Managing and checking the syslog-ng service on Linux
This section describes how to start, stop and check the status of AxoSyslog service on Linux.
Starting AxoSyslog
To start AxoSyslog, execute the following command as root. For example:
systemctl start syslog-ng
If the service starts successfully, no output will be displayed.
The following message indicates that AxoSyslog can not start (see Checking AxoSyslog status):
Job for syslog-ng.service failed because the control process exited with error code. See `systemctl status syslog-ng.service` and `journalctl -xe` for details.
Stop AxoSyslog
To stop AxoSyslog
-
Execute the following command as root.
systemctl stop syslog-ng
-
Check the status of AxoSyslog service (see Checking AxoSyslog status).
Restart AxoSyslog
To restart AxoSyslog, execute the following command as root.
systemctl restart syslog-ng
Reload configuration file without restarting AxoSyslog
To reload the configuration file without restarting AxoSyslog, execute the following command as root.
systemctl reload syslog-ng
Check AxoSyslog status
To check the following status-related components, observe the suggestions below.
Check the status of AxoSyslog service
To check the status of AxoSyslog service
-
Execute the following command as root.
systemctl --no-pager status syslog-ng
-
Check the
Active:
field, which shows the status of AxoSyslog service. The following statuses are possible:-
active (running)
-syslog-ng
service is up and runningsyslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-06-25 08:58:09 CEST; 5s ago Main PID: 6575 (syslog-ng) Tasks: 3 Memory: 13.3M CPU: 268ms CGroup: /system.slice/syslog-ng.service 6575 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
-
inactive (dead)
-syslog-ng
service is stoppedsyslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2019-06-25 09:14:16 CEST; 2min 18s ago Process: 6575 ExecStart=/opt/syslog-ng/sbin/syslog-ng -F --no-caps --enable-core $SYSLOGNG_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 6575 (code=exited, status=0/SUCCESS) Status: "Shutting down... Tue Jun 25 09:14:16 2019" Jun 25 09:14:31 as-syslog-srv systemd: Stopped System Logger Daemon.
-
Check the process of AxoSyslog
To check the process of AxoSyslog, execute one of the following commands.
-
ps u <pid of syslog-ng>
Expected output example:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
-
ps axu | grep syslog-ng | grep -v grep
Expected output example:
syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
Check the internal logs of AxoSyslog
The internal logs of AxoSyslog contains informal, warning and error messages.
By default, AxoSyslog log messages (generated on the internal()
source) are written to /var/log/messages
.
Check the internal logs of AxoSyslog for any issue.
Message processing
The AxoSyslog application collects statistics about the number of processed messages on the different sources and destinations.
When using syslog-ng-ctl stats
, consider that while the output is generally consistent, there is no explicit ordering behind the command. Consequently, Axoflow does not recommend creating parsers that depend on a fix output order.
If needed, you can sort the output with an external application, for example, | sort
.
Central statistics
To check the central statistics, execute the following command to see the number of received and queued (sent) messages by AxoSyslog.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center"
The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is processing the messages. Output example:
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center Tue Jun 25 10:33:25 2019
center;;queued;a;processed;112
center;;received;a;processed;28
Source statistics
To check the source statistics, execute the following command to see the number of received messages on the configured sources.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source"
The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is receiving messages on the sources. Output example:
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source Tue Jun 25 10:40:50 2019
source;s_null;;a;processed;0
source;s_net;;a;processed;0
source;s_local;;a;processed;90
Destination statistics
To check the source statistics, execute the following command to see the number of received messages on the configured sources.
watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source"
The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is receiving messages on the sources. Output example:
Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^destination Tue Jun 25 10:41:02 2019
destination;d_logserver2;;a;processed;90
destination;d_messages;;a;processed;180
destination;d_logserver;;a;processed;90
destination;d_null;;a;processed;0
If you find error messages in the internal logs, messages are not processed by AxoSyslog or you encounter any issue, you have the following options:
- Open a GitHub issue including the results.
- contact us