Hi,
I need help on syslog-ng on RHEL 7.2. It is working as expected.
As per configuration, it is supposed to create authlog, messages and xymessages daily in respective folder of date. But I can see only messages file and that is also not updating well.
[root@client32 /]# ps -ef | grep -i syslog
root 22954 1 0 14:18 ? 00:00:00 supervising syslog-ng
netlog 22955 22954 0 14:18 ? 00:00:00 /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
root 22979 22754 0 14:22 pts/1 00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# kill -9 22954 22955
[root@client32 /]# >/export/logs/var/run/syslog-ng.pid
[root@client32 /]#
[root@client32 /]# ps -ef | grep -i syslog
root 22981 22754 0 14:22 pts/1 00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
[root@client32 /]#
[root@client32 /]# ps -ef | grep -i syslog
root 22983 1 0 14:22 ? 00:00:00 supervising syslog-ng
netlog 22984 22983 0 14:22 ? 00:00:00 /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
root 22987 22754 0 14:22 pts/1 00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# cat /export/logs/SoWA/syslog-ng.conf
@version:3.5
options {
threaded (yes);
time_reopen (10);
chain_hostnames (off);
use_dns (yes);
dns_cache (yes);
dns_cache_size (2000);
dns_cache_expire (86400);
use_fqdn (no);
keep_hostname (yes);
stats_freq (0);
stats_level (1);
log_msg_size (16384);
log_fifo_size (8000000);
create_dirs(yes);
owner(netlog);
group(netlog);
perm(0640);
dir_owner(netlog);
dir_group(netlog);
dir_perm(0750);
};
source s_clc {
internal();
tcp(ip("172.30.130.11") port(5140) max-connections(250) so_rcvbuf(425984)log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
};
source s_neteng {
udp(port(5144));
};
source s_psap {
udp(port(5142));
};
#source s_psap2 {
# udp(port(514));
#};
filter f_mesg { level(info..emerg) and not facility(mail,authpriv,auth,cron,local0) };
filter f_local { facility(local1,local2,local3,local4,local5,local6,local7); };
filter f_auth { facility(auth) and level(info..emerg); };
filter f_xy { facility(local0); };
destination d_clc_mesg {
file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/messages" perm(0644) dir_perm(0755));
};
destination d_clc_auth {
file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/authlog" perm(0640) dir_perm(0755));
};
destination d_clc_xy {
file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/xymessages" perm(0644) dir_perm(0755));
};
destination d_neteng {
file("/export/logs/SoWA/neteng/$YEAR-$MONTH-$DAY.log" perm(0644) dir_perm(0755));
};
destination d_psap {
file("/export/logs/SoWA/psap/$YEAR-$MONTH-$DAY.log" perm(0644) dir_perm(0755));
};
destination d_local {
file("/var/log/local" perm(0640) dir_perm(0755));
};
log {source(s_clc); filter(f_mesg); destination(d_clc_mesg); };
log {source(s_clc); filter(f_auth); destination(d_clc_auth); };
log {source(s_clc); filter(f_xy); destination(d_clc_xy); };
log {source(s_clc); filter(f_local); destination(d_local); };
log {source(s_neteng); destination(d_neteng); };
log {source(s_psap); destination(d_psap); };
#log {source(s_psap2); destination(d_psap); };
[root@client32 /]#
[root@client32 /]# ls -ltr /export/logs/SoWA/clc/2019-01-18
total 4
-rw-r--r--. 1 netlog netlog 1506 Jan 18 14:22 messages
[root@client32 /]#
[root@client32 /]# cat /export/logs/SoWA/clc/2019-01-18/messages
Jan 18 12:18:42 client32 syslog-ng[22623]: syslog-ng starting up; version='3.5.6'
Jan 18 12:18:42 client32 syslog-ng[22623]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 12:27:23 client32 syslog-ng[22689]: syslog-ng starting up; version='3.5.6'
Jan 18 12:27:23 client32 syslog-ng[22689]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 13:09:55 client32 syslog-ng[22780]: syslog-ng starting up; version='3.5.6'
Jan 18 13:09:55 client32 syslog-ng[22780]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 13:39:17 client32 syslog-ng[22868]: syslog-ng starting up; version='3.5.6'
Jan 18 13:39:17 client32 syslog-ng[22868]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 14:18:34 client32 syslog-ng[22955]: syslog-ng starting up; version='3.5.6'
Jan 18 14:18:34 client32 syslog-ng[22955]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 14:22:54 client32 syslog-ng[22984]: syslog-ng starting up; version='3.5.6'
Jan 18 14:22:54 client32 syslog-ng[22984]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
[root@client32 /]# ss -ltupn|grep 5140
tcp LISTEN 0 128 172.30.130.11:5140 *:* users:(("syslog-ng",pid=22984,fd=8))
[root@client32 /]#
[root@client32 /]# ss -ltupn|grep 5144
udp UNCONN 0 0 *:5144 *:* users:(("syslog-ng",pid=22984,fd=9))
[root@client32 /]#
[root@client32 /]# ss -ltupn|grep 5142
udp UNCONN 0 0 *:5142 *:* users:(("syslog-ng",pid=22984,fd=10))
[root@client32 /]#
[root@client32 ~]# lsof -n | grep syslog-ng
syslog-ng 22983 root cwd DIR 253,0 4096 128 /
syslog-ng 22983 root rtd DIR 253,0 4096 128 /
syslog-ng 22983 root txt REG 253,0 15912 101692219 /usr/sbin/syslog-ng
syslog-ng 22983 root mem REG 253,0 57824 100675697 /usr/lib64/libnss_files-2.17.so
syslog-ng 22983 root mem REG 253,0 15688 100836944 /usr/lib64/libkeyutils.so.1.5
syslog-ng 22983 root mem REG 253,0 62720 100837521 /usr/lib64/libkrb5support.so.0.1
syslog-ng 22983 root mem REG 253,0 68192 100754073 /usr/lib64/libbz2.so.1.0.6
syslog-ng 22983 root mem REG 253,0 91496 100754089 /usr/lib64/libelf-0.163.so
syslog-ng 22983 root mem REG 253,0 90632 100753944 /usr/lib64/libz.so.1.2.7
syslog-ng 22983 root mem REG 253,0 202576 100837509 /usr/lib64/libk5crypto.so.3.1
syslog-ng 22983 root mem REG 253,0 15840 100753981 /usr/lib64/libcom_err.so.2.1
syslog-ng 22983 root mem REG 253,0 950496 100837519 /usr/lib64/libkrb5.so.3.3
syslog-ng 22983 root mem REG 253,0 316528 100837505 /usr/lib64/libgssapi_krb5.so.2.2
syslog-ng 22983 root mem REG 253,0 297464 100836529 /usr/lib64/libdw-0.163.so
syslog-ng 22983 root mem REG 253,0 110808 100675707 /usr/lib64/libresolv-2.17.so
syslog-ng 22983 root mem REG 253,0 19384 100754099 /usr/lib64/libgpg-error.so.0.10.0
syslog-ng 22983 root mem REG 253,0 534488 100836491 /usr/lib64/libgcrypt.so.11.8.2
syslog-ng 22983 root mem REG 253,0 153192 100675737 /usr/lib64/liblzma.so.5.0.99
syslog-ng 22983 root mem REG 253,0 147120 100753941 /usr/lib64/libselinux.so.1
syslog-ng 22983 root mem REG 253,0 1141552 100675687 /usr/lib64/libm-2.17.so
syslog-ng 22983 root mem REG 253,0 88720 100663429 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
syslog-ng 22983 root mem REG 253,0 19888 100754109 /usr/lib64/libattr.so.1.1.0
syslog-ng 22983 root mem REG 253,0 20032 100753974 /usr/lib64/libuuid.so.1.3.0
syslog-ng 22983 root mem REG 253,0 2012880 100837531 /usr/lib64/libcrypto.so.1.0.1e
syslog-ng 22983 root mem REG 253,0 449864 100837533 /usr/lib64/libssl.so.1.0.1e
syslog-ng 22983 root mem REG 253,0 2107816 100675679 /usr/lib64/libc-2.17.so
syslog-ng 22983 root mem REG 253,0 142296 100675705 /usr/lib64/libpthread-2.17.so
syslog-ng 22983 root mem REG 253,0 50664 101692178 /usr/lib64/libivykis.so.0.3.5
syslog-ng 22983 root mem REG 253,0 19512 100675685 /usr/lib64/libdl-2.17.so
syslog-ng 22983 root mem REG 253,0 398272 100753930 /usr/lib64/libpcre.so.1.2.0
syslog-ng 22983 root mem REG 253,0 20024 100836481 /usr/lib64/libcap.so.2.22
syslog-ng 22983 root mem REG 253,0 19696 101692180 /usr/lib64/libevtlog.so.0.0.0
syslog-ng 22983 root mem REG 253,0 1287944 100836981 /usr/lib64/libglib-2.0.so.0.4200.2
syslog-ng 22983 root mem REG 253,0 6928 100836987 /usr/lib64/libgthread-2.0.so.0.4200.2
syslog-ng 22983 root mem REG 253,0 15616 100836983 /usr/lib64/libgmodule-2.0.so.0.4200.2
syslog-ng 22983 root mem REG 253,0 113320 100675689 /usr/lib64/libnsl-2.17.so
syslog-ng 22983 root mem REG 253,0 44088 100675709 /usr/lib64/librt-2.17.so
syslog-ng 22983 root mem REG 253,0 602272 101692204 /usr/lib64/libsyslog-ng-3.5.6.so
syslog-ng 22983 root mem REG 253,0 164432 100675672 /usr/lib64/ld-2.17.so
syslog-ng 22983 root mem REG 253,0 26254 33610376 /usr/lib64/gconv/gconv-modules.cache
syslog-ng 22983 root mem REG 253,0 162544 101024593 /usr/lib64/libsystemd.so.0.6.0
syslog-ng 22983 root 0r CHR 1,3 0t0 4674 /dev/null
syslog-ng 22983 root 1w CHR 1,3 0t0 4674 /dev/null
syslog-ng 22983 root 2w CHR 1,3 0t0 4674 /dev/null
syslog-ng 22984 netlog cwd DIR 253,2 70 67120234 /var/lib/syslog-ng
syslog-ng 22984 netlog rtd DIR 253,0 4096 128 /
syslog-ng 22984 netlog txt REG 253,0 15912 101692219 /usr/sbin/syslog-ng
syslog-ng 22984 netlog mem REG 253,0 48856 101692217 /usr/lib64/syslog-ng/libsyslogformat.so
syslog-ng 22984 netlog mem REG 253,0 79224 101692205 /usr/lib64/syslog-ng/libaffile.so
syslog-ng 22984 netlog mem REG 253,0 42520 100836930 /usr/lib64/libwrap.so.0.7.6
syslog-ng 22984 netlog mem REG 253,0 93288 101692182 /usr/lib64/libnet.so.1.7.0
syslog-ng 22984 netlog mem REG 253,0 113912 101172243 /usr/lib64/syslog-ng/libafsocket-tls.so
syslog-ng 22984 netlog mem REG 253,0 56776 100675701 /usr/lib64/libnss_nis-2.17.so
syslog-ng 22984 netlog mem REG 253,0 57824 100675697 /usr/lib64/libnss_files-2.17.so
syslog-ng 22984 netlog mem REG 253,0 15688 100836944 /usr/lib64/libkeyutils.so.1.5
syslog-ng 22984 netlog mem REG 253,0 62720 100837521 /usr/lib64/libkrb5support.so.0.1
syslog-ng 22984 netlog mem REG 253,0 68192 100754073 /usr/lib64/libbz2.so.1.0.6
syslog-ng 22984 netlog mem REG 253,0 91496 100754089 /usr/lib64/libelf-0.163.so
syslog-ng 22984 netlog mem REG 253,0 90632 100753944 /usr/lib64/libz.so.1.2.7
syslog-ng 22984 netlog mem REG 253,0 202576 100837509 /usr/lib64/libk5crypto.so.3.1
syslog-ng 22984 netlog mem REG 253,0 15840 100753981 /usr/lib64/libcom_err.so.2.1
syslog-ng 22984 netlog mem REG 253,0 950496 100837519 /usr/lib64/libkrb5.so.3.3
syslog-ng 22984 netlog mem REG 253,0 316528 100837505 /usr/lib64/libgssapi_krb5.so.2.2
syslog-ng 22984 netlog mem REG 253,0 297464 100836529 /usr/lib64/libdw-0.163.so
syslog-ng 22984 netlog mem REG 253,0 110808 100675707 /usr/lib64/libresolv-2.17.so
syslog-ng 22984 netlog mem REG 253,0 19384 100754099 /usr/lib64/libgpg-error.so.0.10.0
syslog-ng 22984 netlog mem REG 253,0 534488 100836491 /usr/lib64/libgcrypt.so.11.8.2
syslog-ng 22984 netlog mem REG 253,0 153192 100675737 /usr/lib64/liblzma.so.5.0.99
syslog-ng 22984 netlog mem REG 253,0 147120 100753941 /usr/lib64/libselinux.so.1
syslog-ng 22984 netlog mem REG 253,0 1141552 100675687 /usr/lib64/libm-2.17.so
syslog-ng 22984 netlog mem REG 253,0 88720 100663429 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
syslog-ng 22984 netlog mem REG 253,0 19888 100754109 /usr/lib64/libattr.so.1.1.0
syslog-ng 22984 netlog mem REG 253,0 20032 100753974 /usr/lib64/libuuid.so.1.3.0
syslog-ng 22984 netlog mem REG 253,0 2012880 100837531 /usr/lib64/libcrypto.so.1.0.1e
syslog-ng 22984 netlog mem REG 253,0 449864 100837533 /usr/lib64/libssl.so.1.0.1e
syslog-ng 22984 netlog mem REG 253,0 2107816 100675679 /usr/lib64/libc-2.17.so
syslog-ng 22984 netlog mem REG 253,0 142296 100675705 /usr/lib64/libpthread-2.17.so
syslog-ng 22984 netlog mem REG 253,0 50664 101692178 /usr/lib64/libivykis.so.0.3.5
syslog-ng 22984 netlog mem REG 253,0 19512 100675685 /usr/lib64/libdl-2.17.so
syslog-ng 22984 netlog mem REG 253,0 398272 100753930 /usr/lib64/libpcre.so.1.2.0
syslog-ng 22984 netlog mem REG 253,0 20024 100836481 /usr/lib64/libcap.so.2.22
syslog-ng 22984 netlog mem REG 253,0 19696 101692180 /usr/lib64/libevtlog.so.0.0.0
syslog-ng 22984 netlog mem REG 253,0 1287944 100836981 /usr/lib64/libglib-2.0.so.0.4200.2
syslog-ng 22984 netlog mem REG 253,0 6928 100836987 /usr/lib64/libgthread-2.0.so.0.4200.2
syslog-ng 22984 netlog mem REG 253,0 15616 100836983 /usr/lib64/libgmodule-2.0.so.0.4200.2
syslog-ng 22984 netlog mem REG 253,0 113320 100675689 /usr/lib64/libnsl-2.17.so
syslog-ng 22984 netlog mem REG 253,0 44088 100675709 /usr/lib64/librt-2.17.so
syslog-ng 22984 netlog mem REG 253,0 602272 101692204 /usr/lib64/libsyslog-ng-3.5.6.so
syslog-ng 22984 netlog mem REG 253,0 164432 100675672 /usr/lib64/ld-2.17.so
syslog-ng 22984 netlog mem REG 253,0 26254 33610376 /usr/lib64/gconv/gconv-modules.cache
syslog-ng 22984 netlog mem REG 253,0 162544 101024593 /usr/lib64/libsystemd.so.0.6.0
syslog-ng 22984 netlog mem REG 253,2 16384 201438312 /var/logging/var/run/syslog-ng.persist
syslog-ng 22984 netlog 0r CHR 1,3 0t0 4674 /dev/null
syslog-ng 22984 netlog 1w CHR 1,3 0t0 4674 /dev/null
syslog-ng 22984 netlog 2w CHR 1,3 0t0 4674 /dev/null
syslog-ng 22984 netlog 3u a_inode 0,9 0 4670 [eventpoll]
syslog-ng 22984 netlog 4w FIFO 0,8 0t0 121437097 pipe
syslog-ng 22984 netlog 5u a_inode 0,9 0 4670 [eventfd]
syslog-ng 22984 netlog 6u a_inode 0,9 0 4670 [eventfd]
syslog-ng 22984 netlog 7u REG 253,2 16384 201438312 /var/logging/var/run/syslog-ng.persist
syslog-ng 22984 netlog 8u IPv4 121437102 0t0 TCP 172.30.130.11:5140 (LISTEN)
syslog-ng 22984 netlog 9u IPv4 121437103 0t0 UDP *:5144
syslog-ng 22984 netlog 10u IPv4 121437104 0t0 UDP *:5142
syslog-ng 22984 netlog 11u a_inode 0,9 0 4670 [eventfd]
syslog-ng 22984 netlog 12u a_inode 0,9 0 4670 [eventfd]
syslog-ng 22984 netlog 13u a_inode 0,9 0 4670 [eventfd]
[root@client32 ~]# netstat -anp | grep syslog
tcp 0 0 172.30.130.11:5140 0.0.0.0:* LISTEN 22984/syslog-ng
udp 0 0 0.0.0.0:5142 0.0.0.0:* 22984/syslog-ng
udp 0 0 0.0.0.0:5144 0.0.0.0:* 22984/syslog-ng
[root@client32 ~]#
Here is output from working as well as non-working server. Only one directory created (messages) and that too blank on client32
[root@working-client /]# ls -l /export/logs/SoWA/clc/2019-01-17
total 36
-rw-r-----. 1 netlog netlog 348 Jan 17 10:28 authlog
-rw-r--r--. 1 netlog netlog 26571 Jan 17 10:30 messages
-rw-r--r--. 1 netlog netlog 1075 Jan 17 09:19 xymessages
[root@working-client /]#
[root@client32]# ls -l /export/logs/SoWA/clc/2019-01-17
total 0
-rw-r--r--. 1 netlog netlog 0 Jan 17 00:15 messages
[root@client32]#