Syslog-ng won't start

[dambi]

Hi all

I'm running FreeBSD with a Syslog-ng Server. If I try to start the server with the command:

/usr/local/etc/rc.d/syslog-ng.sh start

This message appears:

Starting syslogng.
io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting.

I checked all, but i didn't find a service which use the Address 0.0.0.0:514 already.
The old syslog server syslogd isn't running! he isn't visible with "ps -A".
And with "sockstat" the port 514 isn't visible. I tried "sockstat | grep 514" and "sockstat | grep udp" to.

is there a solution for my problem?
can someone help me?

thanks a lot

dambi



ps: sorry for my bad english

[mutex]

are you trying to start syslog-ng inside a jail?

[dambi]

sorry stupid question but what's a jail?

i just try to start syslog-ng server but something already needs the address 0.0.0.0:514 .
and i don't know what it is!

[mutex]

a jail is a limited environment in freebsd.  One of the implications of running inside a jail is that you can't bind to 0.0.0.0.  So far I'm stumped on what is happening.  Let me think about it for a bit.

[dambi]

have you already found a solution?

i just want to start syslog-ng if i start it in a jail or not doesn't make any difference to me.

[dambi]

ok i read something about jails.

i will explain the situation a bit better.

i installed the service syslog-ng. now i configured the config file /usr/local/etc/syslog-ng/syslog-ng.conf like this:

source net { udp(ip("0.0.0.0") port(514)); }; destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes)); }; # loggt alle Meldungen der Router und Switches ab dem Level Notice log { source(net);       filter(f_c_notice); destination(d_mysql); }; # # filter definitions # # Level Filters filter f_c_emerg { level (emerg); }; filter f_c_alert { level (alert .. emerg); }; filter f_c_crit { level (crit .. emerg); }; filter f_c_err { level (err .. emerg); }; filter f_c_warning { level (warning .. emerg); }; filter f_c_notice { level (notice .. emerg); }; filter f_c_info { level (info .. emerg); }; filter f_c_debug { level (debug .. emerg); };

later i want to save the log enteries into a database but first the syslog-ng service have to run! :-)

ok now i defined the source network with this parameter

source net { udp(ip("0.0.0.0") port(514)); };

as mutch as i know menns this parameter that the service listen to all ip's with the port udp 514. right?

so now a in a jail that doesn't works! right?
so i have to define a ip in the config of syslog-ng. this is the ip of the jail?
how would the configuration for the jail be? i have now idea how tho configure jails.

at the end the syslog-ng service must receive all syslog messages from the devices in the network. that means from all ip how send something on udp port 514.

have you a solution for that?

thanks a lot and sorry for my bad english i hope you understand what i mean!!!

[mutex]

your English is very good, my friend.

Binding to 0.0.0.0 will make the service listen on all defined IP addresses.  It does not sound like you have this running in a jail.  The only way that would be is if you had set up a jail yourself or you are running on some kind of dedicated server that uses a jail.

Try using this instead:

source net {
udp();
};

I believe the default without any parameters is to bind to all IP's, and possibly syslog-ng is not handling 0.0.0.0 the way other network applications do.

[memgtdg]

I had the same problem but using the default for me did not work. When I specified the interface address it started ok:

source net {
udp(ip("192.168.0.11") port(514));
};

Thought I would post this in case it helps anyone else

[cselroy]

I am having the same exact problem, but I am trying to restart my service from /sbin/syslog-ng and i am getting the same error, "the io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting."

This is my source section of the  syslog-ng.conf.in config file. without any changes i try to restart the service i get that error

source src {
        #
        # include internal syslog-ng messages
        # note: the internal() soure is required!
        #
        internal();


        #this is the file that thw wireless lan controller is sending data to which i am filter from
        file("/var/log/messages");
        #
        # the following line will be replaced by the
        # socket list generated by SuSEconfig using
        # variables from /etc/sysconfig/syslog:
        #
        @SuSEconfig_SOCKETS@

        #
        # uncomment to process log messages from network:
        #
        udp(ip("0.0.0.0") port(514));
#       tcp(ip("0.0.0.0") port(514));
};

[Admin]

There is definitely another syslog process running that is bound to that port.  If you run a "netstat -an |grep 53", you should be able to see what process it is and kill it.  Then, syslog-ng should start. 

[cselroy]

It's running but when I try to just restart it so the syslog-ng.conf.in update with my changes i am getting that error! Below is what i get after running that netstat command

tcp        0      0 127.0.0.1:1777          127.0.0.1:34653         ESTABLISHED
tcp        0      0 127.0.0.1:34653         127.0.0.1:1777          ESTABLISHED
udp        0      0 239.255.255.253:427     0.0.0.0:*
unix  3      [ ]         STREAM     CONNECTED     12753
unix  3      [ ]         STREAM     CONNECTED     11539

[cselroy]

ok i just kill the syslog-ng process and then started it, the whole problem was i didn't know you had to hard kill the process first and then start it out of /sbin i thought you could just pass the "restart" option from /sbin and it would take but guess not.