我已经在 RasperryPi Debian Jessie 上安装了 syslog-ng 3.5。当我尝试启动服务时,它失败了
-- Unit syslog.socket has begun starting up.
Feb 10 12:29:28 blackbox systemd[1]: Socket service syslog.service not loaded, r
Feb 10 12:29:28 blackbox systemd[1]: Failed to listen on Syslog Socket.
-- Subject: Unit syslog.socket has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog.socket has failed.
--
-- The result is failed.
Feb 10 12:29:28 blackbox systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Feb 10 12:29:29 blackbox systemd[1]: Started System Logger Daemon.
-- Subject: Unit syslog-ng.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has finished starting up.
--
-- The start-up result is done.
我检查了 netstat,端口 514 没有被其他进程使用。这是我使用的配置,在旧版本中运行良好:
source s_net { udp(ip(0.0.0.0) port(514)); };
destination d_cisco { file(“/var/log/cisco/cisco.log”); };
log { source(s_net); destination(d_cisco); };
当我尝试手动运行它时:
root@blackbox:~# /usr/sbin/syslog-ng -d
Running application hooks; hook='1'
Running application hooks; hook='3'
syslog-ng starting up; version='3.5.6'
Incoming log entry; line='<164>Feb 10 2016 15:03:59: %PIX-4-400037: IDS:6053 DNS all records request from 5.172.120.51 to 192.168.0.3 on interface outside\x0a'
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d', error='No such file or directory (2)'
Incoming log entry; line='<164>Feb 10 2016 15:04:03: %PIX-4-400037: IDS:6053 DNS all records request from 5.172.120.51 to 192.168.0.3 on interface outside\x0a'
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d', error='No such file or directory (2)'
Incoming log entry; line='<164>Feb 10 2016 15:04:07: %PIX-4-400037: IDS:6053 DNS all records request from 5.172.120.51 to 192.168.0.3 on interface outside\x0a'
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d', error='No such file or directory (2)'
Incoming log entry; line='<164>Feb 10 2016 15:04:07: %PIX-4-400011: IDS:2001 ICMP unreachable from 198.48.92.104 to 192.168.0.3 on interface outside\x0a'
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d', error='No such file or directory (2)'
Incoming log entry; line='<164>Feb 10 2016 15:04:07: %PIX-4-313005: No matching connection for ICMP error message: icmp src outside:198.48.92.104 dst inside:192.168.0.3 (type 3, code 3) on outside interface. Original IP payload: udp src 192.168.0.3/53 dst 198.48.92.104/17106.\x0a'
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d', error='No such file or directory (2)'
^Csyslog-ng shutting down; version='3.5.6'
Running application hooks; hook='4'
root@blackbox:~# cd /var/log/cisco/
root@blackbox:/var/log/cisco# ls -l
total 0
-rwxrw-rw- 1 root root 0 Feb 10 11:43 cisco.log
root@blackbox:/var/log/cisco#
答案1
Syslog-ng 守护进程在此未正确启动。尽管它被配置为远程系统日志服务器,但端口 514/UDP 也没有显示在 netstat 中。
使用命令调试问题:
/usr/sbin/syslog-ng -d
我们看到了错误:
Error opening file for writing; filename='\xe2\x80\x9c/var/log/cisco/cisco.log\xe2\x80\x9d'
由于\xe2\x80\x9c是UTF-8字符编码的控制码,因此我们得出配置文件中存在无关字符的结论syslog-ng.conf。它们可能是由于从网页复制粘贴配置以及使用 UTF-8 配置的系统造成的。
使用 LANG=C 进行编辑,以使用以下命令进行最少的字符转换:
LANG=C vi /etc/syslog-ng/syslog-ng.conf
用户报告了以下行未经 UTF-8 翻译:
file(▒~@~\/var/log/cisco/cisco.log▒~@~]);
按原样编辑它,然后重新启动它,解决了问题:
file("/var/log/cisco/cisco.log");
从:UTF-8
UTF-8 是一种字符编码,能够以 Unicode 形式对所有可能的字符或代码点进行编码。编码是可变长度的并且使用8位代码单元。
在 C 编程语言中,语言环境名称 C “指定 C 翻译的最小环境”
建议:直接从网页复制和粘贴配置时要非常小心。并非所有 Unix utils 都能理解传统 ASCII 表示形式以外的字符集。