syslog-ng startup failure when using /proc/kmsg [duplicate]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite













This question already has an answer here:



  • Cannot start syslog-ng when apparmor is running

    1 answer



I have recently been updating syslog-ng from 3.7.3 to 3.13.2. After the upgrade, the daemon fails to start with this error message:




[2017-12-23T20:42:40.635915] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_sd_curpos(/proc/kmsg)', location='/etc/syslog-ng/syslog-ng.conf:24:5'



For reference, line 24 of the config. See the whole file below.




 file("/proc/kmsg");



I have been investigating this error for some time now, but the persist-name option does not solve the problem. The intended use does not seem to be related to this issue.



The configuration file I'm using is the default from hardened gentoo.



@version: 3.13
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

# https://bugs.gentoo.org/426814
@include "scl.conf"

#
# Syslog-ng configuration file, compatible with default hardened installations.
#

options
threaded(yes);
chain_hostnames(no);
stats_freq(43200);
;

source src
system();
internal();
;

source kernsrc
file("/proc/kmsg");
;

#source net udp(); ;
#log source(net); destination(net_logs); ;
#destination net_logs file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); ;

destination authlog file("/var/log/auth.log"); ;
destination _syslog file("/var/log/syslog"); ;
destination cron file("/var/log/cron.log"); ;
destination daemon file("/var/log/daemon.log"); ;
destination kern file("/var/log/kern.log"); ;
destination lpr file("/var/log/lpr.log"); ;
destination user file("/var/log/user.log"); ;
destination uucp file("/var/log/uucp.log"); ;
#destination ppp file("/var/log/ppp.log"); ;
destination mail file("/var/log/mail.log"); ;

destination avc file("/var/log/avc.log"); ;
destination audit file("/var/log/audit.log"); ;
destination pax file("/var/log/pax.log"); ;
destination grsec file("/var/log/grsec.log"); ;

destination mailinfo file("/var/log/mail.info"); ;
destination mailwarn file("/var/log/mail.warn"); ;
destination mailerr file("/var/log/mail.err"); ;

destination newscrit file("/var/log/news/news.crit"); ;
destination newserr file("/var/log/news/news.err"); ;
destination newsnotice file("/var/log/news/news.notice"); ;

destination debug file("/var/log/debug"); ;
destination messages file("/var/log/messages"); ;
destination console usertty("root"); ;
destination console_all file("/dev/tty12"); ;
#destination loghost udp("loghost" port(999)); ;

destination xconsole pipe("/dev/xconsole"); ;

filter f_auth facility(auth); ;
filter f_authpriv facility(auth, authpriv); ;
filter f_syslog not facility(authpriv, mail); ;
filter f_cron facility(cron); ;
filter f_daemon facility(daemon); ;
filter f_kern facility(kern); ;
filter f_lpr facility(lpr); ;
filter f_mail facility(mail); ;
filter f_user facility(user); ;
filter f_uucp facility(uucp); ;
#filter f_ppp facility(ppp); ;
filter f_news facility(news); ;
filter f_debug not facility(auth, authpriv, news, mail); ;
filter f_messages level(info..warn)
and not facility(auth, authpriv, mail, news); ;
filter f_emergency level(emerg); ;

filter f_info level(info); ;

filter f_notice level(notice); ;
filter f_warn level(warn); ;
filter f_crit level(crit); ;
filter f_err level(err); ;

filter f_avc message(".*avc: .*"); ;
filter f_audit )audit.*") and not message(".*avc: .*"); ;
filter f_pax )PAX:.*"); ;
filter f_grsec message("^(\[.*..*] ;

log source(src); filter(f_authpriv); destination(authlog); ;
log source(src); filter(f_syslog); destination(_syslog); ;
log source(src); filter(f_cron); destination(cron); ;
log source(src); filter(f_daemon); destination(daemon); ;
log source(kernsrc); filter(f_kern); destination(kern); destination(console_all); ;
log source(src); filter(f_lpr); destination(lpr); ;
log source(src); filter(f_mail); destination(mail); ;
log source(src); filter(f_user); destination(user); ;
log source(src); filter(f_uucp); destination(uucp); ;
log source(kernsrc); filter(f_pax); destination(pax); ;
log source(kernsrc); filter(f_grsec); destination(grsec); ;
log source(kernsrc); filter(f_audit); destination(audit); ;
log source(kernsrc); filter(f_avc); destination(avc); ;
log source(src); filter(f_mail); filter(f_info); destination(mailinfo); ;
log source(src); filter(f_mail); filter(f_warn); destination(mailwarn); ;
log source(src); filter(f_mail); filter(f_err); destination(mailerr); ;
log source(src); filter(f_news); filter(f_crit); destination(newscrit); ;
log source(src); filter(f_news); filter(f_err); destination(newserr); ;
log source(src); filter(f_news); filter(f_notice); destination(newsnotice); ;
log source(src); filter(f_debug); destination(debug); ;
log source(src); filter(f_messages); destination(messages); ;
log source(src); filter(f_emergency); destination(console); ;
#log source(src); filter(f_ppp); destination(ppp); ;
log source(src); destination(console_all); ;






share|improve this question












marked as duplicate by Michael Mrozek♦ Dec 24 '17 at 16:06


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















    up vote
    0
    down vote

    favorite













    This question already has an answer here:



    • Cannot start syslog-ng when apparmor is running

      1 answer



    I have recently been updating syslog-ng from 3.7.3 to 3.13.2. After the upgrade, the daemon fails to start with this error message:




    [2017-12-23T20:42:40.635915] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_sd_curpos(/proc/kmsg)', location='/etc/syslog-ng/syslog-ng.conf:24:5'



    For reference, line 24 of the config. See the whole file below.




     file("/proc/kmsg");



    I have been investigating this error for some time now, but the persist-name option does not solve the problem. The intended use does not seem to be related to this issue.



    The configuration file I'm using is the default from hardened gentoo.



    @version: 3.13
    # Copyright 1999-2017 Gentoo Foundation
    # Distributed under the terms of the GNU General Public License v2

    # https://bugs.gentoo.org/426814
    @include "scl.conf"

    #
    # Syslog-ng configuration file, compatible with default hardened installations.
    #

    options
    threaded(yes);
    chain_hostnames(no);
    stats_freq(43200);
    ;

    source src
    system();
    internal();
    ;

    source kernsrc
    file("/proc/kmsg");
    ;

    #source net udp(); ;
    #log source(net); destination(net_logs); ;
    #destination net_logs file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); ;

    destination authlog file("/var/log/auth.log"); ;
    destination _syslog file("/var/log/syslog"); ;
    destination cron file("/var/log/cron.log"); ;
    destination daemon file("/var/log/daemon.log"); ;
    destination kern file("/var/log/kern.log"); ;
    destination lpr file("/var/log/lpr.log"); ;
    destination user file("/var/log/user.log"); ;
    destination uucp file("/var/log/uucp.log"); ;
    #destination ppp file("/var/log/ppp.log"); ;
    destination mail file("/var/log/mail.log"); ;

    destination avc file("/var/log/avc.log"); ;
    destination audit file("/var/log/audit.log"); ;
    destination pax file("/var/log/pax.log"); ;
    destination grsec file("/var/log/grsec.log"); ;

    destination mailinfo file("/var/log/mail.info"); ;
    destination mailwarn file("/var/log/mail.warn"); ;
    destination mailerr file("/var/log/mail.err"); ;

    destination newscrit file("/var/log/news/news.crit"); ;
    destination newserr file("/var/log/news/news.err"); ;
    destination newsnotice file("/var/log/news/news.notice"); ;

    destination debug file("/var/log/debug"); ;
    destination messages file("/var/log/messages"); ;
    destination console usertty("root"); ;
    destination console_all file("/dev/tty12"); ;
    #destination loghost udp("loghost" port(999)); ;

    destination xconsole pipe("/dev/xconsole"); ;

    filter f_auth facility(auth); ;
    filter f_authpriv facility(auth, authpriv); ;
    filter f_syslog not facility(authpriv, mail); ;
    filter f_cron facility(cron); ;
    filter f_daemon facility(daemon); ;
    filter f_kern facility(kern); ;
    filter f_lpr facility(lpr); ;
    filter f_mail facility(mail); ;
    filter f_user facility(user); ;
    filter f_uucp facility(uucp); ;
    #filter f_ppp facility(ppp); ;
    filter f_news facility(news); ;
    filter f_debug not facility(auth, authpriv, news, mail); ;
    filter f_messages level(info..warn)
    and not facility(auth, authpriv, mail, news); ;
    filter f_emergency level(emerg); ;

    filter f_info level(info); ;

    filter f_notice level(notice); ;
    filter f_warn level(warn); ;
    filter f_crit level(crit); ;
    filter f_err level(err); ;

    filter f_avc message(".*avc: .*"); ;
    filter f_audit )audit.*") and not message(".*avc: .*"); ;
    filter f_pax )PAX:.*"); ;
    filter f_grsec message("^(\[.*..*] ;

    log source(src); filter(f_authpriv); destination(authlog); ;
    log source(src); filter(f_syslog); destination(_syslog); ;
    log source(src); filter(f_cron); destination(cron); ;
    log source(src); filter(f_daemon); destination(daemon); ;
    log source(kernsrc); filter(f_kern); destination(kern); destination(console_all); ;
    log source(src); filter(f_lpr); destination(lpr); ;
    log source(src); filter(f_mail); destination(mail); ;
    log source(src); filter(f_user); destination(user); ;
    log source(src); filter(f_uucp); destination(uucp); ;
    log source(kernsrc); filter(f_pax); destination(pax); ;
    log source(kernsrc); filter(f_grsec); destination(grsec); ;
    log source(kernsrc); filter(f_audit); destination(audit); ;
    log source(kernsrc); filter(f_avc); destination(avc); ;
    log source(src); filter(f_mail); filter(f_info); destination(mailinfo); ;
    log source(src); filter(f_mail); filter(f_warn); destination(mailwarn); ;
    log source(src); filter(f_mail); filter(f_err); destination(mailerr); ;
    log source(src); filter(f_news); filter(f_crit); destination(newscrit); ;
    log source(src); filter(f_news); filter(f_err); destination(newserr); ;
    log source(src); filter(f_news); filter(f_notice); destination(newsnotice); ;
    log source(src); filter(f_debug); destination(debug); ;
    log source(src); filter(f_messages); destination(messages); ;
    log source(src); filter(f_emergency); destination(console); ;
    #log source(src); filter(f_ppp); destination(ppp); ;
    log source(src); destination(console_all); ;






    share|improve this question












    marked as duplicate by Michael Mrozek♦ Dec 24 '17 at 16:06


    This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite












      This question already has an answer here:



      • Cannot start syslog-ng when apparmor is running

        1 answer



      I have recently been updating syslog-ng from 3.7.3 to 3.13.2. After the upgrade, the daemon fails to start with this error message:




      [2017-12-23T20:42:40.635915] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_sd_curpos(/proc/kmsg)', location='/etc/syslog-ng/syslog-ng.conf:24:5'



      For reference, line 24 of the config. See the whole file below.




       file("/proc/kmsg");



      I have been investigating this error for some time now, but the persist-name option does not solve the problem. The intended use does not seem to be related to this issue.



      The configuration file I'm using is the default from hardened gentoo.



      @version: 3.13
      # Copyright 1999-2017 Gentoo Foundation
      # Distributed under the terms of the GNU General Public License v2

      # https://bugs.gentoo.org/426814
      @include "scl.conf"

      #
      # Syslog-ng configuration file, compatible with default hardened installations.
      #

      options
      threaded(yes);
      chain_hostnames(no);
      stats_freq(43200);
      ;

      source src
      system();
      internal();
      ;

      source kernsrc
      file("/proc/kmsg");
      ;

      #source net udp(); ;
      #log source(net); destination(net_logs); ;
      #destination net_logs file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); ;

      destination authlog file("/var/log/auth.log"); ;
      destination _syslog file("/var/log/syslog"); ;
      destination cron file("/var/log/cron.log"); ;
      destination daemon file("/var/log/daemon.log"); ;
      destination kern file("/var/log/kern.log"); ;
      destination lpr file("/var/log/lpr.log"); ;
      destination user file("/var/log/user.log"); ;
      destination uucp file("/var/log/uucp.log"); ;
      #destination ppp file("/var/log/ppp.log"); ;
      destination mail file("/var/log/mail.log"); ;

      destination avc file("/var/log/avc.log"); ;
      destination audit file("/var/log/audit.log"); ;
      destination pax file("/var/log/pax.log"); ;
      destination grsec file("/var/log/grsec.log"); ;

      destination mailinfo file("/var/log/mail.info"); ;
      destination mailwarn file("/var/log/mail.warn"); ;
      destination mailerr file("/var/log/mail.err"); ;

      destination newscrit file("/var/log/news/news.crit"); ;
      destination newserr file("/var/log/news/news.err"); ;
      destination newsnotice file("/var/log/news/news.notice"); ;

      destination debug file("/var/log/debug"); ;
      destination messages file("/var/log/messages"); ;
      destination console usertty("root"); ;
      destination console_all file("/dev/tty12"); ;
      #destination loghost udp("loghost" port(999)); ;

      destination xconsole pipe("/dev/xconsole"); ;

      filter f_auth facility(auth); ;
      filter f_authpriv facility(auth, authpriv); ;
      filter f_syslog not facility(authpriv, mail); ;
      filter f_cron facility(cron); ;
      filter f_daemon facility(daemon); ;
      filter f_kern facility(kern); ;
      filter f_lpr facility(lpr); ;
      filter f_mail facility(mail); ;
      filter f_user facility(user); ;
      filter f_uucp facility(uucp); ;
      #filter f_ppp facility(ppp); ;
      filter f_news facility(news); ;
      filter f_debug not facility(auth, authpriv, news, mail); ;
      filter f_messages level(info..warn)
      and not facility(auth, authpriv, mail, news); ;
      filter f_emergency level(emerg); ;

      filter f_info level(info); ;

      filter f_notice level(notice); ;
      filter f_warn level(warn); ;
      filter f_crit level(crit); ;
      filter f_err level(err); ;

      filter f_avc message(".*avc: .*"); ;
      filter f_audit )audit.*") and not message(".*avc: .*"); ;
      filter f_pax )PAX:.*"); ;
      filter f_grsec message("^(\[.*..*] ;

      log source(src); filter(f_authpriv); destination(authlog); ;
      log source(src); filter(f_syslog); destination(_syslog); ;
      log source(src); filter(f_cron); destination(cron); ;
      log source(src); filter(f_daemon); destination(daemon); ;
      log source(kernsrc); filter(f_kern); destination(kern); destination(console_all); ;
      log source(src); filter(f_lpr); destination(lpr); ;
      log source(src); filter(f_mail); destination(mail); ;
      log source(src); filter(f_user); destination(user); ;
      log source(src); filter(f_uucp); destination(uucp); ;
      log source(kernsrc); filter(f_pax); destination(pax); ;
      log source(kernsrc); filter(f_grsec); destination(grsec); ;
      log source(kernsrc); filter(f_audit); destination(audit); ;
      log source(kernsrc); filter(f_avc); destination(avc); ;
      log source(src); filter(f_mail); filter(f_info); destination(mailinfo); ;
      log source(src); filter(f_mail); filter(f_warn); destination(mailwarn); ;
      log source(src); filter(f_mail); filter(f_err); destination(mailerr); ;
      log source(src); filter(f_news); filter(f_crit); destination(newscrit); ;
      log source(src); filter(f_news); filter(f_err); destination(newserr); ;
      log source(src); filter(f_news); filter(f_notice); destination(newsnotice); ;
      log source(src); filter(f_debug); destination(debug); ;
      log source(src); filter(f_messages); destination(messages); ;
      log source(src); filter(f_emergency); destination(console); ;
      #log source(src); filter(f_ppp); destination(ppp); ;
      log source(src); destination(console_all); ;






      share|improve this question













      This question already has an answer here:



      • Cannot start syslog-ng when apparmor is running

        1 answer



      I have recently been updating syslog-ng from 3.7.3 to 3.13.2. After the upgrade, the daemon fails to start with this error message:




      [2017-12-23T20:42:40.635915] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_sd_curpos(/proc/kmsg)', location='/etc/syslog-ng/syslog-ng.conf:24:5'



      For reference, line 24 of the config. See the whole file below.




       file("/proc/kmsg");



      I have been investigating this error for some time now, but the persist-name option does not solve the problem. The intended use does not seem to be related to this issue.



      The configuration file I'm using is the default from hardened gentoo.



      @version: 3.13
      # Copyright 1999-2017 Gentoo Foundation
      # Distributed under the terms of the GNU General Public License v2

      # https://bugs.gentoo.org/426814
      @include "scl.conf"

      #
      # Syslog-ng configuration file, compatible with default hardened installations.
      #

      options
      threaded(yes);
      chain_hostnames(no);
      stats_freq(43200);
      ;

      source src
      system();
      internal();
      ;

      source kernsrc
      file("/proc/kmsg");
      ;

      #source net udp(); ;
      #log source(net); destination(net_logs); ;
      #destination net_logs file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); ;

      destination authlog file("/var/log/auth.log"); ;
      destination _syslog file("/var/log/syslog"); ;
      destination cron file("/var/log/cron.log"); ;
      destination daemon file("/var/log/daemon.log"); ;
      destination kern file("/var/log/kern.log"); ;
      destination lpr file("/var/log/lpr.log"); ;
      destination user file("/var/log/user.log"); ;
      destination uucp file("/var/log/uucp.log"); ;
      #destination ppp file("/var/log/ppp.log"); ;
      destination mail file("/var/log/mail.log"); ;

      destination avc file("/var/log/avc.log"); ;
      destination audit file("/var/log/audit.log"); ;
      destination pax file("/var/log/pax.log"); ;
      destination grsec file("/var/log/grsec.log"); ;

      destination mailinfo file("/var/log/mail.info"); ;
      destination mailwarn file("/var/log/mail.warn"); ;
      destination mailerr file("/var/log/mail.err"); ;

      destination newscrit file("/var/log/news/news.crit"); ;
      destination newserr file("/var/log/news/news.err"); ;
      destination newsnotice file("/var/log/news/news.notice"); ;

      destination debug file("/var/log/debug"); ;
      destination messages file("/var/log/messages"); ;
      destination console usertty("root"); ;
      destination console_all file("/dev/tty12"); ;
      #destination loghost udp("loghost" port(999)); ;

      destination xconsole pipe("/dev/xconsole"); ;

      filter f_auth facility(auth); ;
      filter f_authpriv facility(auth, authpriv); ;
      filter f_syslog not facility(authpriv, mail); ;
      filter f_cron facility(cron); ;
      filter f_daemon facility(daemon); ;
      filter f_kern facility(kern); ;
      filter f_lpr facility(lpr); ;
      filter f_mail facility(mail); ;
      filter f_user facility(user); ;
      filter f_uucp facility(uucp); ;
      #filter f_ppp facility(ppp); ;
      filter f_news facility(news); ;
      filter f_debug not facility(auth, authpriv, news, mail); ;
      filter f_messages level(info..warn)
      and not facility(auth, authpriv, mail, news); ;
      filter f_emergency level(emerg); ;

      filter f_info level(info); ;

      filter f_notice level(notice); ;
      filter f_warn level(warn); ;
      filter f_crit level(crit); ;
      filter f_err level(err); ;

      filter f_avc message(".*avc: .*"); ;
      filter f_audit )audit.*") and not message(".*avc: .*"); ;
      filter f_pax )PAX:.*"); ;
      filter f_grsec message("^(\[.*..*] ;

      log source(src); filter(f_authpriv); destination(authlog); ;
      log source(src); filter(f_syslog); destination(_syslog); ;
      log source(src); filter(f_cron); destination(cron); ;
      log source(src); filter(f_daemon); destination(daemon); ;
      log source(kernsrc); filter(f_kern); destination(kern); destination(console_all); ;
      log source(src); filter(f_lpr); destination(lpr); ;
      log source(src); filter(f_mail); destination(mail); ;
      log source(src); filter(f_user); destination(user); ;
      log source(src); filter(f_uucp); destination(uucp); ;
      log source(kernsrc); filter(f_pax); destination(pax); ;
      log source(kernsrc); filter(f_grsec); destination(grsec); ;
      log source(kernsrc); filter(f_audit); destination(audit); ;
      log source(kernsrc); filter(f_avc); destination(avc); ;
      log source(src); filter(f_mail); filter(f_info); destination(mailinfo); ;
      log source(src); filter(f_mail); filter(f_warn); destination(mailwarn); ;
      log source(src); filter(f_mail); filter(f_err); destination(mailerr); ;
      log source(src); filter(f_news); filter(f_crit); destination(newscrit); ;
      log source(src); filter(f_news); filter(f_err); destination(newserr); ;
      log source(src); filter(f_news); filter(f_notice); destination(newsnotice); ;
      log source(src); filter(f_debug); destination(debug); ;
      log source(src); filter(f_messages); destination(messages); ;
      log source(src); filter(f_emergency); destination(console); ;
      #log source(src); filter(f_ppp); destination(ppp); ;
      log source(src); destination(console_all); ;




      This question already has an answer here:



      • Cannot start syslog-ng when apparmor is running

        1 answer









      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 23 '17 at 19:53









      nyronium

      1665




      1665




      marked as duplicate by Michael Mrozek♦ Dec 24 '17 at 16:06


      This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






      marked as duplicate by Michael Mrozek♦ Dec 24 '17 at 16:06


      This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          The problem is not created by syslog-ng but by an apparmor profile. The profile prevents reading /dev/kmsg, which is needed even when using /proc/kmsg (which is whitelisted).



          To see a full explanation and bug-report, check the answer I have written under a more specific question regarding this bug here.






          share|improve this answer



























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            The problem is not created by syslog-ng but by an apparmor profile. The profile prevents reading /dev/kmsg, which is needed even when using /proc/kmsg (which is whitelisted).



            To see a full explanation and bug-report, check the answer I have written under a more specific question regarding this bug here.






            share|improve this answer
























              up vote
              0
              down vote













              The problem is not created by syslog-ng but by an apparmor profile. The profile prevents reading /dev/kmsg, which is needed even when using /proc/kmsg (which is whitelisted).



              To see a full explanation and bug-report, check the answer I have written under a more specific question regarding this bug here.






              share|improve this answer






















                up vote
                0
                down vote










                up vote
                0
                down vote









                The problem is not created by syslog-ng but by an apparmor profile. The profile prevents reading /dev/kmsg, which is needed even when using /proc/kmsg (which is whitelisted).



                To see a full explanation and bug-report, check the answer I have written under a more specific question regarding this bug here.






                share|improve this answer












                The problem is not created by syslog-ng but by an apparmor profile. The profile prevents reading /dev/kmsg, which is needed even when using /proc/kmsg (which is whitelisted).



                To see a full explanation and bug-report, check the answer I have written under a more specific question regarding this bug here.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 23 '17 at 21:04









                nyronium

                1665




                1665












                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?