0

I am having issues with an Ubuntu 16.04.4 machine running systemd and syslog-ng (3.5.6-2.1), where messages logged to syslog by a process (let's call it X) were not received by syslog-ng. Digging into this revealed that journald was hijacking the messages logged by X, and they hence never made it to syslog-ng.

After searching around a bit, it seemed that systemd needed to be made aware that syslog-ng is providing the syslog service, such that messages received by journald made it to syslog-ng as well. Looking at the systemd unit of syslog-ng, however, revealed that this should have been the case already, as it contains:

[Install]
WantedBy=multi-user.target
Alias=syslog.service

But even though syslog-ng had been explicitly enabled with systemctl enable syslog-ng, it seems the symlink

/etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service

was missing on the system. Uninstalling and re-installing syslog-ng and then running systemctl enable syslog-ng did in fact re-create that symlink, which made it work.

The actual problem now is that I have a machine where the syslog-ng systemd unit is enabled, but the symlink is missing, and in that case, systemctl enable syslog-ng does not re-create the missing symlink, as systemd seems to see that syslog-ng is already enabled, and therefore doesn't bother to check whether the symlink exists or not.

Of course I could theoretically manually create the symlink, but my questions here are:

  • why is the symlink missing, if systemd must have created it when enabling the syslog-ng unit?
  • what is the correct way of having systemd re-create this symlink, without having to disable syslog-ng and then re-enabling it?

I have looked through the systemd documentation I could find, but it is frustratingly vague on when/how/under what circumstances these symlinks are created.

Any help would be much appreciated!

Roman
  • 1
  • 1
  • AFAIK you shouldn't need that symlink in that folder, why do you want one? If you wanted the unit enabled it would probably need to be linked under `/etc/systemd/system/multi-user.target.wants/` though. – Zoredache Jun 28 '18 at 18:46
  • Thanks for the comment. The problem is that journald hijacks syslog messages (IIUC it hijacks the regular syslog logging socket, before any installed syslog application can claim it), and unless that symlink exists, telling systemd to forward syslog messages to whatever service this symlinks to, syslog-ng will not get messages logged by applications through the syslog function call. Fact is, if the symlink exists, all syslog messages show up in syslog-ng, if it doesn't exist, syslog-ng doesn't get all syslog messages. – Roman Jun 29 '18 at 06:21
  • Also, syslog-ng is enabled, but the [Install] section in the syslog-ng systemd unit specifically says that this symlink should be created, yet on the machines that I have checked, that symlink is missing. That is the real problem I am trying to address, because it leads to syslog messages not showing up in syslog-ng. – Roman Jun 29 '18 at 06:22

1 Answers1

0

syslog-ng 3.5 is rather old and somewhat buggy, I'd suggest to upgrade to a newer version (currently 3.16 is the latest). You can find packages in the repo of a developer: https://build.opensuse.org/project/show/home:laszlo_budai:syslog-ng

Robert Fekete
  • 552
  • 1
  • 3
  • 6
  • Thanks for the suggestion. I am aware that this is an older version, and that 3.6.1 was supposed to work better with systemd. But 3.5 is what is available in the Ubuntu repository for 16.04, and for $REASONS we cannot manually install from random repositories from the internet. – Roman Jun 28 '18 at 13:21
  • Does Ubuntu 18.04 count as random? If not, you can check the 3.13 package in the official 18.04 repos – Robert Fekete Jul 02 '18 at 07:10