
};
destination d_user {
        file("/var/log/user.log");
};
destination d_uucp {
        file("/var/log/uucp.log");
};

filter f_acpid {
        program("acpid");
};
filter f_auth {
        facility(auth);
};
filter f_authpriv {
        facility(auth, authpriv);
};
filter f_crit {
        level(crit);
};
filter f_cron {
        facility(cron);
};
filter f_daemon {
        facility(daemon);
};
filter f_debug {
        not facility(auth, authpriv, news, mail);
};
filter f_emergency {
        level(emerg);
};
filter f_err {
        level(err);
};
filter f_everything {
        level(debug..emerg) and not facility(auth, authpriv);
};
filter f_info {
        level(info);
};
filter f_iptables {
        match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE"));
};
filter f_kernel {
        facility(kern) and not filter(f_iptables);
};
filter f_lpr {
        facility(lpr);
};
filter f_mail {
        facility(mail);
};
filter f_messages {
        level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables);
};
filter f_news {
        facility(news);
};
filter f_notice {
        level(notice);
};
filter f_ppp {
        facility(local2);
};
filter f_syslog {
        program(syslog-ng);
};
filter f_user {
        facility(user);
};
filter f_uucp {
        facility(uucp);
};
filter f_warn {
        level(warn);
};

log {
        source(s_local);

        # uncomment this line to open port 514 to receive messages
        #source(s_network);
        # destination(d_local);
};
log {
        source(s_local);
        # filter(f_acpid);
        # destination(d_acpid);
};
log {
        source(s_local);
        # filter(f_authpriv);
        # destination(d_authlog);
};
log {
        source(s_local);
        # filter(f_cron);
        # destination(d_cron);
};
log {
        source(s_local);
        # filter(f_daemon);
        # destination(d_daemon);
};
log {
        source(s_local);
#       filter(f_debug);
#       destination(d_debug);
};
log {
        source(s_local);
        # filter(f_emergency);
        # destination(d_console);
};
log {
        source(s_local);
        # filter(f_err);
        # destination(d_errors);
};
log {
        source(s_local);
        # filter(f_everything);
        # destination(d_everything);
};
log {
        source(s_local);
        # filter(f_iptables);
        # destination(d_iptables);
};
log {
        source(s_local);
        # filter(f_kernel);
        # destination(d_kernel);
};
log {
        source(s_local);
        # filter(f_lpr);
        # destination(d_lpr);
};
log {
        source(s_local);
        # filter(f_mail);
        # destination(d_mail);
};
log {
        source(s_local);
        # filter(f_messages);
        # destination(d_messages);
};
log {
        source(s_local);
        # filter(f_news);
        # destination(d_news);
};
log {
        source(s_local);
        # filter(f_ppp);
        # destination(d_ppp);
};
log {
        source(s_local);
        # filter(f_user);
        # destination(d_user);
};
log {
        source(s_local);
        # filter(f_uucp);
        # destination(d_uucp);
};
log {
        source(s_local);
        # filter(f_syslog);
        # destination(d_syslog);
};
# Log everything to tty12
log {
        source(s_local);
        # destination(d_tty12);
};

options {
        chain_hostnames(off);
        create_dirs(no);
        dns_cache(no);
        flush_lines(0);
        group("log");
        keep_hostname(yes);
        log_fifo_size(10000);
        perm(0640);
        stats(freq(0));
        time_reopen(10);
        use_dns(no);
        use_fqdn(no);
};

Re: Syslog-ng stopped logging.

Reply #1
I think this is just the recent change to the default config file which actually disables logging. You should have gotten this upgrade message in theory. Note, I don't know anything syslog-ng configuration so I don't know what you would actually do to renable the logging.

Re: Syslog-ng stopped logging.

Reply #2
I think this is just the recent change to the default config file which actually disables logging.
That's hilarious on a few levels. Like why would the default be no logging and why would the message not at least give some explanation of what you'd need to do to enable logging?

@teyuss
After using syslog-ng for years I grew sick of the way it handles python and dependencies and also regular minor semantic changes to the configuration file format.
So I switched to metalog. After reading this thread I'm glad I did.

Re: Syslog-ng stopped logging.

Reply #3
OK, reverting the configuration file back to version 4.6 fixed the problem...
Does anyone have any idea where to change the configuration file so that syslog start logging again?
4.6
Code: [Select]
@version: 4.6
@include "scl.conf"
#
# /etc/syslog-ng/syslog-ng.conf
#

options {
  stats_freq (0);
  flush_lines (0);
  time_reopen (10);
  log_fifo_size (10000);
  chain_hostnames (off);
  dns_cache (no);
  use_dns (no);
  use_fqdn (no);
  create_dirs (no);
  keep_hostname (yes);
  perm(0640);
  group("log");
};

source src {
  system();
  internal();
};

destination d_authlog { file("/var/log/auth.log"); };
destination d_syslog { file("/var/log/syslog.log"); };
destination d_cron { file("/var/log/crond.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kernel { file("/var/log/kernel.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_news { file("/var/log/news.log"); };
destination d_ppp { file("/var/log/ppp.log"); };
destination d_debug { file("/var/log/debug.log"); };
destination d_messages { file("/var/log/messages.log"); };
destination d_errors { file("/var/log/errors.log"); };
destination d_everything { file("/var/log/everything.log"); };
destination d_iptables { file("/var/log/iptables.log"); };
destination d_acpid { file("/var/log/acpid.log"); };
destination d_console { usertty("root"); };

# Log everything to tty12
destination console_all { file("/dev/tty12"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_acpid { program("acpid"); };

log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); filter(f_syslog); destination(d_syslog); };
log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_daemon); destination(d_daemon); };
log { source(src); filter(f_kernel); destination(d_kernel); };
log { source(src); filter(f_lpr); destination(d_lpr); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_news); destination(d_news); };
log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
log { source(src); filter(f_everything); destination(d_everything); };
log { source(src); filter(f_iptables); destination(d_iptables); };

# Log everything to tty12
#log { source(src); destination(console_all); };
4.8
Code: [Select]
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#

@version: 4.8
@include "scl.conf"

source s_local {
system();
internal();
};

source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};

destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
destination d_acpid {
file("/var/log/acpid.log");
};
destination d_authlog {
file("/var/log/auth.log");
};
destination d_console {
usertty("root");
};
destination d_cron {
file("/var/log/crond.log");
};
destination d_daemon {
file("/var/log/daemon.log");
};
destination d_debug {
file("/var/log/debug.log");
};
destination d_errors {
file("/var/log/errors.log");
};
destination d_everything {
file("/var/log/everything.log");
};
destination d_iptables {
file("/var/log/iptables.log");
};
destination d_kernel {
file("/var/log/kernel.log");
};
destination d_lpr {
file("/var/log/lpr.log");
};
destination d_mail {
file("/var/log/mail.log");
};
destination d_messages {
file("/var/log/messages.log");
};
destination d_news {
file("/var/log/news.log");
};
destination d_ppp {
file("/var/log/ppp.log");
};
destination d_syslog {
file("/var/log/syslog.log");
};
# Log everything to tty12
destination d_tty12 {
file("/dev/tty12");
};
destination d_user {
file("/var/log/user.log");
};
destination d_uucp {
file("/var/log/uucp.log");
};

filter f_acpid {
program("acpid");
};
filter f_auth {
facility(auth);
};
filter f_authpriv {
facility(auth, authpriv);
};
filter f_crit {
level(crit);
};
filter f_cron {
facility(cron);
};
filter f_daemon {
facility(daemon);
};
filter f_debug {
not facility(auth, authpriv, news, mail);
};
filter f_emergency {
level(emerg);
};
filter f_err {
level(err);
};
filter f_everything {
level(debug..emerg) and not facility(auth, authpriv);
};
filter f_info {
level(info);
};
filter f_iptables {
match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE"));
};
filter f_kernel {
facility(kern) and not filter(f_iptables);
};
filter f_lpr {
facility(lpr);
};
filter f_mail {
facility(mail);
};
filter f_messages {
level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables);
};
filter f_news {
facility(news);
};
filter f_notice {
level(notice);
};
filter f_ppp {
facility(local2);
};
filter f_syslog {
program(syslog-ng);
};
filter f_user {
facility(user);
};
filter f_uucp {
facility(uucp);
};
filter f_warn {
level(warn);
};

log {
source(s_local);

# uncomment this line to open port 514 to receive messages
#source(s_network);
# destination(d_local);
};
log {
source(s_local);
# filter(f_acpid);
# destination(d_acpid);
};
log {
source(s_local);
# filter(f_authpriv);
# destination(d_authlog);
};
log {
source(s_local);
# filter(f_cron);
# destination(d_cron);
};
log {
source(s_local);
# filter(f_daemon);
# destination(d_daemon);
};
log {
source(s_local);
# filter(f_debug);
# destination(d_debug);
};
log {
source(s_local);
# filter(f_emergency);
# destination(d_console);
};
log {
source(s_local);
# filter(f_err);
# destination(d_errors);
};
log {
source(s_local);
# filter(f_everything);
# destination(d_everything);
};
log {
source(s_local);
# filter(f_iptables);
# destination(d_iptables);
};
log {
source(s_local);
# filter(f_kernel);
# destination(d_kernel);
};
log {
source(s_local);
# filter(f_lpr);
# destination(d_lpr);
};
log {
source(s_local);
# filter(f_mail);
# destination(d_mail);
};
log {
source(s_local);
# filter(f_messages);
# destination(d_messages);
};
log {
source(s_local);
# filter(f_news);
# destination(d_news);
};
log {
source(s_local);
# filter(f_ppp);
# destination(d_ppp);
};
log {
source(s_local);
# filter(f_user);
# destination(d_user);
};
log {
source(s_local);
# filter(f_uucp);
# destination(d_uucp);
};
log {
source(s_local);
# filter(f_syslog);
# destination(d_syslog);
};
# Log everything to tty12
log {
source(s_local);
# destination(d_tty12);
};

options {
chain_hostnames(off);
create_dirs(no);
dns_cache(no);
flush_lines(0);
group("log");
keep_hostname(yes);
log_fifo_size(10000);
perm(0640);
stats(freq(0));
time_reopen(10);
use_dns(no);
use_fqdn(no);
};


Re: Syslog-ng stopped logging.

Reply #4
hello,
same here. not the first time syslog-ng does weird things, or writes a s**tload of errors at boot :p
so i disable syslog-ng, removed it and installed "rsyslog-nosystemd-git" with pamac from AUR.
then wrote a small init file for openrc in /etc/init.d/rsyslog :

Code: [Select]
#!/usr/bin/openrc-run

command=/usr/sbin/rsyslogd
name="enhanced syslogd"
 
depend()
{
        provide rsyslogd syslog
        need $remote_fs $time
}

finally, i can enable & launch the rsyslog service, and have all my normal log files in a reliable way :)
(i've used rsyslog for years, it just works and has never betrayed me  :-* )