Return
-
Title
Managing and checking syslog-ng service on Linux -
Description
This knowledge article shows how to start, stop and check the status of syslog-ng service on Linux. -
Resolution
Starting of syslog-ng
- Execute the following command as root.
systemctl start syslog-ng
If the service is started successfully no output will be displayed.
The following message indicates that syslog-ng can not start. See section Checking syslog-ng status.
Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details
Stopping of syslog-ng
- Execute the following command as root
systemctl stop syslog-ng
- Check the status of syslog-ng service, see section "Checking syslog-ng status".
Restarting syslog-ng
- Execute the following command as root.
systemctl restart syslog-ng
Reloading configuration file without restarting syslog-ng
- Execute the following command as root.
systemctl reload syslog-ng
Checking syslog-ng status
Status of syslog-ng service
- Execute the following command as root.
systemctl --no-pager status syslog-ng
- Check the "Active:" field, which shows the status of syslog-ng service.
active (running) - syslog-ng service is up and runningsyslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-06-25 08:58:09 CEST; 5s ago
Main PID: 6575 (syslog-ng)
Tasks: 3
Memory: 13.3M
CPU: 268ms
CGroup: /system.slice/syslog-ng.service
6575 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-coreinactive (dead) - syslog-ng service is stoppedsyslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Tue 2019-06-25 09:14:16 CEST; 2min 18s ago
Process: 6575 ExecStart=/opt/syslog-ng/sbin/syslog-ng -F --no-caps --enable-core $SYSLOGNG_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6575 (code=exited, status=0/SUCCESS)
Status: "Shutting down... Tue Jun 25 09:14:16 2019"
Jun 25 09:14:31 as-syslog-srv systemd: Stopped System Logger Daemon.Process of syslog-ng
- Execute one of the following command.
ps u `pidof syslog-ng`
Expected output example:USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMANDsyslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
ps axu | grep syslog-ng | grep -v grep
Expected output example:syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
Internal logs of Syslog-ng
The internal logs of syslog-ng contains informal, warning and error messages.
By default syslog-ng log messages - generated on the internal() source - are written to /var/log/messages.
Check the internal logs of syslog-ng for any issue.Message processing
Syslog-ng collects statistics about the number of processed messages on the different sources and destinations.Central statistics
- Execute the following command to see the number of received and queued (sent) messages by syslog-ng.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center"
- The output will be updated in every 2 seconds.
If the numbers are changing syslog-ng is processing the messages.
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center Tue Jun 25 10:33:25 2019
center;;queued;a;processed;112
center;;received;a;processed;28Source statistics
- Execute the following command to see the number of received messages on the configured sources.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source"
- The output will be updated in every 2 seconds.
If the numbers are changing syslog-ng is receiving messages on the sources.
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source Tue Jun 25 10:40:50 2019
source;s_null;;a;processed;0
source;s_net;;a;processed;0
source;s_local;;a;processed;90Destinations statistics
- Execute the following command to see the number of received and queued (sent) messages by syslog-ng.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^destination"
- The output will be updated in every 2 seconds.
If the numbers are changing syslog-ng is sending messages to the destinations.
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^destination Tue Jun 25 10:41:02 2019
destination;d_logserver2;;a;processed;90
destination;d_messages;;a;processed;180
destination;d_logserver;;a;processed;90
destination;d_null;;a;processed;0If you find error messages in the internal logs, messages are not processed by syslog-ng or you encounter any issue, you can do the following.