The Files auth.log, user.log, syslog.log, messages.log, kernel.log, iptables.log, everything.log, errors.log, daemon.log and crond.log are no longer updating. I have no idea what's causing this problem.
The Rc.log file is being updated.
There are some error messages, but I think they are caused by optional dependencies.
syslog-ng |Error opening plugin module; module='afsql', error='libdbi.so.1: cannot open shared object file: No such file or directory'
syslog-ng |Error opening plugin module; module='afmongodb', error='libmongoc-1.0.so.0: cannot open shared object file: No such file or directory'
syslog-ng |Error opening plugin module; module='afsnmp', error='libnetsnmp.so.40: cannot open shared object file: No such file or directory'
syslog-ng |Error opening plugin module; module='afsmtp', error='libesmtp.so.6.2.0: cannot open shared object file: No such file or directory'
syslog-ng |Error opening plugin module; module='afamqp', error='librabbitmq.so.4: cannot open shared object file: No such file or directory'
Here is the content of the /etc/syslog-ng/syslog-ng.conf file.
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#
@version: 4.8
@include "scl.conf"
source s_local {
system();
internal();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
destination d_acpid {
file("/var/log/acpid.log");
};
destination d_authlog {
file("/var/log/auth.log");
};
destination d_console {
usertty("root");
};
destination d_cron {
file("/var/log/crond.log");
};
destination d_daemon {
file("/var/log/daemon.log");
};
destination d_debug {
file("/var/log/debug.log");
};
destination d_errors {
file("/var/log/errors.log");
};
destination d_everything {
file("/var/log/everything.log");
};
destination d_iptables {
file("/var/log/iptables.log");
};
destination d_kernel {
file("/var/log/kernel.log");
};
destination d_lpr {
file("/var/log/lpr.log");
};
destination d_mail {
file("/var/log/mail.log");
};
destination d_messages {
file("/var/log/messages.log");
};
destination d_news {
file("/var/log/news.log");
};
destination d_ppp {
file("/var/log/ppp.log");
};
destination d_syslog {
file("/var/log/syslog.log");
};
# Log everything to tty12
destination d_tty12 {
file("/dev/tty12");
};
destination d_user {
file("/var/log/user.log");
};
destination d_uucp {
file("/var/log/uucp.log");
};
filter f_acpid {
program("acpid");
};
filter f_auth {
facility(auth);
};
filter f_authpriv {
facility(auth, authpriv);
};
filter f_crit {
level(crit);
};
filter f_cron {
facility(cron);
};
filter f_daemon {
facility(daemon);
};
filter f_debug {
not facility(auth, authpriv, news, mail);
};
filter f_emergency {
level(emerg);
};
filter f_err {
level(err);
};
filter f_everything {
level(debug..emerg) and not facility(auth, authpriv);
};
filter f_info {
level(info);
};
filter f_iptables {
match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE"));
};
filter f_kernel {
facility(kern) and not filter(f_iptables);
};
filter f_lpr {
facility(lpr);
};
filter f_mail {
facility(mail);
};
filter f_messages {
level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables);
};
filter f_news {
facility(news);
};
filter f_notice {
level(notice);
};
filter f_ppp {
facility(local2);
};
filter f_syslog {
program(syslog-ng);
};
filter f_user {
facility(user);
};
filter f_uucp {
facility(uucp);
};
filter f_warn {
level(warn);
};
log {
source(s_local);
# uncomment this line to open port 514 to receive messages
#source(s_network);
# destination(d_local);
};
log {
source(s_local);
# filter(f_acpid);
# destination(d_acpid);
};
log {
source(s_local);
# filter(f_authpriv);
# destination(d_authlog);
};
log {
source(s_local);
# filter(f_cron);
# destination(d_cron);
};
log {
source(s_local);
# filter(f_daemon);
# destination(d_daemon);
};
log {
source(s_local);
# filter(f_debug);
# destination(d_debug);
};
log {
source(s_local);
# filter(f_emergency);
# destination(d_console);
};
log {
source(s_local);
# filter(f_err);
# destination(d_errors);
};
log {
source(s_local);
# filter(f_everything);
# destination(d_everything);
};
log {
source(s_local);
# filter(f_iptables);
# destination(d_iptables);
};
log {
source(s_local);
# filter(f_kernel);
# destination(d_kernel);
};
log {
source(s_local);
# filter(f_lpr);
# destination(d_lpr);
};
log {
source(s_local);
# filter(f_mail);
# destination(d_mail);
};
log {
source(s_local);
# filter(f_messages);
# destination(d_messages);
};
log {
source(s_local);
# filter(f_news);
# destination(d_news);
};
log {
source(s_local);
# filter(f_ppp);
# destination(d_ppp);
};
log {
source(s_local);
# filter(f_user);
# destination(d_user);
};
log {
source(s_local);
# filter(f_uucp);
# destination(d_uucp);
};
log {
source(s_local);
# filter(f_syslog);
# destination(d_syslog);
};
# Log everything to tty12
log {
source(s_local);
# destination(d_tty12);
};
options {
chain_hostnames(off);
create_dirs(no);
dns_cache(no);
flush_lines(0);
group("log");
keep_hostname(yes);
log_fifo_size(10000);
perm(0640);
stats(freq(0));
time_reopen(10);
use_dns(no);
use_fqdn(no);
};
I think this is just the recent change to the default config file which actually disables logging. You should have gotten this upgrade message (https://gitea.artixlinux.org/packages/syslog-ng/src/branch/master/syslog-ng.install) in theory. Note, I don't know anything syslog-ng configuration so I don't know what you would actually do to renable the logging.
That's hilarious on a few levels. Like why would the default be no logging and why would the message not at least give some explanation of what you'd need to do to enable logging?
@teyuss After using syslog-ng for years I grew sick of the way it handles python and dependencies and also regular minor semantic changes to the configuration file format.
So I switched to metalog. After reading this thread I'm glad I did.
OK, reverting the configuration file back to version 4.6 fixed the problem...
Does anyone have any idea where to change the configuration file so that syslog start logging again?
4.6
@version: 4.6
@include "scl.conf"
#
# /etc/syslog-ng/syslog-ng.conf
#
options {
stats_freq (0);
flush_lines (0);
time_reopen (10);
log_fifo_size (10000);
chain_hostnames (off);
dns_cache (no);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
perm(0640);
group("log");
};
source src {
system();
internal();
};
destination d_authlog { file("/var/log/auth.log"); };
destination d_syslog { file("/var/log/syslog.log"); };
destination d_cron { file("/var/log/crond.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kernel { file("/var/log/kernel.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_news { file("/var/log/news.log"); };
destination d_ppp { file("/var/log/ppp.log"); };
destination d_debug { file("/var/log/debug.log"); };
destination d_messages { file("/var/log/messages.log"); };
destination d_errors { file("/var/log/errors.log"); };
destination d_everything { file("/var/log/everything.log"); };
destination d_iptables { file("/var/log/iptables.log"); };
destination d_acpid { file("/var/log/acpid.log"); };
destination d_console { usertty("root"); };
# Log everything to tty12
destination console_all { file("/dev/tty12"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_acpid { program("acpid"); };
log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); filter(f_syslog); destination(d_syslog); };
log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_daemon); destination(d_daemon); };
log { source(src); filter(f_kernel); destination(d_kernel); };
log { source(src); filter(f_lpr); destination(d_lpr); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_news); destination(d_news); };
log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
log { source(src); filter(f_everything); destination(d_everything); };
log { source(src); filter(f_iptables); destination(d_iptables); };
# Log everything to tty12
#log { source(src); destination(console_all); };
4.8
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#
@version: 4.8
@include "scl.conf"
source s_local {
system();
internal();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
destination d_acpid {
file("/var/log/acpid.log");
};
destination d_authlog {
file("/var/log/auth.log");
};
destination d_console {
usertty("root");
};
destination d_cron {
file("/var/log/crond.log");
};
destination d_daemon {
file("/var/log/daemon.log");
};
destination d_debug {
file("/var/log/debug.log");
};
destination d_errors {
file("/var/log/errors.log");
};
destination d_everything {
file("/var/log/everything.log");
};
destination d_iptables {
file("/var/log/iptables.log");
};
destination d_kernel {
file("/var/log/kernel.log");
};
destination d_lpr {
file("/var/log/lpr.log");
};
destination d_mail {
file("/var/log/mail.log");
};
destination d_messages {
file("/var/log/messages.log");
};
destination d_news {
file("/var/log/news.log");
};
destination d_ppp {
file("/var/log/ppp.log");
};
destination d_syslog {
file("/var/log/syslog.log");
};
# Log everything to tty12
destination d_tty12 {
file("/dev/tty12");
};
destination d_user {
file("/var/log/user.log");
};
destination d_uucp {
file("/var/log/uucp.log");
};
filter f_acpid {
program("acpid");
};
filter f_auth {
facility(auth);
};
filter f_authpriv {
facility(auth, authpriv);
};
filter f_crit {
level(crit);
};
filter f_cron {
facility(cron);
};
filter f_daemon {
facility(daemon);
};
filter f_debug {
not facility(auth, authpriv, news, mail);
};
filter f_emergency {
level(emerg);
};
filter f_err {
level(err);
};
filter f_everything {
level(debug..emerg) and not facility(auth, authpriv);
};
filter f_info {
level(info);
};
filter f_iptables {
match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE"));
};
filter f_kernel {
facility(kern) and not filter(f_iptables);
};
filter f_lpr {
facility(lpr);
};
filter f_mail {
facility(mail);
};
filter f_messages {
level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables);
};
filter f_news {
facility(news);
};
filter f_notice {
level(notice);
};
filter f_ppp {
facility(local2);
};
filter f_syslog {
program(syslog-ng);
};
filter f_user {
facility(user);
};
filter f_uucp {
facility(uucp);
};
filter f_warn {
level(warn);
};
log {
source(s_local);
# uncomment this line to open port 514 to receive messages
#source(s_network);
# destination(d_local);
};
log {
source(s_local);
# filter(f_acpid);
# destination(d_acpid);
};
log {
source(s_local);
# filter(f_authpriv);
# destination(d_authlog);
};
log {
source(s_local);
# filter(f_cron);
# destination(d_cron);
};
log {
source(s_local);
# filter(f_daemon);
# destination(d_daemon);
};
log {
source(s_local);
# filter(f_debug);
# destination(d_debug);
};
log {
source(s_local);
# filter(f_emergency);
# destination(d_console);
};
log {
source(s_local);
# filter(f_err);
# destination(d_errors);
};
log {
source(s_local);
# filter(f_everything);
# destination(d_everything);
};
log {
source(s_local);
# filter(f_iptables);
# destination(d_iptables);
};
log {
source(s_local);
# filter(f_kernel);
# destination(d_kernel);
};
log {
source(s_local);
# filter(f_lpr);
# destination(d_lpr);
};
log {
source(s_local);
# filter(f_mail);
# destination(d_mail);
};
log {
source(s_local);
# filter(f_messages);
# destination(d_messages);
};
log {
source(s_local);
# filter(f_news);
# destination(d_news);
};
log {
source(s_local);
# filter(f_ppp);
# destination(d_ppp);
};
log {
source(s_local);
# filter(f_user);
# destination(d_user);
};
log {
source(s_local);
# filter(f_uucp);
# destination(d_uucp);
};
log {
source(s_local);
# filter(f_syslog);
# destination(d_syslog);
};
# Log everything to tty12
log {
source(s_local);
# destination(d_tty12);
};
options {
chain_hostnames(off);
create_dirs(no);
dns_cache(no);
flush_lines(0);
group("log");
keep_hostname(yes);
log_fifo_size(10000);
perm(0640);
stats(freq(0));
time_reopen(10);
use_dns(no);
use_fqdn(no);
};
hello,
same here. not the first time syslog-ng does weird things, or writes a s**tload of errors at boot :p
so i disable syslog-ng, removed it and installed "rsyslog-nosystemd-git" with pamac from AUR.
then wrote a small init file for openrc in /etc/init.d/rsyslog :
#!/usr/bin/openrc-run
command=/usr/sbin/rsyslogd
name="enhanced syslogd"
depend()
{
provide rsyslogd syslog
need $remote_fs $time
}
finally, i can enable & launch the rsyslog service, and have all my normal log files in a reliable way :)
(i've used rsyslog for years, it just works and has never betrayed me :-* )
Ok, it seems nobody provided an actual answer on how to fix this properly, so here is an explanation.
This has nothing to do with the missing dependencies, this behavior is caused by the fact that syslog-ng is unconfigured, and that the default configuration is to not log anything by default.
There are basically four "parts" in the logging configuration: /etc/syslog-ng/syslog-ng.conf
- The first one is the source. We won't change this, because the problem doesn't come from there. They are the first two definitions of the default config, and look like this:
source s_local {
system();
internal();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
- Then, we have the destination of logs (i.e. the location of the logs). It is the part of the config that looks like this:
destination d_errors {
file("/var/log/errors.log");
}; - Next is the filter (i.e. what to log). This is defined by the parts of the config that look like this:
filter f_err {
level(err);
}; - The last part is the actual log definition. In it, we need to specify the source, destination and filter to use. This definition looks like this:
log {
source(s_local);
filter(f_err);
destination(d_errors);
};
Now, if we take a look at the default configuration (version 4.8 ), we can see that all the log definitions (at the bottom of the file) have a source specified, but that the destination and filter are commented everywhere. To enable logging, we just need to uncomment them. For instance, if we wish to enable authentication logs, error logs, and kernel logs, we can simply do the following:
log {
source(s_local);
filter(f_authpriv); # we uncommented this
destination(d_authlog); # we uncommented this
};
log {
source(s_local);
filter(f_err); # we uncommented this
destination(d_errors); # we uncommented this
};
log {
source(s_local);
filter(f_kernel); # we uncommented this
destination(d_kernel); # we uncommented this
};
But not logging anything by default is a questionable choice, indeed.
I switched to world/metalog thanks for letting us know.
1· It has only two deps and they are probably installed already.
2·
3· Sane default to have a log. What the point of running without logging just wasting resources?