Hi all,
I am trying to configure syslog-ng on Centos7 as I stated on topic. But I can only get internal logs and it seems like I am not able to get the internal logs completely let alone external logs which is my intention by the way. Can you please guide me through the configuration.
Thanks,
Özlem
Configuring Syslog-ng on Centos7
Re: Configuring Syslog-ng on Centos7
We don't ship syslog-ng so the number of people using it may be quite low here. We ship rsyslog. You might want to try your question in a location where more syslog-ng users hang out.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Configuring Syslog-ng on Centos7
You can use syslog-ng from EPEL, but that's ancient.
Version 3.23 is the current version. You can install that from my Copr repo: https://copr.fedorainfracloud.org/coprs ... slog-ng323 This version has full Journal support, so it can collect any local messages.
For remote messages both SELinux and the firewall can pose restrictions on syslog-ng. Instead of simply disabling them check my blog how to live with them: https://www.syslog-ng.com/community/b/b ... rcing-mode
Version 3.23 is the current version. You can install that from my Copr repo: https://copr.fedorainfracloud.org/coprs ... slog-ng323 This version has full Journal support, so it can collect any local messages.
For remote messages both SELinux and the firewall can pose restrictions on syslog-ng. Instead of simply disabling them check my blog how to live with them: https://www.syslog-ng.com/community/b/b ... rcing-mode
Re: Configuring Syslog-ng on Centos7
Hello,
Thanks for the feedback. I installed version 3.23 as you said, but there are some error logs. syslog-ng --version command gives:
syslog-ng 3 (3.23.1)
Config version: 3.23
Installer-Version: 3.23.1
Revision:
Compile-Date: Sep 2 2019 12:00:01
Module-Directory: /usr/lib64/syslog-ng
Module-Path: /usr/lib64/syslog-ng
Include-Path: /usr/share/syslog-ng/include
Error opening plugin module; module='mod-java', error='libjvm.so: cannot open shared object file: No such file or directory'
Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,dbparser,disk-buffer,examples,graphite,hook-commands,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,sdjournal,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,tfgetent,xml
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on
and with "systemctl status syslog-ng -l" I get the output :
syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Pzt 2019-09-09 10:54:19 +03; 2h 46min ago
Docs: man:syslog-ng(8)
Main PID: 23702 (syslog-ng)
Tasks: 2
CGroup: /system.slice/syslog-ng.service
└─23702 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
Eyl 09 10:54:19 telco systemd[1]: Starting System Logger Daemon...
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.718407] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.720740] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.721192] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.725045] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Eyl 09 10:54:19 telco systemd[1]: Started System Logger Daemon.
Can you help me with this please?
Thanks!
Thanks for the feedback. I installed version 3.23 as you said, but there are some error logs. syslog-ng --version command gives:
syslog-ng 3 (3.23.1)
Config version: 3.23
Installer-Version: 3.23.1
Revision:
Compile-Date: Sep 2 2019 12:00:01
Module-Directory: /usr/lib64/syslog-ng
Module-Path: /usr/lib64/syslog-ng
Include-Path: /usr/share/syslog-ng/include
Error opening plugin module; module='mod-java', error='libjvm.so: cannot open shared object file: No such file or directory'
Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,dbparser,disk-buffer,examples,graphite,hook-commands,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,sdjournal,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,tfgetent,xml
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on
and with "systemctl status syslog-ng -l" I get the output :
syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Pzt 2019-09-09 10:54:19 +03; 2h 46min ago
Docs: man:syslog-ng(8)
Main PID: 23702 (syslog-ng)
Tasks: 2
CGroup: /system.slice/syslog-ng.service
└─23702 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
Eyl 09 10:54:19 telco systemd[1]: Starting System Logger Daemon...
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.718407] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.720740] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.721192] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.725045] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Eyl 09 10:54:19 telco systemd[1]: Started System Logger Daemon.
Can you help me with this please?
Thanks!
Re: Configuring Syslog-ng on Centos7
None of these should affect you in any way:
- if you don't use a Java-based destination you can delete syslog-ng-java (the libjvm.so message comes from this module). Otherwise make sure that libjvm.so is available to syslog-ng.
- syslog-ng-http is not installed, but referred to from configurations. Ignore these or install syslog-ng-http
- you can silence the last one by adding dns-cache(no) to the options section of your config
- if you don't use a Java-based destination you can delete syslog-ng-java (the libjvm.so message comes from this module). Otherwise make sure that libjvm.so is available to syslog-ng.
- syslog-ng-http is not installed, but referred to from configurations. Ignore these or install syslog-ng-http
- you can silence the last one by adding dns-cache(no) to the options section of your config
Re: Configuring Syslog-ng on Centos7
installing syslog-ng-http and exporting libjvm worked for the case.
Thank you.
Thank you.