You are not logged in.
- Topics: Active | Unanswered
#1 2014-12-05 13:03:30
- snakeroot
- Member
- Registered: 2012-10-06
- Posts: 164
syslog-ng 3.6.1 and "ForwardToSyslog"
syslog-ng (from v. 3.6) now uses journald as its default "system" source if it detects systemd. This means that it is no longer necessary to have "ForwardToSyslog" turned on in /etc/systemd/journald.conf" and you should probably switch it off to save system resources[0] and to avoid annoying log entries.[1]
Regards,
[0] http://lists.freedesktop.org/archives/s … 22295.html
[1] https://github.com/balabit/syslog-ng/issues/314
Offline
#2 2014-12-05 14:01:44
- karol
- Archivist
- Registered: 2009-05-06
- Posts: 25,440
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
Can you please update https://wiki.archlinux.org/index.php/Sy … ith_syslog and https://wiki.archlinux.org/index.php/Syslog-ng#Overview ?
Offline
#3 2014-12-05 14:56:47
- Primoz
- Member
- From: Ljubljana-Slovena-EU
- Registered: 2009-03-04
- Posts: 688
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
So why exactly does it use up all of my CPU then?
How important it is, and can I turn it off? I'll report back if the CPU usage doesn't go down after a while. And if it doesn't, I'm turning it off, because I don't want to strain my CPU.
Apparently I should've waited a bit longer...
Last edited by Primoz (2014-12-05 15:03:27)
Arch x86_64 ATI AMD APU KDE frameworks 5
---------------------------------
Whatever I do, I always end up with something horribly mis-configured.
Offline
#4 2014-12-06 12:55:10
- snakeroot
- Member
- Registered: 2012-10-06
- Posts: 164
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
Can you please update https://wiki.archlinux.org/index.php/Sy … ith_syslog and https://wiki.archlinux.org/index.php/Syslog-ng#Overview ?
Done.
Offline
#5 2014-12-06 20:23:19
- Leonid.I
- Member
- From: Aethyr
- Registered: 2009-03-22
- Posts: 999
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
So, is it nesessary to have journald store files? That is, will syslog-ng pull data if Storage=none?
Also, I'd say citing in the wiki systemd-devel about rsyslog capabilities is pretty wierd, especially, if rsyslog dicumentation itself pretty much advises against using journald intergration: http://www.rsyslog.com/doc/master/confi … urnal.html .
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
#6 2014-12-17 16:55:06
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,398
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
I join the question.
I tried to avoid journald binary files and continue to use classic log files.
So i've:
grep -vi ^# /etc/systemd/journald.conf
[Journal]
Storage=none
ForwardToSyslog=yesAnd since some day, my /var/log/everything.log is just empty.
Anybody knows a way to have plain text logs again please?
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#7 2014-12-17 17:18:54
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,804
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
Does this article https://wiki.archlinux.org/index.php/syslog-ng not work?
If you are up to date with both systemd and syslog-ng, it should just work -- no need to assert ForwardToSyslog
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#8 2014-12-17 17:52:24
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,398
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
I'm not completely up to date, but i've:
systemd 217-8
syslog-ng 3.6.1-1
my test:
rm /var/log/everything.log ; systemctl restart syslog-ng ; systemctl restart systemd-journald ; systemctl restart sshd ; cat /var/log/everything.logwith:
ForwardToSyslog=yes
Storage=auto
and with:
#ForwardToSyslog=yes
Storage=auto
i've:
# rm /var/log/everything.log ; systemctl restart syslog-ng ; systemctl restart systemd-journald ; systemctl restart sshd ; cat /var/log/everything.log
Dec 17 18:48:02 localhost syslog-ng[30521]: syslog-ng starting up; version='3.6.1'
Dec 17 18:48:02 Gozer systemd[1]: Starting System Logger Daemon...
Dec 17 18:48:02 Gozer systemd[1]: Started System Logger Daemon.
Dec 17 18:48:02 Gozer systemd[1]: Stopping Trigger Flushing of Journal to Persistent Storage...
Dec 17 18:48:02 Gozer systemd[1]: Stopping Journal Service...
Dec 17 18:48:02 Gozer systemd-journal[30461]: Journal stopped
Dec 17 18:48:02 Gozer systemd-journal[30527]: Runtime journal is using 8.0M (max allowed 298.6M, trying to leave 447.9M free of 2.9G available → current limit 298.6M).
Dec 17 18:48:02 Gozer systemd-journal[30527]: Runtime journal is using 8.0M (max allowed 298.6M, trying to leave 447.9M free of 2.9G available → current limit 298.6M).
Dec 17 18:48:02 Gozer systemd-journald: Received SIGTERM from PID 1 (systemd).
Dec 17 18:48:02 Gozer systemd: Starting Journal Service...
Dec 17 18:48:02 Gozer systemd-journal[30527]: Journal started
Dec 17 18:48:02 Gozer systemd: Started Journal Service.
Dec 17 18:48:02 Gozer systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
Dec 17 18:48:02 Gozer systemd[1]: Cannot add dependency job for unit cups.socket, ignoring: Unit cups.socket failed to load: No such file or directory.
Dec 17 18:48:02 Gozer systemd[1]: Stopping OpenSSH Daemon...
Dec 17 18:48:02 Gozer systemd[1]: Started Trigger Flushing of Journal to Persistent Storage.
Dec 17 18:48:02 Gozer systemd[1]: Started SSH Key Generation.
Dec 17 18:48:02 Gozer systemd[1]: Starting OpenSSH Daemon...
Dec 17 18:48:02 Gozer systemd[1]: Started OpenSSH Daemon. with:
#ForwardToSyslog=yes
Storage=none
and with:
ForwardToSyslog=yes
Storage=none
i've:
# rm /var/log/everything.log ; systemctl restart syslog-ng ; systemctl restart systemd-journald ; systemctl restart sshd ; cat /var/log/everything.log
Dec 17 18:49:45 localhost syslog-ng[30872]: syslog-ng starting up; version='3.6.1'so storage=none produces no text logs to me.
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#9 2014-12-18 08:03:00
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,398
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
I can confirm that even with the system completely up to date, syslog-ng 3.6.1 doesn't get any log from journald is storage=none is set in journald.conf.
Reverting to 3.5.6-1 and restarting the services produces text logs again.
Please somebody could test if he is able to reproduce?
--EDIT
Ok, i think this is the new intended behaviour of syslog-ng. The source directive system() expands and behaves that way, see:
http://www.balabit.com/sites/default/fi … rce-system
If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source.
# /usr/share/syslog-ng/tools/system-expand
## system() expands to:
channel {
source {
systemd-journal();
}; # source
}; # channel
;--EDIT
...and here comes the right configuration; in /etc/syslog-ng/syslog-ng.conf, find this:
source src {
system();
internal();
};Replace with this:
source src {
#system();
unix-dgram("/dev/log");
internal();
};Again, ForwardToSyslog in /etc/systemd/journald.conf has to be set to yes
Restart syslog-ng and/or systemd-journald and get your text logs without journal files back. yay!
Last edited by kokoko3k (2014-12-18 08:29:52)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#10 2014-12-18 08:56:15
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,398
Re: syslog-ng 3.6.1 and "ForwardToSyslog"
I modified those wiki entries:
https://wiki.archlinux.org/index.php/Sy … nd_systemd
https://wiki.archlinux.org/index.php/Sy … ith_syslog
Somebody could review/modify it as needed?
Thanks.
EDIT:
I filed a bug report: https://github.com/balabit/syslog-ng/issues/357
Last edited by kokoko3k (2014-12-18 09:17:04)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline