What's new

Scribe scribe - syslog-ng and logrotate installer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

My suspicion is syslog-ng is writing the messages slightly differently and skynet is choking on it when it does its hourly save.

This looks a little different up to the colon:
Code:
Oct 26 14:34:44 Skynet: [#] 130264 IPs (+0) -- 40232 Ranges Banned (+0) || 49 Inbound -- 0 Outbound Connections Blocked! [save] [8s]
Than this:
Code:
Oct 28 18:05:00 RT-AC87R syslog-ng[1452]: Log statistics; processed='destination(d_logrotate)=138', processed='destination(d_syslogng)=82'

EDIT: Nope, this isn't it. Syslog-ng is holding the files open, nothing to do with skynet.
 
Last edited:
I think that version change might have something to do with this issue. I just checked and am on syslog-ng - 3.20.1-1. Sorry @cmkelley that this is an inconvenient time.

I see others on 3.23 like @shark and @Ayitaka that might be it. Can you two run this in a shell and report the result?
Code:
opkg list-installed | grep syslog
I'll do some research on downgrading to 3.20 if that resolves this until scribe can be updated.

Code:
syslog-ng - 3.23.1-1

On my previously installation of scribe\syslog-ng and skynet everything was working properly, then i few days ago a update both skynet e and "scribe"(it updated syslog-ng to lasted version) and after that the logs are weird mainly skynet, so thought i should do a clean install of everything since it was due time and it did not solve... so something got broken on the lasted versions
 
Last edited:
Let's ping Adamm to see if some changes in Skynet with the last few releases might be the culprit, and not the update from syslog-ng 3.20 to 3.23.

@Adamm it might be that syslog-ng 3.23 made some changes that are affecting Skynet logging with Scribe, see post #841 above. Of did you change anything in the Skynet log output?

Issues started with this post.
https://www.snbforums.com/threads/scribe-syslog-ng-and-logrotate-installer.55853/page-42#post-523151

Thank you
Sadly, given @Ayitaka's post above (scribe - syslog-ng and logrotate installer) I'm thinking it's some weirdness in the new syslog-ng version. So this will probably be a huge pain to figure out, since I have no insight to the workings of syslog-ng (or syslogd for that matter).
 
Let's ping Adamm to see if some changes in Skynet with the last few releases might be the culprit, and not the update from syslog-ng 3.20 to 3.23.

@Adamm it might be that syslog-ng 3.23 made some changes that are affecting Skynet logging with Scribe, see post #841 above. Of did you change anything in the Skynet log output?

Issues started with this post.
https://www.snbforums.com/threads/scribe-syslog-ng-and-logrotate-installer.55853/page-42#post-523151

Thank you

Skynets logging code hasn't changed in over a year so this is most definitely a syslog-ng change.
 
Does this offer a simpler info that might help?
https://github.com/syslog-ng/syslog-ng/releases

I went through part of it last night, but my understanding is far less than yours. :(
Nothing jumps out at me, sadly.
Skynets logging code hasn't changed in over a year so this is most definitely a syslog-ng change.
Yeah, I was afraid of that. I think I'll start with comparing the default syslog-ng.conf files for 3.20 and 3.23. Maybe there's a hint in there.
 
Skynets logging code hasn't changed in over a year so this is most definitely a syslog-ng change.
What I'm thinking is that the sed functions in the Purge_Logs function are misfiring because something about syslog-ng is formatting the skynet-0.log differently, with the possible result of the destructive sed deleting everything in that log, and then leaving the file open so that syslog-ng isn't writing to it but leaving messages in its write cache.

So yes, not a change in the skynet code causing a problem, but something in that code block.

EDIT: Nope, not this either.
 
Last edited:
My suspicion is syslog-ng is writing the messages slightly differently and skynet is choking on it when it does its hourly save.

This looks a little different up to the colon:
Code:
Oct 26 14:34:44 Skynet: [#] 130264 IPs (+0) -- 40232 Ranges Banned (+0) || 49 Inbound -- 0 Outbound Connections Blocked! [save] [8s]
Than this:
Code:
Oct 28 18:05:00 RT-AC87R syslog-ng[1452]: Log statistics; processed='destination(d_logrotate)=138', processed='destination(d_syslogng)=82'

Just to clarify something, that skynet stat line I posted was from /mnt/sd1/skynet/events.log, probably from when it was running without syslog-ng. Since skynet/syslog-ng was not adding the stat line to the skynet-0.log file, I grabbed that line to show as an example but it may be formatted differently. I have yet to see a stat line in skynet-0.log with syslog-ng 3.23 so I dunno if the format is the same or has changed.
 
Ok, new theory. I <think> our file destinations do not have a template. The following has changed in 3.23:
Code:
time-reap()
Accepted values: number (seconds)
Default: 60 or 0, see description for details
Description: The time to wait in seconds before an idle destination file or pipe is closed. Note that only destination files having macros in their filenames are closed automatically.

Starting with version 3.23, the way how time-reap() works is the following.

1. If the time-reap() option of the destination is set, that value is used, for example:

destination d_fifo {
   pipe(
       "/tmp/test.fifo",
       time-reap(30)  # sets time-reap() for this destination only
   );
};
2. If the time-reap() option of the destination is not set, and the destination does not use a template or macro in its filename or path, time-reap() is automatically set to 0. For example:

destination d_fifo {
   pipe(
       "/tmp/test.fifo",
   );
};

3. Otherwise, the value of the global time-reap() option is used, which defaults to 60 seconds.
where previously it was 60.

Perhaps we are falling into category 2 with skynet-0.log, in which case the file will be held open indefinitely and skynet can no longer write to it. Solution then would be to add a time-reap option, or define a default file template.

EDIT: Yes. With 3.23 in place I ran
Code:
firewall save
to start the problem and the "BLOCKED" messages stopped being logged to skynet-0.log. Then I edited the skynet config file from
Code:
destination d_skynet {
    file("/opt/var/log/skynet-0.log");
};
to
Code:
destination d_skynet {
    file("/opt/var/log/skynet-0.log", time-reap(2));
};
restarted scribe and the messages began to be logged again.

I think this may only be necessary with skynet, since no other script is writing to the log files syslog-ng might be holding open.

EDIT 2: Time-reap() used in a file definition may throw an error for versions earlier than 3.23.
 
Last edited:
Another way that looks like it would work is to specify something like the default message format in the skynet config file:
Code:
destination d_skynet { 
    file("/opt/var/log/skynet-0.log", template("${DATE} ${HOST} ${MSGHDR}${MESSAGE}\n") );
};
This might be a better way for scribe to change the included filter as it would be backwards compatible to 3.19, etc. Anyway, try both.
 
Code:
destination d_skynet {
    file("/opt/var/log/skynet-0.log", time-reap(2));
};

Confirmed that this change to the skynet syslog-ng filter worked and, so far, it is logging properly now with syslog-ng 3.23-1.1, including stat lines as well as not losing any BLOCKED messages while firewall save is run:

Code:
user@router:/tmp/mnt/sda1/entware/var/log# cat skynet-0.log
Oct 31 11:19:07 router Skynet: [%] Restarting Firewall Service
Oct 31 11:19:08 router Skynet: [%] Startup Initiated... ( skynetloc=/tmp/mnt/sda1/skynet )
Oct 31 11:20:48 router Skynet: [#] 77771 IPs (+0) -- 40294 Ranges Banned (+0) || 2 Inbound -- 8 Outbound Connections Blocked! [save] [6s]
Oct 31 11:24:04 router Skynet: [#] 77771 IPs (+0) -- 40294 Ranges Banned (+0) || 10 Inbound -- 8 Outbound Connections Blocked! [save] [5s]
Oct 31 11:25:58 router Skynet: [#] 77771 IPs (+0) -- 40294 Ranges Banned (+0) || 14 Inbound -- 10 Outbound Connections Blocked! [save] [6s]
Oct 31 11:28:13 router Skynet: [#] 77771 IPs (+0) -- 40294 Ranges Banned (+0) || 19 Inbound -- 14 Outbound Connections Blocked! [save] [6s]

Thanks for digging this up, elorimer!
 
what does this mean

Code:
Please select an option: rl
 reloading syslog-ng.conf ... EOF occurred while reading control socket

 Restarting uiScribe ...            done.
I honestly don't know. I've never seen that before. What router/firmware, what other scripts in use?
 
this is on a RT-AC5300 and the log conf goes like this
Code:
#############################################################################
# OpenWrt syslog-ng.conf specific file
# which collects all local logs into a single file called /var/log/messages.
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-editio
n/3.16/release-notes/global-options
#
# non-scl version with "@include "scl.conf"" and call to default-network-drivers
 function (part of scl) removed
#   moved sourcing /proc/kmsg from "source kernel" to "source src" and added dir
ectives to /proc/kmsg and /dev/log sourcing
#   log_msg_size increased to 16K to ensure even large messages are completely c
aptured
#   stats_freq changed to every 6 hours
#   source net function to get udp log messages from local network commented out

#   destination log_server function added (commented out) to illustrate sending
udp log messages to server on local network

@version: 3.23
@include "/opt/etc/syslog-ng.d/" # Put any customization files in this directory

# don't log empty messages from kernel
destination d_null {
#    file("/opt/var/log/blank.log"); # uncomment this list if you want to verify
 only blank messages are being filtered out
    file("/dev/null");
};

filter f_blank {
    program("kernel") and
    message("^ *$");
};

log {
    source(src);
    filter(f_blank);
    destination(d_null);
    flags(final);
};

#eof
# log dcd crash dump to /opt/var/log/crash.log only

destination d_crash {
    file("/opt/var/log/crash.log");
};

filter f_crash {
    message("dcd") or
    message("v8A") or
    message("pgd = ") or
    message("\\[00000000\\]") or
    message("task: ") or
    message("PC is at") or
    message("LR is at") or
    message("pc :") or
    message("sp :") or
    message("x12:") or
    message("x11:") or
    message("x9 :") or
    message("x7 :") or
    message("x5 :") or
    message("x3 :") or
    message("x1 :");
};

log {
    source(src);
    filter(f_crash);
    destination(d_crash);
    flags(final);
};

#eof
# log all diversion and uiDivStats logs to diversion.log

destination d_diversion {
    file("/opt/var/log/diversion.log");
};

filter f_diversion {
    program("Diversion") or
    program("uiDivStats");
};

log {
    source(src);
    filter(f_diversion);
    destination(d_diversion);
    flags(final);
};

#eof
# log ethernet change to /opt/var/log/ethernet.log only

destination d_ethernet {
    file("/opt/var/log/ethernet.log");
};

filter f_kernel {
    program("kernel");
};

filter f_ethernet {
    message("eth1") or
    message("eth2") or
    message("eth3") or
    message("eth4") or
    message("eth5") or
    message("eth6") or
    message("eth7") or
    message("eth8") or
    message("br0:");
};

log {
    source(src);
    filter(f_kernel);
    filter(f_ethernet);
    destination(d_ethernet);
    flags(final);
};

#eof
# print a huge log telling everything about the incomming log

template t_expandlog {
    template("================================================
    PROGRAM=$PROGRAM#
    PID=$PID#
    BSDTAG=$BSDTAG#
    TAG=$TAG#
    TAGS=$TAGS#
    FACILITY=$FACILITY#
    FACILITY_NUM=$FACILITY_NUM#
    LEVEL=$LEVEL#
    LEVEL_NUM=$LEVEL_NUM#
    PRI=$PRI#
    PRIORITY=$PRIORITY#
    FULLHOST=$FULLHOST#
    FULLHOST_FROM=$FULLHOST_FROM#
    HOST=$HOST#
    HOST_FROM=$HOST_FROM#
    LOGHOST=$LOGHOST#
    MSGHDR=$MSGHDR#
    MSGID=$MSGID#
    MSGONLY=$MSGONLY#
    MSG=$MSG#
    MESSAGE=$MESSAGE#
    SOURCE=$SOURCE#
    SOURCEIP=$SOURCEIP#
    SOURCE_IP=$SOURCE_IP#
    SEQNUM=$SEQNUM#
    UNIXTIME=$UNIXTIME#
    FULLDATE=$FULLDATE#
    ISODATE=$ISODATE#
    DATE=$DATE#
    STAMP=$STAMP#
    TZ=$TZ#
    TZOFFSET=$TZOFFSET#
    SEC=$SEC#
    MIN=$MIN#
    HOUR=$HOUR#
    HOUR12=$HOUR12#
    DAY=$DAY#
    WEEK=$WEEK#
    WEEK_DAY=$WEEK_DAY#
    WEEK_DAY_ABBREV=$WEEK_DAY_ABBREV#
    WEEK_DAY_NAME=$WEEK_DAY_NAME#
    MONTH=$MONTH#
    MONTH_ABBREV=$MONTH_ABBREV#
    MONTH_NAME=$MONTH_NAME#
    MONTH_WEEK=$MONTH_WEEK#
    YEAR=$YEAR#
    YEAR_DAY=$YEAR_DAY#\n\n");
    template_escape(no);
};

destination d_expandlog {
    file("/opt/var/log/expanded-syslog.log" template(t_expandlog));
};

log {
    source(src);
    destination(d_expandlog);
};

#eof
# gather logrotate logs together for unified log

destination d_logrotate {
    file("/opt/var/log/logrotate.log");
};

source s_lr_status {
    file("/var/lib/logrotate.status" program-override("logrotate") flags(no-pars
e));
};

source s_lr_daily {
    file("/opt/tmp/logrotate.daily" program-override("logrotate") flags(no-parse
));
};

log {
    source(s_lr_status);
    source(s_lr_daily);
    destination(d_logrotate);
    flags(final);
};

#eof
# log all openvpn server and client logs into one file - /opt/var/log/openvpn.lo
g and stop processing openvpn logs

destination d_openvpn {
    file("/opt/var/log/openvpn.log");
};

filter f_openvpn {
    program("ovpn-server1") or
    program("ovpn-server2") or
    program("ovpn-client1") or
    program("ovpn-client2") or
    program("ovpn-client3") or
    program("ovpn-client4") or
    program("ovpn-client5") or
    program("openvpn-routing");
};

log {
    source(src);
    filter(f_openvpn);
    destination(d_openvpn);
    flags(final);
};

#eof
# log all pixelserv-tls logs to /opt/var/log/pixelserv.log and stop processing p
ixelserv-tls logs

destination d_pixelserv {
    file("/opt/var/log/pixelserv.log");
};

filter f_pixelserv {
    program("pixelserv-tls");
};

log {
    source(src);
    filter(f_pixelserv);
    destination(d_pixelserv);
    flags(final);
};

#eof
# this MUST BE the file configured in Skynet as the syslog.log location
# DO NOT use /tmp/syslog.log or /opt/var/log/messages here!
destination d_skynet {
    file("/opt/var/log/skynet-0.log", template("${DATE} ${HOST} ${MSGHDR}${MESSA
GE}\n") );
};

# logs everything from Skynet to /opt/var/log/skynet-0.log
filter f_skynet {
    program("Skynet") or
    message("BLOCKED -") or
    message("DROP IN=");
};

# final flag stops processing of messages matching the f_skynet filter
log {
    source(src);
    filter(f_skynet);
    destination(d_skynet);
    flags(final);
};

#eof
# put syslog-ng's logging stats into /opt/var/log/syslog-ng.log

destination d_syslogng {
    file("/opt/var/log/syslog-ng.log");
};

filter f_syslogng {
    program("syslog-ng")
};

log {
    source(src);
    filter(f_syslogng);
    destination(d_syslogng);
    flags(final);
};
#eof
# put wlceventd Assoc/ReAssoc/Disassoc messages into /opt/var/log/wlceventd.log

destination d_wlceventd {
    file("/opt/var/log/wlceventd.log");
};

filter f_wlceventd {
    program("WLCEVENTD") and
    message("ssoc");
};

log {
    source(src);
    filter(f_wlceventd);
    destination(d_wlceventd);
    flags(final);
};

#eof
options {
    chain_hostnames(no); # Enable or disable the chained hostname format.
    create_dirs(yes);
    keep_hostname(yes); # Enable or disable hostname rewriting.
    log_fifo_size(256); # The number of messages that the output queue can store
.
    log_msg_size(16384); # Maximum length of a message in bytes.
    stats_freq(21600); # The period between two STATS messages (sent by syslog-n
g, containing statistics about dropped logs) in seconds. (21,600 seconds = 6 hou
rs)
    flush_lines(0); # How many lines are flushed to a destination at a time.
    use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};

# syslog-ng gets messages from the system, kernel, and syslog-ng (internal)
# DO NOT use system() source; causes issues on HND routers
# so_rcvbuf = maximum number of messages per second * 1024
source src {
    unix-dgram("/dev/log" so_rcvbuf(65536) flags(syslog-protocol));
    file("/proc/kmsg" program_override("kernel") flags(kernel));
    internal();
};
# uncomment these three lines to get udp log messages from local network
# must also uncomment "source(net);" below
#source net {
#    udp(ip(192.168.x.y) port(514));
#};

destination messages {
    file("/opt/var/log/messages");
};

# uncomment these three lines to send udp log messages to local network
# must also uncomment "destination(log_server);" below
#destination log_server {
#    udp("192.168.x.y" port(514));
#};

log {
    source(src);
#    source(net); # uncomment this and "source net" function above to get udp lo
g messages from local network
    destination(messages);
#    destination(log_server); # uncomment this and "destination log_server" func
tion above to send udp log messages to local network
};
note that everything that is commented out that shows it is doubled lined is really single lined.
 
The only thing I see out of the ordinary is that you have the expanded syslog script enabled. That is intended to be used only as a troubleshooting aid, not to be used all the time, and there's not a logrotate script for it because of that. So you probably have an absolutely gigantic /opt/var/log/expanded-syslog.log file. That _might_ be causing the issue. I'd delete the /opt/var/log/expanded-syslog.log file and see if that helps. You really should consider removing the expandlog script from /opt/etc/syslog-ng.d/ as well.
 
The only thing I see out of the ordinary is that you have the expanded syslog script enabled. That is intended to be used only as a troubleshooting aid, not to be used all the time, and there's not a logrotate script for it because of that. So you probably have an absolutely gigantic /opt/var/log/expanded-syslog.log file. That _might_ be causing the issue. I'd delete the /opt/var/log/expanded-syslog.log file and see if that helps. You really should consider removing the expandlog script from /opt/etc/syslog-ng.d/ as well.
I am still getting the
Code:
 Please select an option: rl
 reloading syslog-ng.conf ... EOF occurred while reading control socket

 Restarting uiScribe ...            done.
 Press [Enter] to continue:

I appended all the appropriate changes to remove expanded-log. syslog-ng appears to be working , I just do not know what is is causing "EOF occurred while reading control socket" issue logs seem to be logging correctly as UiScribe shows me from its in real time updating is happening.
here is updated config
Code:
#############################################################################
# OpenWrt syslog-ng.conf specific file
# which collects all local logs into a single file called /var/log/messages.
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options
#
# non-scl version with "@include "scl.conf"" and call to default-network-drivers function (part of scl) removed
#   moved sourcing /proc/kmsg from "source kernel" to "source src" and added directives to /proc/kmsg and /dev/log sourcing
#   log_msg_size increased to 16K to ensure even large messages are completely captured
#   stats_freq changed to every 6 hours
#   source net function to get udp log messages from local network commented out
#   destination log_server function added (commented out) to illustrate sending udp log messages to server on local network

@version: 3.23
@include "/opt/etc/syslog-ng.d/" # Put any customization files in this directory
# don't log empty messages from kernel

destination d_null {
#    file("/opt/var/log/blank.log"); # uncomment this list if you want to verify only blank messages are being filtered out
    file("/dev/null");
};

filter f_blank {
    program("kernel") and
    message("^ *$");
};

log {
    source(src);
    filter(f_blank);
    destination(d_null);
    flags(final);
};

#eof
# log dcd crash dump to /opt/var/log/crash.log only

destination d_crash {
    file("/opt/var/log/crash.log");
};

filter f_crash {
    message("dcd") or
    message("v8A") or
    message("pgd = ") or
    message("\\[00000000\\]") or
    message("task: ") or
    message("PC is at") or
    message("LR is at") or
    message("pc :") or
    message("sp :") or
    message("x12:") or
    message("x11:") or
    message("x9 :") or
    message("x7 :") or
    message("x5 :") or
    message("x3 :") or
    message("x1 :");
};
log {
    source(src);
    filter(f_crash);
    destination(d_crash);
    flags(final);
};

#eof
# log all diversion and uiDivStats logs to diversion.log

destination d_diversion {
    file("/opt/var/log/diversion.log");
};

filter f_diversion {
    program("Diversion") or
    program("uiDivStats");
};

log {
    source(src);
    filter(f_diversion);
    destination(d_diversion);
    flags(final);
};

#eof
# log ethernet change to /opt/var/log/ethernet.log only

destination d_ethernet {
    file("/opt/var/log/ethernet.log");
};

filter f_kernel {
    program("kernel");
};

filter f_ethernet {
    message("eth1") or
    message("eth2") or
    message("eth3") or
    message("eth4") or
    message("eth5") or
    message("eth6") or
    message("eth7") or
    message("eth8") or
    message("br0:");
};

log {
    source(src);
    filter(f_kernel);
    filter(f_ethernet);
    destination(d_ethernet);
    flags(final);
};

#eof
# gather logrotate logs together for unified log

destination d_logrotate {
    file("/opt/var/log/logrotate.log");
};

source s_lr_status {
    file("/var/lib/logrotate.status" program-override("logrotate") flags(no-parse));
};

source s_lr_daily {
    file("/opt/tmp/logrotate.daily" program-override("logrotate") flags(no-parse));
};

log {
    source(s_lr_status);
    source(s_lr_daily);
    destination(d_logrotate);
    flags(final);
};

#eof
# log all openvpn server and client logs into one file - /opt/var/log/openvpn.log and stop processing openvpn logs

destination d_openvpn {
    file("/opt/var/log/openvpn.log");
};

filter f_openvpn {
    program("ovpn-server1") or
    program("ovpn-server2") or
    program("ovpn-client1") or
    program("ovpn-client2") or
    program("ovpn-client3") or
    program("ovpn-client4") or
    program("ovpn-client5") or
    program("openvpn-routing");
};

log {
    source(src);
    filter(f_openvpn);
    destination(d_openvpn);
    flags(final);
};

#eof
# log all pixelserv-tls logs to /opt/var/log/pixelserv.log and stop processing pixelserv-tls logs

destination d_pixelserv {
    file("/opt/var/log/pixelserv.log");
};

filter f_pixelserv {
    program("pixelserv-tls");
};

log {
    source(src);
    filter(f_pixelserv);
    destination(d_pixelserv);
    flags(final);
};

#eof
# this MUST BE the file configured in Skynet as the syslog.log location
# DO NOT use /tmp/syslog.log or /opt/var/log/messages here!
destination d_skynet {
        file("/opt/var/log/skynet-0.log");
};

# logs everything from Skynet to /opt/var/log/skynet-0.log
filter f_skynet {
    program("Skynet") or
    message("BLOCKED -") or
    message("DROP IN=");
};

# final flag stops processing of messages matching the f_skynet filter
log {
    source(src);
    filter(f_skynet);
    destination(d_skynet);
    flags(final);
};

#eof
# put syslog-ng's logging stats into /opt/var/log/syslog-ng.log

destination d_syslogng {
    file("/opt/var/log/syslog-ng.log");
};

filter f_syslogng {
    program("syslog-ng")
};

log {
    source(src);
    filter(f_syslogng);
    destination(d_syslogng);
    flags(final);
};

#eof
# put wlceventd Assoc/ReAssoc/Disassoc messages into /opt/var/log/wlceventd.log

destination d_wlceventd {
    file("/opt/var/log/wlceventd.log");
};

filter f_wlceventd {
    program("WLCEVENTD") and
    message("ssoc");
};

log {
    source(src);
    filter(f_wlceventd);
    destination(d_wlceventd);
    flags(final);
};

#eof

options {
    chain_hostnames(no); # Enable or disable the chained hostname format.
    create_dirs(yes);
    keep_hostname(yes); # Enable or disable hostname rewriting.
    log_fifo_size(256); # The number of messages that the output queue can store.
    log_msg_size(16384); # Maximum length of a message in bytes.
    stats_freq(21600); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. (21,600 seconds = 6
hours)
    flush_lines(0); # How many lines are flushed to a destination at a time.
    use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};

# syslog-ng gets messages from the system, kernel, and syslog-ng (internal)
# DO NOT use system() source; causes issues on HND routers
# so_rcvbuf = maximum number of messages per second * 1024
source src {
    unix-dgram("/dev/log" so_rcvbuf(65536) flags(syslog-protocol));
    file("/proc/kmsg" program_override("kernel") flags(kernel));
    internal();
};

# uncomment these three lines to get udp log messages from local network
# must also uncomment "source(net);" below
#source net {
#    udp(ip(192.168.x.y) port(514));
#};

destination messages {
    file("/opt/var/log/messages");
};

# uncomment these three lines to send udp log messages to local network
# must also uncomment "destination(log_server);" below
#destination log_server {
#    udp("192.168.x.y" port(514));
#};

log {
    source(src);
#    source(net); # uncomment this and "source net" function above to get udp log messages from local network
    destination(messages);
#    destination(log_server); # uncomment this and "destination log_server" function above to send udp log messages to local network
};

~
 
You might try stopping scribe and loading syslog-ng in the foreground, which I think is
Code:
syslog-ng -Fevd
If memory serves you can then see exactly the line that triggers the error.

EDIT: So I see this error, and another, on my AC56 with 3.23, and not on my 87 with 3.20. Starting in the foreground with -Fevd starts without throwing the error.

EDIT2: But now the error is gone on my 56. ??
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top