Page 1 of 1

Configuring Syslog-ng on Centos7

Posted: 2019/09/03 12:03:05
by celikozl
Hi all,

I am trying to configure syslog-ng on Centos7 as I stated on topic. But I can only get internal logs and it seems like I am not able to get the internal logs completely let alone external logs which is my intention by the way. Can you please guide me through the configuration.

Thanks,
Özlem

Re: Configuring Syslog-ng on Centos7

Posted: 2019/09/03 13:11:10
by TrevorH
We don't ship syslog-ng so the number of people using it may be quite low here. We ship rsyslog. You might want to try your question in a location where more syslog-ng users hang out.

Re: Configuring Syslog-ng on Centos7

Posted: 2019/09/03 13:29:44
by czanik
You can use syslog-ng from EPEL, but that's ancient.

Version 3.23 is the current version. You can install that from my Copr repo: https://copr.fedorainfracloud.org/coprs ... slog-ng323 This version has full Journal support, so it can collect any local messages.

For remote messages both SELinux and the firewall can pose restrictions on syslog-ng. Instead of simply disabling them check my blog how to live with them: https://www.syslog-ng.com/community/b/b ... rcing-mode

Re: Configuring Syslog-ng on Centos7

Posted: 2019/09/09 10:42:24
by celikozl
Hello,
Thanks for the feedback. I installed version 3.23 as you said, but there are some error logs. syslog-ng --version command gives:

syslog-ng 3 (3.23.1)
Config version: 3.23
Installer-Version: 3.23.1
Revision:
Compile-Date: Sep 2 2019 12:00:01
Module-Directory: /usr/lib64/syslog-ng
Module-Path: /usr/lib64/syslog-ng
Include-Path: /usr/share/syslog-ng/include
Error opening plugin module; module='mod-java', error='libjvm.so: cannot open shared object file: No such file or directory'
Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,basicfuncs,cef,confgen,cryptofuncs,csvparser,date,dbparser,disk-buffer,examples,graphite,hook-commands,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pseudofile,sdjournal,snmptrapd-parser,stardate,syslogformat,system-source,tags-parser,tfgetent,xml
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on

and with "systemctl status syslog-ng -l" I get the output :

syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Pzt 2019-09-09 10:54:19 +03; 2h 46min ago
Docs: man:syslog-ng(8)
Main PID: 23702 (syslog-ng)
Tasks: 2
CGroup: /system.slice/syslog-ng.service
└─23702 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid

Eyl 09 10:54:19 telco systemd[1]: Starting System Logger Daemon...
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.718407] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.720740] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.721192] Plugin module not found in 'module-path'; module-path='/usr/lib64/syslog-ng', module='http'
Eyl 09 10:54:19 telco syslog-ng[23702]: [2019-09-09T10:54:19.725045] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Eyl 09 10:54:19 telco systemd[1]: Started System Logger Daemon.


Can you help me with this please?

Thanks!

Re: Configuring Syslog-ng on Centos7

Posted: 2019/09/09 10:56:06
by czanik
None of these should affect you in any way:

- if you don't use a Java-based destination you can delete syslog-ng-java (the libjvm.so message comes from this module). Otherwise make sure that libjvm.so is available to syslog-ng.

- syslog-ng-http is not installed, but referred to from configurations. Ignore these or install syslog-ng-http

- you can silence the last one by adding dns-cache(no) to the options section of your config

Re: Configuring Syslog-ng on Centos7

Posted: 2019/09/09 12:51:25
by celikozl
installing syslog-ng-http and exporting libjvm worked for the case.
Thank you.