Fabre

#985422 syslog-ng-core: fails to capture all systemd-journal entries #985422

Package:: syslog-ng-core

Source:: syslog-ng

Description:: Enhanced system logging daemon (core)

Submitter:: Matthew Pounsett

Date:: 2021-03-17 23:09:03 UTC

Severity:: important

#985422#5

Date:: 2021-03-17 23:05:41 UTC

From:

To:

Dear Maintainer,

The Debian syslog-ng package is not collecting all systemd-journal messages.

The use case that caused me to track this down is an inconsistency between the
Debian syslog-ng and rsyslog packages when logging Knot DNS activity (using
the 'knot' package from upstream https://deb.knot-dns.cz/knot-latest/).

A default install of rsyslog captures Knot's logging activity to
/var/log/user.log, while a default install of syslog-ng does not capture its
activity at all.  The default syslog-ng configuration should log the same
messages to /var/log/user.log, but it seems syslog-ng doesn't even see the
log messages.

Digging a bit deeper .. journald.conf(5) indicates that syslog messages are
written to /run/systemd/journal/syslog.  I noted that syslog-ng does not
create this socket, while rsyslog does.

There is a comment in syslog.socket which indicates a syslog daemon is
expected to include "Alias=syslog.service" in its [install] section in order
to pull in this dependency.  The rsyslog package does this, but the syslog-ng
package does not.  It seems likely this is related to the issues with
capturing syslog messages.

#985422 syslog-ng-core: fails to capture all systemd-journal entries #985422

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)