Syslog-ng Unique Persist Names
I want mail logs in a separate log file /var/log/mail so that postfix and dovecot messages are not be buried in /var/log/message. While upgrading to syslog-ng to version 3.13.2 I suddenly ran into an error that prevented the daemon to start. The error message was:
# /etc/init.d/syslog-ng start
* Checking your configfile (/etc/syslog-ng/syslog-ng.conf) ... [ ok ]
* Starting syslog-ng ...
[2018-08-09T12:43:05.358947] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:6:9'
[2018-08-09T12:43:05.358991] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:9:9'
[2018-08-09T12:43:05.359006] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:13:9'
* start-stop-daemon: failed to start `/usr/sbin/syslog-ng'
* Failed to start syslog-ng [ !! ]
* ERROR: syslog-ng failed to start
The configuration for the separate mail log is included in the main configuration file /etc/syslog-ng/syslog-ng.conf with a directive added to then end of the file:
@include "mail.conf"
The relevant parts in /etc/syslog-ng/mail.conf that syslog-ng complained about looked like this:
destination mail {
file("/var/log/mail");
};
destination mailinfo {
file("/var/log/mail");
};
destination mailwarn {
file("/var/log/mail");
};
destination mailerr {
file("/var/log/mail");
};
The problem is that all four destinations go to the same file /var/log/mail which disturbs syslog-ng's internal book-keeping.
Searching for the error message I came across https://github.com/balabit/syslog-ng/issues/1275 which showed one usage of the persist-name option that is recommended in the error message. Unfortunately, my configuration looked different. The solution is still simple. Just in case, I post my complete fixed and working configuration here:
destination mail {
file("/var/log/mail" persist-name("mail"));
};
destination mailinfo {
file("/var/log/mail" persist-name("mailinfo"));
};
destination mailwarn {
file("/var/log/mail" persist-name("mailwarn"));
};
destination mailerr {
file("/var/log/mail" persist-name("mailerr"));
};
filter f_mail {
facility(mail);
};
filter f_info {
level(info);
};
filter f_warn {
level(warn);
};
filter f_err {
level(err);
};
log {
source(src);
filter(f_mail);
destination(mail);
flags(final);
};
log {
source(src);
filter(f_mail);
filter(f_info);
destination(mailinfo);
flags(final);
};
log {
source(src);
filter(f_mail);
filter(f_warn);
destination(mailwarn);
flags(final);
};
log {
source(src);
filter(f_mail);
filter(f_err);
destination(mailerr);
flags(final);
};
Beware that this is not the entire syslog-ng configuration but just the mail specific part in /etc/syslog-ng/mail.conf included with @include "mail.conf" in /etc/syslog-ng/syslog-ng.conf!
Leave a comment