I'm working to implement syslog-ng OSE in my environment. Eventually I'd like to setup a central logging server, but in order to get my feet wet, I'm starting with a simple configuration. I've created a config that contains a single source, a single destination, and a single log. When I execute syslog-ng -F (as a foreground process via the cli) I get the expected results (all system messages are getting logged to /var/log/messages). However, if I run it as a daemon (via systemctl) I don't receive all the expected system messages. What's odd is that I'm still receiving messages from the kernel facility. Here's my simple config:
@version:3.5
@include "scl.conf"
source s_sys { system(); internal(); };
destination d_mesg { file("/var/log/messages"); };
log { source(s_sys); destination(d_mesg); };
As you can see, I don't have any filters set. I've verified that the service is running via systemctl status syslog-ng and it is. I've made sure and stopped and removed all other logging daemons as well.
syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2016-02-28 17:15:07 EST; 21min ago
Docs: man:syslog-ng(8)
Main PID: 3416 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
└─3416 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
My OS is CentOS 7.2 Any help would be greatly appreciated
Best Answer
NevDull, thanks for your input. It has helped me with the following problem that is similar to this topic:
syslog-ng fails to catch messages issued by logger command when running under systemctl administration. But it performs as expected when you go through the terminal as follows:
As result, you can see your "I'm testing..." message on /var/log/maillog file.
Editing the "/etc/systemd/journald.conf" file as you recommended solved the problem.
Thanks for sharing