LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-18-2019, 04:28 PM   #1
james000
Member
 
Registered: Sep 2018
Posts: 55

Rep: Reputation: Disabled
syslog-ng showing address in use, though it is not in use


Hi,

I need help on syslog-ng on RHEL 7.2. As per configuration, it is supposed to create authlog, messages and xymessages daily in respective folder of date. But I can see only messages file and that is also not updating well.
Logs are showing that some address is already in use. But I am not able to find, which process (other than syslog-ng)
Code:
[root@client32 /]# ps -ef | grep -i syslog
root     22954     1  0 14:18 ?        00:00:00 supervising syslog-ng
netlog   22955 22954  0 14:18 ?        00:00:00 /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
root     22979 22754  0 14:22 pts/1    00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# kill -9 22954 22955
[root@client32 /]# >/export/logs/var/run/syslog-ng.pid
[root@client32 /]#
[root@client32 /]# ps -ef | grep -i syslog
root     22981 22754  0 14:22 pts/1    00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
[root@client32 /]#
[root@client32 /]# ps -ef | grep -i syslog
root     22983     1  0 14:22 ?        00:00:00 supervising syslog-ng
netlog   22984 22983  0 14:22 ?        00:00:00 /usr/sbin/syslog-ng -u netlog -g netlog -p /export/logs/var/run/syslog-ng.pid --cfgfile=/export/logs/SoWA/syslog-ng.conf -R /export/logs/var/run/syslog-ng.persist --no-caps
root     22987 22754  0 14:22 pts/1    00:00:00 grep --color=auto -i syslog
[root@client32 /]#
[root@client32 /]# cat /export/logs/SoWA/syslog-ng.conf
@version:3.5

options {
    threaded (yes);
    time_reopen (10);
    chain_hostnames (off);
    use_dns (yes);
    dns_cache (yes);
    dns_cache_size (2000);
    dns_cache_expire (86400);
    use_fqdn (no);
    keep_hostname (yes);
    stats_freq (0);
    stats_level (1);
    log_msg_size (16384);
    log_fifo_size (8000000);
    create_dirs(yes);
    owner(netlog);
    group(netlog);
    perm(0640);
    dir_owner(netlog);
    dir_group(netlog);
    dir_perm(0750);
};
source s_clc {
    internal();
    tcp(ip("172.30.130.11") port(5140) max-connections(250) so_rcvbuf(425984)log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
};

source s_neteng {
    udp(port(5144));
};

source s_psap {
    udp(port(5142));
};
#source s_psap2 {
#    udp(port(514));
#};


filter f_mesg   { level(info..emerg) and not facility(mail,authpriv,auth,cron,local0) };
filter f_local  { facility(local1,local2,local3,local4,local5,local6,local7); };
filter f_auth   { facility(auth) and level(info..emerg); };
filter f_xy     { facility(local0); };

destination d_clc_mesg {
    file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/messages"   perm(0644) dir_perm(0755));
};
destination d_clc_auth {
    file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/authlog"    perm(0640) dir_perm(0755));
};
destination d_clc_xy   {
    file("/export/logs/SoWA/clc/$YEAR-$MONTH-$DAY/xymessages" perm(0644) dir_perm(0755));
};
destination d_neteng   {
    file("/export/logs/SoWA/neteng/$YEAR-$MONTH-$DAY.log" perm(0644) dir_perm(0755));
};
destination d_psap     {
    file("/export/logs/SoWA/psap/$YEAR-$MONTH-$DAY.log" perm(0644) dir_perm(0755));
};
destination d_local {
    file("/var/log/local"    perm(0640) dir_perm(0755));
};

log {source(s_clc); filter(f_mesg); destination(d_clc_mesg); };
log {source(s_clc); filter(f_auth); destination(d_clc_auth); };
log {source(s_clc); filter(f_xy);   destination(d_clc_xy);   };
log {source(s_clc); filter(f_local);   destination(d_local);   };
log {source(s_neteng); destination(d_neteng); };
log {source(s_psap);   destination(d_psap); };
#log {source(s_psap2);   destination(d_psap); };

[root@client32 /]#
[root@client32 /]# ls -ltr /export/logs/SoWA/clc/2019-01-18
total 4
-rw-r--r--. 1 netlog netlog 1506 Jan 18 14:22 messages
[root@client32 /]#
[root@client32 /]# cat /export/logs/SoWA/clc/2019-01-18/messages
Jan 18 12:18:42 client32 syslog-ng[22623]: syslog-ng starting up; version='3.5.6'
Jan 18 12:18:42 client32 syslog-ng[22623]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 12:27:23 client32 syslog-ng[22689]: syslog-ng starting up; version='3.5.6'
Jan 18 12:27:23 client32 syslog-ng[22689]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 13:09:55 client32 syslog-ng[22780]: syslog-ng starting up; version='3.5.6'
Jan 18 13:09:55 client32 syslog-ng[22780]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 13:39:17 client32 syslog-ng[22868]: syslog-ng starting up; version='3.5.6'
Jan 18 13:39:17 client32 syslog-ng[22868]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 14:18:34 client32 syslog-ng[22955]: syslog-ng starting up; version='3.5.6'
Jan 18 14:18:34 client32 syslog-ng[22955]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
Jan 18 14:22:54 client32 syslog-ng[22984]: syslog-ng starting up; version='3.5.6'
Jan 18 14:22:54 client32 syslog-ng[22984]: Error opening control socket, bind() failed; socket='/var/lib/syslog-ng/syslog-ng.ctl', error='Address already in use (98)'
[root@client32 /]# ss -ltupn|grep 5140
tcp    LISTEN     0      128    172.30.130.11:5140                  *:*                   users:(("syslog-ng",pid=22984,fd=8))
[root@client32 /]#
[root@client32 /]# ss -ltupn|grep 5144
udp    UNCONN     0      0         *:5144                  *:*                   users:(("syslog-ng",pid=22984,fd=9))
[root@client32 /]#
[root@client32 /]# ss -ltupn|grep 5142
udp    UNCONN     0      0         *:5142                  *:*                   users:(("syslog-ng",pid=22984,fd=10))
[root@client32 /]#
This is from working server -
Code:
[root@working-client /]# ls -ltr /export/logs/SoWA/clc/2019-01-18
total 308
-rw-r--r--. 1 netlog netlog 249420 Jan 18 14:19 xymessages
-rw-r-----. 1 netlog netlog  14031 Jan 18 14:20 authlog
-rw-r--r--. 1 netlog netlog  42180 Jan 18 14:27 messages
[root@working-client /]#

Last edited by james000; 01-18-2019 at 04:30 PM. Reason: adding more details
 
Old 01-21-2019, 02:33 AM   #2
balabit
syslog-ng documentation maintainer at BalaBit
 
Registered: Jun 2009
Posts: 16

Rep: Reputation: 2
Hi,

Are you sure that another syslog-ng process isn't already running? Try killing every process and starting only one.
 
Old 01-21-2019, 01:32 PM   #3
james000
Member
 
Registered: Sep 2018
Posts: 55

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by balabit View Post
Hi,

Are you sure that another syslog-ng process isn't already running? Try killing every process and starting only one.
Yes, as you can see my post, there were two processes and I killed both and restart syslog-ng and still it says same error.
 
Old 01-22-2019, 02:29 AM   #4
balabit
syslog-ng documentation maintainer at BalaBit
 
Registered: Jun 2009
Posts: 16

Rep: Reputation: 2
Can you check if the netlog user has access to the /var/lib/syslog-ng/ directory?
 
Old 01-22-2019, 05:01 PM   #5
james000
Member
 
Registered: Sep 2018
Posts: 55

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by balabit View Post
Can you check if the netlog user has access to the /var/lib/syslog-ng/ directory?
netlog can go and browse /var/lib/syslog-ng/ , though can't write. For testing, I allowed netlog to write on /var/lib/syslog-ng/ and it didn't helped
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is syslog-ng not recording any log events in /var/log/syslog.log ToffeeYogurtPots Linux - Software 3 05-31-2018 02:15 PM
auditctl -l not showing any rules even though i have rules written in audit.rules alphaguy Linux - Security 1 02-07-2014 05:28 PM
How headers are included though the path is not showing the header folder mnowhere Linux - Newbie 10 08-07-2012 02:34 AM
Wireless card showing no ip though everything seems ok mohitanchlia Linux - Networking 6 03-01-2011 09:04 PM
Firefox bookmarks.html not showing correct bookmarks even though file is identical. php Ubuntu 7 11-08-2008 04:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration