systemctl start syslog-ng error

[devvace]

hi!
# syslog-ng -s is not a problem, but the service cannot be started...
what should i do?
for your information,
if i remove this part in the syslog-ng.conf file,

...
log {
        source(s_mysql);
        filter(f_level);
        destination(d_mysql);
};
...

it works well.

syslog-ng

Version of syslog-ng

[root@localhost ~]# syslog-ng -V
syslog-ng 3.5.6
Installer-Version: 3.5.6
Revision:
Compile-Date: Dec 30 2015 19:57:24
Available-Modules: affile,afprog,afsocket-notls,afsocket-tls,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,linux-kmsg-format,syslogformat,system-source,afsql
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Pcre: on

Platform

CentOS Linux release 7.4.1708 (Core)

Debug bundle

[root@localhost ~]# syslog-ng-debun -r
-bash: syslog-ng-debun: command not found

Issue

Failure

(gdb) run
Starting program: /usr/sbin/syslog-ng
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 16653.
[Inferior 1 (process 16649) exited normally]

and

[root@localhost ~]# journalctl -u syslog-ng
-- Logs begin at 수 2020-08-26 14:54:56 KST, end at 수 2020-08-26 15:04:24 KST. --
 8월 26 15:04:23 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, sta
 8월 26 15:04:23 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:23 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 26 15:04:23 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, sta
 8월 26 15:04:23 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:23 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 26 15:04:23 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, sta
 8월 26 15:04:23 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:23 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:23 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 26 15:04:24 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, sta
 8월 26 15:04:24 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:24 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 26 15:04:24 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, sta
 8월 26 15:04:24 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:24 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 26 15:04:24 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
 8월 26 15:04:24 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:24 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 26 15:04:24 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
 8월 26 15:04:24 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 26 15:04:24 localhost.localdomain systemd[1]: syslog-ng.service failed.

Steps to reproduce

# systemctl start syslog-ng

Configuration

@version:3.5
@include "scl.conf"

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (100000);
    chain_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (yes);
    keep_hostname (yes);
};

source s_sys {
    system();
    internal();
    # udp(ip(0.0.0.0) port(514));
};

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };

filter f_kernel     { facility(kern); };
filter f_default    { level(info..emerg) and
                        not (facility(mail)
                        or facility(authpriv)
                        or facility(cron)); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_emergency  { level(emerg); };
filter f_news       { facility(uucp) or
                        (facility(news)
                        and level(crit..emerg)); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };

#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };


# Nocmate config
source s_mysql {
        udp(port(514));
        tcp(port(514));
};

destination d_mysql {
        sql(type(mysql)
                host("localhost")
                username("root")
                password("password")
                database("syslog")
                table("log")
                columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg")
                values("$SOURCEIP", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG")
                indexes("datetime", "host", "program", "msg"));
};

destination d_file {
        file("/var/log/nocmate/$YEAR/$MONTH/$DAY.txt"
                template("$FULLDATE $MSGHDR$MSG\n")
                template_escape(no)
        );
};


filter f_level {
        level(debug..emerg);
};

log {
        source(s_mysql);
        filter(f_level);
        destination(d_mysql);
};

log {
        source(s_mysql);
        filter(f_level);
        destination(d_file);
};

# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"


# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

[Kokan]

Please start syslog-ng by hand the same way as syslog-ng -s but using the following flags: syslog-ng -Fdev and paste the result here.

[devvace]

thanks for reply,
syslog-ng -Fdev result is..

[root@localhost ~]# syslog-ng -Fdev
nanosleep() is not accurate enough to introduce minor stalls on the reader side, multi-threaded performance may be affected;
Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1'
Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl'
Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
Module loaded and initialized successfully; module='system-source'
Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Reading path for candidate modules; path='//usr/lib64/syslog-ng'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='affile.so', module='affile'
Registering candidate plugin; module='affile', context='source', name='file', preference='0'
Registering candidate plugin; module='affile', context='source', name='pipe', preference='0'
Registering candidate plugin; module='affile', context='destination', name='file', preference='0'
Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog'
Registering candidate plugin; module='afprog', context='source', name='program', preference='0'
Registering candidate plugin; module='afprog', context='destination', name='program', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-notls.so', module='afsocket-notls'
Registering candidate plugin; module='afsocket-notls', context='source', name='unix-stream', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-stream', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='unix-dgram', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-dgram', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='tcp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='tcp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='udp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='udp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='syslog', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='syslog', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source', name='network', preference='0'
Registering candidate plugin; module='afsocket-notls', context='destination', name='network', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket-tls.so', module='afsocket-tls'
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='udp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='udp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='udp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='udp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='syslog', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='syslog', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source', name='network', preference='100'
Registering candidate plugin; module='afsocket-tls', context='destination', name='network', preference='100'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket'
Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100'
Registering candidate plugin; module='afsocket', context='source', name='network', preference='100'
Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp'
Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser'
Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs'
Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0'
Registering candidate plugin; module='basicfuncs', context='template-func', name='env', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0'
Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser'
Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser'
Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so', module='linux-kmsg-format'
Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='syslogformat.so', module='syslogformat'
Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0'
Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='system-source.so', module='system-source'
Reading shared object for a candidate module; path='//usr/lib64/syslog-ng', fname='afsql.so', module='afsql'
Registering candidate plugin; module='afsql', context='destination', name='sql', preference='0'
Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
Module loaded and initialized successfully; module='confgen'
Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
Module loaded and initialized successfully; module='afsocket-tls'
Module loaded and initialized successfully; module='affile'
Finishing include; content='source confgen system', depth='1'
Module loaded and initialized successfully; module='afuser'
Module loaded and initialized successfully; module='afsql'
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling s_sys sequence [source] at [/etc/syslog-ng/syslog-ng.conf:2]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:2]
        Compiling #unnamed single [log] at [#buffer:1:1]
        Compiling #unnamed single [log] at [#buffer:2:1]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:2]
  Compiling f_kernel reference [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling f_kernel sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_kern reference [destination] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling d_kern sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling f_default reference [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling f_default sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_mesg reference [destination] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling d_mesg sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling f_auth reference [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling f_auth sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_auth reference [destination] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling d_auth sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling f_mail reference [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling f_mail sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_mail reference [destination] at [/etc/syslog-ng/syslog-ng.conf:5]
    Compiling d_mail sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling f_emergency reference [filter] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling f_emergency sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_mlal reference [destination] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling d_mlal sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling f_news reference [filter] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling f_news sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:4]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:4]
  Compiling d_spol reference [destination] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling d_spol sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling f_boot reference [filter] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling f_boot sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling d_boot reference [destination] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling d_boot sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling s_sys reference [source] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling f_cron reference [filter] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling f_cron sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:5]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:5]
  Compiling d_cron reference [destination] at [/etc/syslog-ng/syslog-ng.conf:6]
    Compiling d_cron sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:3]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:3]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:9]
  Compiling s_mysql reference [source] at [/etc/syslog-ng/syslog-ng.conf:9]
    Compiling s_mysql sequence [source] at [/etc/syslog-ng/syslog-ng.conf:6]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:6]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:6]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:6]
  Compiling f_level reference [filter] at [/etc/syslog-ng/syslog-ng.conf:9]
    Compiling f_level sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:9]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:9]
  Compiling d_mysql reference [destination] at [/etc/syslog-ng/syslog-ng.conf:9]
    Compiling d_mysql sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:7]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:7]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:7]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:1]
  Compiling s_mysql reference [source] at [/etc/syslog-ng/syslog-ng.conf:1]
  Compiling f_level reference [filter] at [/etc/syslog-ng/syslog-ng.conf:1]
    Compiling f_level sequence [filter] at [/etc/syslog-ng/syslog-ng.conf:9]
      Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:9]
  Compiling d_file reference [destination] at [/etc/syslog-ng/syslog-ng.conf:1]
    Compiling d_file sequence [destination] at [/etc/syslog-ng/syslog-ng.conf:8]
      Compiling #unnamed junction [log] at [/etc/syslog-ng/syslog-ng.conf:8]
        Compiling #unnamed single [log] at [/etc/syslog-ng/syslog-ng.conf:8]
Module loaded and initialized successfully; module='syslogformat'
Module loaded and initialized successfully; module='linux-kmsg-format'
Database thread started; driver='d_mysql#0'
Running application hooks; hook='1'
Running application hooks; hook='3'
syslog-ng starting up; version='3.5.6'

[Kokan]

Via checking the log you provided I see that syslog-ng could start via this way.
Also you pointed out that if you comment out the tcp, udp source from configuration it can start correctly.

With similar reports the two most common issue I saw are the following:

• the 514 port require you to have root access (or sufficient capabilities for the process)
  does the syslog-ng is started with enough right to open these ports
  • is it running as root ?
    • if yes, try using --no-caps as an option for syslog-ng binary
• are there any other process licesnning on those ports when syslog-ng is started ?

Could you please verify if either of them can fix your issue ?

[devvace]

I think tcp, udp source is not the problem, destination(d_mysql) is the problem.
because, this is works well.

log {
        source(s_mysql);
        filter(f_level);
        destination(d_file);
};

• is it running as root ?
  yes, this is run as root.
  Even without the --no-caps option, syslog-ng seems to work find if i run it as a binary.

[root@localhost log]# /usr/sbin/syslog-ng
[root@localhost log]# netstat -ntlp | grep :514
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      1643/syslog-ng

• are there any other process licesnning on those ports when syslog-ng is started ?
  no, I tried using the command like this netstat -ntlp | grep :514, there was no result.
  hmm... why does it work when run as binary but not work when run as systemctl...?

[root@localhost ~]# systemctl start syslog-ng
Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details.
[root@localhost ~]# netstat -ntlp | grep :514
[root@localhost ~]#

still systemctl does not work...

[Kokan]

There should not be much of a differences, can you show us your systemd service file for syslog-ng ?
Also getting the syslog-ng logs when systemd tries to start would be nice. (The one in your first post does not really show syslog-ng logs, but systemd logs about handling a its service.)

[devvace]

systemd service file:

[root@localhost 08]# vim /lib/systemd/system/syslog-ng.service
[Unit]
Description=System Logger Daemon
Documentation=man:syslog-ng(8)

[Service]
Type=notify
Sockets=syslog.socket
ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=syslog.service

i'm not modified it.

hmm.. where can i see the syslog-ng logs?

[Kokan]

The journalctl should have listed them. Maybe you can add the -Fdev option in your service file as well for current debugging purpose. If possible also try removing the StandardOutput=null line, that may throw away logs from syslog-ng.

[devvace]

Removing the StandardOutput=null line, and restarted syslog-ng using systemd.

[root@localhost syslog-ng]# systemctl restart syslog-ng
Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details.

I used journalctl to view the logs.

[root@localhost syslog-ng]# journalctl -f
8월 27 17:36:09 localhost.localdomain polkitd[789]: Registered Authentication Agent for unix-process:2936:2632642 (system bus name :1.51 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale ko_KR.UTF-8)
 8월 27 17:36:09 localhost.localdomain systemd[1]: Listening on Syslog Socket.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Starting Syslog Socket.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 27 17:36:09 localhost.localdomain syslog-ng[2942]: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 8월 27 17:36:09 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 27 17:36:09 localhost.localdomain polkitd[789]: Unregistered Authentication Agent for unix-process:2936:2632642 (system bus name :1.51, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale ko_KR.UTF-8) (disconnected from bus)
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 27 17:36:09 localhost.localdomain syslog-ng[2944]: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 8월 27 17:36:09 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 27 17:36:09 localhost.localdomain syslog-ng[2946]: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 8월 27 17:36:09 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 27 17:36:09 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 27 17:36:09 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 27 17:36:10 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 27 17:36:10 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 27 17:36:10 localhost.localdomain syslog-ng[2948]: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
 8월 27 17:36:10 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 8월 27 17:36:10 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 8월 27 17:36:10 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 8월 27 17:36:10 localhost.localdomain systemd[1]: syslog-ng.service failed.
 8월 27 17:36:10 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 8월 27 17:36:10 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 8월 27 17:36:10 localhost.localdomain syslog-ng[2950]: Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
 8월 27 17:36:10 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE

a new error has occurred.
...Permission denied!

[root@localhost syslog-ng]# ls -l /etc/syslog-ng/syslog-ng.conf
-rw-r--r--. 1 root root 3208  8월 21 17:50 /etc/syslog-ng/syslog-ng.conf

What should I do..?

[Kokan]

By default if capabilities are supported on the system that could cause issue (note that is likely still an issue in code). But disabling caps is possible and should resolve this issue: syslog-ng ... --no-caps.

[devvace]

I tried to modify the following line:

...
ExecStart=/usr/sbin/syslog-ng --no-caps -F -p /var/run/syslogd.pid
...

I wonder if I am doing well...
still not fixed. 😞

[devvace]

Should I manage the syslog-ng service using bash shell instead of systemd?

[Kokan]

Nah systemd and syslog-ng are usually friends, and can work together. At this point I woud try to see if strace is any help, as the permission issue (I assume with --no-caps you still got permission issue) is strange to have here.

Also it would be nice if I could reproduces this issue locally, can you describe what distro/os are you using? And where/how you obtained the syslog-ng binary ?

[Kokan]

Oh I see you shared that it is a centos. I'll try to spin up one, do you have any customisation on that ?

[MrAnno]

@DAEWOONPARK Did you run systemctl daemon-reload after adding --no-caps to the systemd service file?

[devvace]

Oh I see you shared that it is a centos. I'll try to spin up one, do you have any customisation on that ?

sorry, I don't understand exactly about customisation.
My understanding is that I didn't customize CentOS.

As you say, i used centos7.4 and kernel version is 3.10.0-693.el7.x86_64
Thank you for your efforts!

[devvace]

@DAEWOONPARK Did you run systemctl daemon-reload after adding --no-caps to the systemd service file?

Thank you for reply!

yes, of course!
if the config file is modified, following warning appears:

Warning: syslog-ng.service changed on disk. Run `systemctl daemon-reload` to reload units.
...

[bazsi]

syslog-ng got a permission denied error when opening /var/lib/syslog-ng Check permissions of the directory.

…

On Tue, Sep 8, 2020, 01:52 Paul Lee ***@***.***> wrote: Hi, I am having a similar issue with Ubuntu 18.04.4 when I install it from apt install. Any ideas? Cheers Paul syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted' [2020-09-08T11:35:54.213739] Unable to detect fully qualified hostname for localhost, use_fqdn() will use the short hostname; [2020-09-08T11:35:54.214592] Systemd is detected as the running init system; [2020-09-08T11:35:54.214901] Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)' [2020-09-08T11:35:54.215312] Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1' [2020-09-08T11:35:54.216211] Adding include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2020-09-08T11:35:54.216236] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2020-09-08T11:35:54.216254] Adding include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2020-09-08T11:35:54.216271] Adding include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2020-09-08T11:35:54.216289] Adding include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2020-09-08T11:35:54.216308] Adding include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2020-09-08T11:35:54.216327] Adding include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2020-09-08T11:35:54.216348] Adding include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2020-09-08T11:35:54.216366] Adding include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2020-09-08T11:35:54.216385] Adding include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2020-09-08T11:35:54.216402] Adding include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2020-09-08T11:35:54.216420] Adding include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2020-09-08T11:35:54.216437] Adding include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2020-09-08T11:35:54.216454] Adding include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2020-09-08T11:35:54.216472] Adding include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2020-09-08T11:35:54.216490] Adding include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2020-09-08T11:35:54.216507] Adding include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2020-09-08T11:35:54.216525] Adding include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2020-09-08T11:35:54.216542] Adding include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2020-09-08T11:35:54.216560] Adding include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2020-09-08T11:35:54.216577] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2020-09-08T11:35:54.216594] Adding include file; filename='/usr/share/syslog-ng/include/scl/system/tty10.conf', depth='2' [2020-09-08T11:35:54.216612] Adding include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2020-09-08T11:35:54.216644] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2020-09-08T11:35:54.228306] Registering candidate plugin; module='tfgetent', context='template-func', name='getent' [2020-09-08T11:35:54.228343] Registering candidate plugin; module='json-plugin', context='parser', name='json-parser' [2020-09-08T11:35:54.228348] Registering candidate plugin; module='json-plugin', context='template-func', name='format_json' [2020-09-08T11:35:54.228352] Registering candidate plugin; module='geoip-plugin', context='parser', name='geoip' [2020-09-08T11:35:54.228356] Registering candidate plugin; module='geoip-plugin', context='template-func', name='geoip' [2020-09-08T11:35:54.228361] Registering candidate plugin; module='riemann', context='destination', name='riemann' [2020-09-08T11:35:54.228366] Registering candidate plugin; module='snmptrapd-parser', context='parser', name='snmptrapd-parser' [2020-09-08T11:35:54.228370] Registering candidate plugin; module='basicfuncs', context='template-func', name='grep' [2020-09-08T11:35:54.228374] Registering candidate plugin; module='basicfuncs', context='template-func', name='if' [2020-09-08T11:35:54.228379] Registering candidate plugin; module='basicfuncs', context='template-func', name='or' [2020-09-08T11:35:54.228383] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-lookup' [2020-09-08T11:35:54.228387] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length' [2020-09-08T11:35:54.228392] Registering candidate plugin; module='basicfuncs', context='template-func', name='context-values' [2020-09-08T11:35:54.228396] Registering candidate plugin; module='basicfuncs', context='template-func', name='echo' [2020-09-08T11:35:54.228400] Registering candidate plugin; module='basicfuncs', context='template-func', name='length' [2020-09-08T11:35:54.228403] Registering candidate plugin; module='basicfuncs', context='template-func', name='substr' [2020-09-08T11:35:54.228407] Registering candidate plugin; module='basicfuncs', context='template-func', name='strip' [2020-09-08T11:35:54.228411] Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize' [2020-09-08T11:35:54.228415] Registering candidate plugin; module='basicfuncs', context='template-func', name='lowercase' [2020-09-08T11:35:54.228419] Registering candidate plugin; module='basicfuncs', context='template-func', name='uppercase' [2020-09-08T11:35:54.228423] Registering candidate plugin; module='basicfuncs', context='template-func', name='replace-delimiter' [2020-09-08T11:35:54.228427] Registering candidate plugin; module='basicfuncs', context='template-func', name='padding' [2020-09-08T11:35:54.228431] Registering candidate plugin; module='basicfuncs', context='template-func', name='binary' [2020-09-08T11:35:54.228435] Registering candidate plugin; module='basicfuncs', context='template-func', name='dirname' [2020-09-08T11:35:54.228439] Registering candidate plugin; module='basicfuncs', context='template-func', name='basename' [2020-09-08T11:35:54.228442] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-concat' [2020-09-08T11:35:54.228446] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-head' [2020-09-08T11:35:54.228450] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-nth' [2020-09-08T11:35:54.228455] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-tail' [2020-09-08T11:35:54.228462] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-slice' [2020-09-08T11:35:54.228466] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-count' [2020-09-08T11:35:54.228470] Registering candidate plugin; module='basicfuncs', context='template-func', name='list-append' [2020-09-08T11:35:54.228474] Registering candidate plugin; module='basicfuncs', context='template-func', name='+' [2020-09-08T11:35:54.228478] Registering candidate plugin; module='basicfuncs', context='template-func', name='-' [2020-09-08T11:35:54.228481] Registering candidate plugin; module='basicfuncs', context='template-func', name='*' [2020-09-08T11:35:54.228492] Registering candidate plugin; module='basicfuncs', context='template-func', name='/' [2020-09-08T11:35:54.228495] Registering candidate plugin; module='basicfuncs', context='template-func', name='%' [2020-09-08T11:35:54.228497] Registering candidate plugin; module='basicfuncs', context='template-func', name='sum' [2020-09-08T11:35:54.228499] Registering candidate plugin; module='basicfuncs', context='template-func', name='min' [2020-09-08T11:35:54.228521] Registering candidate plugin; module='basicfuncs', context='template-func', name='max' [2020-09-08T11:35:54.228523] Registering candidate plugin; module='basicfuncs', context='template-func', name='average' [2020-09-08T11:35:54.228525] Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int' [2020-09-08T11:35:54.228554] Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line' [2020-09-08T11:35:54.228558] Registering candidate plugin; module='basicfuncs', context='template-func', name='env' [2020-09-08T11:35:54.228561] Registering candidate plugin; module='basicfuncs', context='template-func', name='template' [2020-09-08T11:35:54.228564] Registering candidate plugin; module='afprog', context='source', name='program' [2020-09-08T11:35:54.228595] Registering candidate plugin; module='afprog', context='destination', name='program' [2020-09-08T11:35:54.228598] Registering candidate plugin; module='affile', context='source', name='file' [2020-09-08T11:35:54.228601] Registering candidate plugin; module='affile', context='source', name='pipe' [2020-09-08T11:35:54.228603] Registering candidate plugin; module='affile', context='source', name='wildcard_file' [2020-09-08T11:35:54.228606] Registering candidate plugin; module='affile', context='source', name='stdin' [2020-09-08T11:35:54.228609] Registering candidate plugin; module='affile', context='destination', name='file' [2020-09-08T11:35:54.228612] Registering candidate plugin; module='affile', context='destination', name='pipe' [2020-09-08T11:35:54.228617] Registering candidate plugin; module='system-source', context='source', name='system' [2020-09-08T11:35:54.228621] Registering candidate plugin; module='tags-parser', context='parser', name='tags-parser' [2020-09-08T11:35:54.228650] Registering candidate plugin; module='appmodel', context='root', name='application' [2020-09-08T11:35:54.228654] Registering candidate plugin; module='appmodel', context='parser', name='app-parser' [2020-09-08T11:35:54.228658] Registering candidate plugin; module='csvparser', context='parser', name='csv-parser' [2020-09-08T11:35:54.228662] Registering candidate plugin; module='redis', context='destination', name='redis' [2020-09-08T11:35:54.228666] Registering candidate plugin; module='syslogformat', context='format', name='syslog' [2020-09-08T11:35:54.228670] Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser' [2020-09-08T11:35:54.228674] Registering candidate plugin; module='add-contextual-data', context='parser', name='add_contextual_data' [2020-09-08T11:35:54.228678] Registering candidate plugin; module='kvformat', context='parser', name='kv-parser' [2020-09-08T11:35:54.228682] Registering candidate plugin; module='kvformat', context='parser', name='linux-audit-parser' [2020-09-08T11:35:54.228686] Registering candidate plugin; module='kvformat', context='template-func', name='format-welf' [2020-09-08T11:35:54.228690] Registering candidate plugin; module='stardate', context='template-func', name='stardate' [2020-09-08T11:35:54.228694] Registering candidate plugin; module='graphite', context='template-func', name='graphite_output' [2020-09-08T11:35:54.228698] Registering candidate plugin; module='sdjournal', context='source', name='systemd-journal' [2020-09-08T11:35:54.228702] Registering candidate plugin; module='afuser', context='destination', name='usertty' [2020-09-08T11:35:54.228706] Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid' [2020-09-08T11:35:54.228710] Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash' [2020-09-08T11:35:54.228714] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1' [2020-09-08T11:35:54.228718] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256' [2020-09-08T11:35:54.228722] Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512' [2020-09-08T11:35:54.228726] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4' [2020-09-08T11:35:54.228730] Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5' [2020-09-08T11:35:54.228750] Registering candidate plugin; module='afsocket', context='source', name='unix-stream' [2020-09-08T11:35:54.228754] Registering candidate plugin; module='afsocket', context='destination', name='unix-stream' [2020-09-08T11:35:54.228760] Registering candidate plugin; module='afsocket', context='source', name='unix-dgram' [2020-09-08T11:35:54.228764] Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram' [2020-09-08T11:35:54.228769] Registering candidate plugin; module='afsocket', context='source', name='tcp' [2020-09-08T11:35:54.228772] Registering candidate plugin; module='afsocket', context='destination', name='tcp' [2020-09-08T11:35:54.228776] Registering candidate plugin; module='afsocket', context='source', name='tcp6' [2020-09-08T11:35:54.228780] Registering candidate plugin; module='afsocket', context='destination', name='tcp6' [2020-09-08T11:35:54.228784] Registering candidate plugin; module='afsocket', context='source', name='udp' [2020-09-08T11:35:54.228788] Registering candidate plugin; module='afsocket', context='destination', name='udp' [2020-09-08T11:35:54.228792] Registering candidate plugin; module='afsocket', context='source', name='udp6' [2020-09-08T11:35:54.228796] Registering candidate plugin; module='afsocket', context='destination', name='udp6' [2020-09-08T11:35:54.228800] Registering candidate plugin; module='afsocket', context='source', name='syslog' [2020-09-08T11:35:54.228805] Registering candidate plugin; module='afsocket', context='destination', name='syslog' [2020-09-08T11:35:54.228809] Registering candidate plugin; module='afsocket', context='source', name='network' [2020-09-08T11:35:54.228813] Registering candidate plugin; module='afsocket', context='destination', name='network' [2020-09-08T11:35:54.228817] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog' [2020-09-08T11:35:54.228820] Registering candidate plugin; module='afamqp', context='destination', name='amqp' [2020-09-08T11:35:54.228824] Registering candidate plugin; module='disk-buffer', context='inner-dest', name='disk_buffer' [2020-09-08T11:35:54.228829] Registering candidate plugin; module='cef', context='template-func', name='format-cef-extension' [2020-09-08T11:35:54.228833] Registering candidate plugin; module='afstomp', context='destination', name='stomp' [2020-09-08T11:35:54.228836] Registering candidate plugin; module='date', context='parser', name='date-parser' [2020-09-08T11:35:54.228841] Registering candidate plugin; module='map-value-pairs', context='parser', name='map_value_pairs' [2020-09-08T11:35:54.228844] Registering candidate plugin; module='afsql', context='destination', name='sql' [2020-09-08T11:35:54.228848] Registering candidate plugin; module='afsmtp', context='destination', name='smtp' [2020-09-08T11:35:54.228852] Registering candidate plugin; module='xml', context='parser', name='xml' [2020-09-08T11:35:54.228856] Registering candidate plugin; module='mod-python', context='destination', name='python' [2020-09-08T11:35:54.228860] Registering candidate plugin; module='mod-python', context='root', name='python' [2020-09-08T11:35:54.228864] Registering candidate plugin; module='mod-python', context='parser', name='python' [2020-09-08T11:35:54.228868] Registering candidate plugin; module='mod-python', context='template-func', name='python' [2020-09-08T11:35:54.228872] Registering candidate plugin; module='afmongodb', context='destination', name='mongodb' [2020-09-08T11:35:54.228876] Registering candidate plugin; module='linux-kmsg-format', context='format', name='linux-kmsg' [2020-09-08T11:35:54.228880] Registering candidate plugin; module='dbparser', context='parser', name='db-parser' [2020-09-08T11:35:54.228884] Registering candidate plugin; module='dbparser', context='parser', name='grouping-by' [2020-09-08T11:35:54.228890] Registering candidate plugin; module='pseudofile', context='destination', name='pseudofile' [2020-09-08T11:35:54.228949] Finishing include; filename='/usr/share/syslog-ng/include/scl/apache/apache.conf', depth='2' [2020-09-08T11:35:54.228962] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2020-09-08T11:35:54.229066] Module loaded and initialized successfully; module='appmodel' [2020-09-08T11:35:54.229092] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/adapter.conf', depth='2' [2020-09-08T11:35:54.229100] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2020-09-08T11:35:54.229237] Module loaded and initialized successfully; module='json-plugin' [2020-09-08T11:35:54.229322] Finishing include; filename='/usr/share/syslog-ng/include/scl/cim/template.conf', depth='2' [2020-09-08T11:35:54.229332] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2020-09-08T11:35:54.229435] Finishing include; filename='/usr/share/syslog-ng/include/scl/cisco/plugin.conf', depth='2' [2020-09-08T11:35:54.229444] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2020-09-08T11:35:54.229501] Finishing include; filename='/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf', depth='2' [2020-09-08T11:35:54.229509] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2020-09-08T11:35:54.229709] Finishing include; filename='/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf', depth='2' [2020-09-08T11:35:54.229718] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2020-09-08T11:35:54.229759] Finishing include; filename='/usr/share/syslog-ng/include/scl/graphite/plugin.conf', depth='2' [2020-09-08T11:35:54.229766] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2020-09-08T11:35:54.229901] Module loaded and initialized successfully; module='basicfuncs' [2020-09-08T11:35:54.229926] Finishing include; filename='/usr/share/syslog-ng/include/scl/graylog2/plugin.conf', depth='2' [2020-09-08T11:35:54.229934] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2020-09-08T11:35:54.229982] Finishing include; filename='/usr/share/syslog-ng/include/scl/iptables/iptables.conf', depth='2' [2020-09-08T11:35:54.229990] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2020-09-08T11:35:54.230083] Module loaded and initialized successfully; module='confgen' [2020-09-08T11:35:54.230102] Finishing include; filename='/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf', depth='2' [2020-09-08T11:35:54.230111] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2020-09-08T11:35:54.230169] Finishing include; filename='/usr/share/syslog-ng/include/scl/loggly/loggly.conf', depth='2' [2020-09-08T11:35:54.230177] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2020-09-08T11:35:54.230229] Finishing include; filename='/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf', depth='2' [2020-09-08T11:35:54.230237] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2020-09-08T11:35:54.230267] Finishing include; filename='/usr/share/syslog-ng/include/scl/mbox/mbox.conf', depth='2' [2020-09-08T11:35:54.230273] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2020-09-08T11:35:54.230309] Finishing include; filename='/usr/share/syslog-ng/include/scl/nodejs/plugin.conf', depth='2' [2020-09-08T11:35:54.230316] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2020-09-08T11:35:54.230378] Finishing include; filename='/usr/share/syslog-ng/include/scl/osquery/plugin.conf', depth='2' [2020-09-08T11:35:54.230385] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2020-09-08T11:35:54.230431] Global value changed; define='balabit.credit-card-regexp', value='(:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35d{3})d{11})' [2020-09-08T11:35:54.230458] Finishing include; filename='/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf', depth='2' [2020-09-08T11:35:54.230465] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2020-09-08T11:35:54.230504] Finishing include; filename='/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf', depth='2' [2020-09-08T11:35:54.230511] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2020-09-08T11:35:54.230546] Finishing include; filename='/usr/share/syslog-ng/include/scl/solaris/plugin.conf', depth='2' [2020-09-08T11:35:54.230553] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2020-09-08T11:35:54.230598] Finishing include; filename='/usr/share/syslog-ng/include/scl/sudo/sudo.conf', depth='2' [2020-09-08T11:35:54.230605] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2020-09-08T11:35:54.230651] Module loaded and initialized successfully; module='confgen' [2020-09-08T11:35:54.230664] Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2' [2020-09-08T11:35:54.230674] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2020-09-08T11:35:54.230766] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2' [2020-09-08T11:35:54.230772] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/tty10.conf', depth='2' [2020-09-08T11:35:54.230780] Global value changed; define='tty10', value='/dev/tty10' [2020-09-08T11:35:54.230816] Finishing include; filename='/usr/share/syslog-ng/include/scl/system/tty10.conf', depth='2' [2020-09-08T11:35:54.230840] Starting to read include file; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2020-09-08T11:35:54.230903] Finishing include; filename='/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf', depth='2' [2020-09-08T11:35:54.230909] Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1' [2020-09-08T11:35:54.231232] Module loaded and initialized successfully; module='system-source' [2020-09-08T11:35:54.231304] Module loaded and initialized successfully; module='sdjournal' [2020-09-08T11:35:54.231350] Finishing include; content='parser generator app-parser', depth='2' [2020-09-08T11:35:54.231508] Module loaded and initialized successfully; module='kvformat' [2020-09-08T11:35:54.231521] Finishing include; content='parser generator iptables-parser', depth='3' [2020-09-08T11:35:54.231668] Module loaded and initialized successfully; module='csvparser' [2020-09-08T11:35:54.231708] Finishing include; content='parser generator sudo-parser', depth='3' [2020-09-08T11:35:54.231725] Finishing include; content='parser generator app-parser', depth='2' [2020-09-08T11:35:54.231743] Finishing include; content='source generator system', depth='1' [2020-09-08T11:35:54.231843] Module loaded and initialized successfully; module='affile' [2020-09-08T11:35:54.232093] Module loaded and initialized successfully; module='afuser' [2020-09-08T11:35:54.232343] Module loaded and initialized successfully; module='afsocket' [2020-09-08T11:35:54.233279] Error creating persistent state file; filename='/var/lib/syslog-ng/syslog-ng.persist-', error='Permission denied (13)' — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#3402 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFOK5QUD7RJ4W6RWIJ3JXLSEVW5NANCNFSM4QLOMAUA> .

[gaborznagy]

Hi @DAEWOONPARK

Did you manage to fix the permission error? I'm a bit confused about the last comments, sorry. :)

[devvace]

Hi @DAEWOONPARK

Did you manage to fix the permission error? I'm a bit confused about the last comments, sorry. :)

Hi!
No I couldn't fix it...
The cause was that StandardOutput=null, so I didn't clear it.

[gaborznagy]

Can you show us the latest journalctl output regarding the issue among with the current state of the systemd service file, please?

[devvace]

Can you show us the latest journalctl output regarding the issue among with the current state of the systemd service file, please?

Yes,
syslog-ng.service file is

[Unit]
Description=System Logger Daemon
Documentation=man:syslog-ng(8)

[Service]
Type=notify
Sockets=syslog.socket
ExecStart=/usr/sbin/syslog-ng --no-caps -F -p /var/run/syslogd.pid
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=syslog.service

and i used this command: # journalctl -r -u syslog-ng
result is

-- Logs begin at 화 2020-09-15 11:18:07 KST, end at 화 2020-09-15 11:23:40 KST. --
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:40 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:40 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:40 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:40 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:40 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:40 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:40 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 9월 15 11:23:40 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 9월 15 11:23:40 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 9월 15 11:23:39 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 9월 15 11:23:39 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 9월 15 11:23:39 localhost.localdomain systemd[1]: Starting System Logger Daemon...
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service failed.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
 9월 15 11:23:39 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
 9월 15 11:23:39 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=1/FAILURE
 9월 15 11:23:39 localhost.localdomain systemd[1]: Starting System Logger Daemon...

[gaborznagy]

Hi,

I've quickly setup a vagrant environment with centos7 v1803.1 (centos 7.4).
I've added EPEL repo, and installed syslog-ng from EPEL (syslog-ng version 3.5.6).
Then, I've started syslog-ng as a service, and it started (systemctl start syslog).

Only after this I've stopped the system-default syslog service rsyslog (systemctl stop rsyslog). Duplicates of log entries ceased.
I've experimented with introducing error into the configuration: I've renamed f_default filter to f_defaulty, so syslog-ng won't start up.

After restarting syslog-ng systemctl restart syslog-ng, journalctl won't show the reason of error, but show the status:

[vagrant@localhost ~]$ sudo journalctl -fu syslog-ng
-- Logs begin at Tue 2020-09-15 08:08:53 UTC. --
Sep 15 08:21:02 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Sep 15 08:21:02 localhost.localdomain systemd[1]: syslog-ng.service failed.
Sep 15 08:21:02 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Sep 15 08:21:02 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Sep 15 08:21:02 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Sep 15 08:21:02 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Sep 15 08:21:02 localhost.localdomain systemd[1]: syslog-ng.service failed.
Sep 15 08:21:02 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Sep 15 08:21:02 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Sep 15 08:21:02 localhost.localdomain systemd[1]: syslog-ng.service failed.

Based on the service file (mine is the same as your first version, WITHOUT --no-caps), syslog-ng doesn't send it's internal logs to journal.
The configured file destination for internal() logs is /var/log/messages, and I've taken a look:
That's just a summary how did I debug syslog-ng issues.

I've recently setup a mariadb server on this VM, configured syslog-ng, and I can successfully reproduce this issue.
I can send logs into mysql if syslog-ng started in the foreground (syslog-ng -Fedv), but cannot startup with systemctl start syslog-ng.
I'll look into it soon.

[gaborznagy]

Okay, the culprit is SELinux, it's not about sql() destination. The problem is still with the network sources.

You can check if SELinux is enabled (by default it is) with getenforce. If you don't need SELinux, you can temporarily disable it with setenforce 0 which puts SELinux into "Permissive" mode, printing only warnings and not enforcing security policies.
You can check SELinux logs, under /var/log/audit/audit.log.
If you need to disable SELinux permanently, you can do that in the /etc/sysconfig/selinux config file, which takes effect after a reload.

If you would like to configure SELinux policies, we made a blog post for tutorial, with reference to detailed documentations:
https://www.syslog-ng.com/community/b/blog/posts/using-syslog-ng-with-selinux-in-enforcing-mode

[devvace]

Awesome!
SELinux was the problem.
I used the setenforce 0 command and now it works.

I need to look into the SELinux policies by reffering to the link you gave me.
Thank you so much for your help!

[thiva-12]

sources

source s_local {
internal();
system();
monitoring_welf();
};

source s_snet {
udp(ip("192.168.19.130") port(514));
};

source s_snet_tcp {
tcp(ip("192.168.19.130") port(514));
};

destination d_messages {
file("/var/log/messages");
};
destination d_file {
file("/data/test.log" );
};
destination d_errors {
file("/data/errors.log");
};

filter error_filter {
match message("error");
};

log {
source(s_local);
filter(error_filter);
destination(d_messages);
destination(d_errors);
};

log {
source(s_snet);
destination(d_file);
};

log {
source(s_snet_tcp);
destination(d_file);
};

Job for syslog-ng.service failed because the control process exited with error code.
See "systemctl status syslog-ng.service" and "journalctl -xe" for details.

What should i do im gettinng this error

[czanik]

@thiva-12 monitoring_welf(); is only available in syslog-ng PE. GitHub issues is for open source users. If you use PE, contact One Identity support, or read the documentation at https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.34/administration-guide/105#TOPIC-2121287