Did you start syslog-ng by /etc/init.d/syslog? That should make sure, that the /var/run/syslog-ng directory is there together with the named file. This functionality is there to add log sources from chroots. If you don’t use bind, you can safely comment out the include line in syslog-ng.conf.
Sorry but I’m completely clueless how to do that, chkconfig has only syslog entry, should’nt have syslog-ng modified syslog daemon scripts to launch syslog-ng, or do I have to do that by hand in some config file? I’ve tried restarting the whole thing, all the same. If I do remove rsyslog via zypper, not sure my system will even start after that.
Oh, I see. I was just planing to write a bug report about this: the installation of rsyslogd is hardcoded into base patterns If rsyslogd is present, then it is preferred by the startup scipt.
remove rsyslogd and lock/taboo it
or you can edit /etc/sysconfig/syslog and set SYSLOG_DAEMON to “syslog-ng”. But if rsyslogd is still on the system, it might be set back to an empty value or to rsyslogd, in which case rsyslogd starts.
I’ll check, but if you use bind, you might need to add its /dev/log socket to /etc/apparmor.d/sbin.syslog-ng or disable AppArmor.
Thanks for all replies, I just thought to use syslog-ng and webmin (to configure syslog-ng) to store logs from my cisco router, it seems not as easy as “zypper in”, I’ll try to configure normal syslog to do what I want.
rsyslog has routing rules also, but the language is different. There was another thread on the forum asking about the syntax. I used to have a syslog-ng rule for my router, but since I changed to using a dd-wrt based router, and since the logs are always boring, I haven’t bothered to make it work with rsyslog.
or you can edit /etc/sysconfig/syslog and set SYSLOG_DAEMON to “syslog-ng”. But if rsyslogd is still on the system, it might be set back to an empty value or to rsyslogd, in which case rsyslogd starts.
Hi,
Thanks for the tip about /etc/sysconfig/syslog file, it was as simple as that, I’ve stopped syslog, set SYSLOG_DAEMON=“syslog-ng” and started up syslog again.
Now syslog-ng seems to be running just fine.