[Syslog-ng-maintainers] Bug#985422: syslog-ng-core: fails to capture all systemd-journal entries

Matthew Pounsett matt at conundrum.com
Wed Mar 17 23:05:41 GMT 2021 

Package: syslog-ng-core
Version: 3.19.1-5
Severity: important

Dear Maintainer,

The Debian syslog-ng package is not collecting all systemd-journal messages.  

The use case that caused me to track this down is an inconsistency between the
Debian syslog-ng and rsyslog packages when logging Knot DNS activity (using
the 'knot' package from upstream https://deb.knot-dns.cz/knot-latest/).  

A default install of rsyslog captures Knot's logging activity to 
/var/log/user.log, while a default install of syslog-ng does not capture its
activity at all.  The default syslog-ng configuration should log the same
messages to /var/log/user.log, but it seems syslog-ng doesn't even see the
log messages.

Digging a bit deeper .. journald.conf(5) indicates that syslog messages are
written to /run/systemd/journal/syslog.  I noted that syslog-ng does not
create this socket, while rsyslog does.

There is a comment in syslog.socket which indicates a syslog daemon is
expected to include "Alias=syslog.service" in its [install] section in order
to pull in this dependency.  The rsyslog package does this, but the syslog-ng
package does not.  It seems likely this is related to the issues with
capturing syslog messages.


-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages syslog-ng-core depends on:
ii  libc6                  2.28-10
ii  libcap2                1:2.25-2
ii  libcurl4               7.64.0-4+deb10u1
ii  libglib2.0-0           2.58.3-2+deb10u2
ii  libivykis0             0.42.3-1
ii  libjson-c3             0.12.1+ds-2+deb10u1
ii  libnet1                1.1.6+dfsg-3.1
ii  libpcre3               2:8.39-12
ii  libssl1.1              1.1.1d-0+deb10u5
ii  libsystemd0            241-7~deb10u6
ii  libuuid1               2.33.1-0.1
ii  libwrap0               7.6.q-28
ii  lsb-base               10.2019051400
ii  syslog-ng-mod-journal  3.19.1-5
ii  util-linux             2.33.1-0.1

Versions of packages syslog-ng-core recommends:
ii  logrotate  3.14.0-4

Versions of packages syslog-ng-core suggests:
ii  syslog-ng-mod-add-contextual-data  3.19.1-5
ii  syslog-ng-mod-amqp                 3.19.1-5
ii  syslog-ng-mod-examples             3.19.1-5
ii  syslog-ng-mod-extra                3.19.1-5
ii  syslog-ng-mod-geoip                3.19.1-5
ii  syslog-ng-mod-geoip2               3.19.1-5
ii  syslog-ng-mod-getent               3.19.1-5
ii  syslog-ng-mod-graphite             3.19.1-5
ii  syslog-ng-mod-map-value-pairs      3.19.1-5
ii  syslog-ng-mod-mongodb              3.19.1-5
ii  syslog-ng-mod-pacctformat          3.19.1-5
ii  syslog-ng-mod-python               3.19.1-5
ii  syslog-ng-mod-redis                3.19.1-5
ii  syslog-ng-mod-riemann              3.19.1-5
ii  syslog-ng-mod-smtp                 3.19.1-5
ii  syslog-ng-mod-snmptrapd-parser     3.19.1-5
ii  syslog-ng-mod-sql                  3.19.1-5
ii  syslog-ng-mod-stardate             3.19.1-5
ii  syslog-ng-mod-stomp                3.19.1-5
ii  syslog-ng-mod-tag-parser           3.19.1-5
ii  syslog-ng-mod-xml-parser           3.19.1-5

-- no debconf information

More information about the Syslog-ng-maintainers mailing list