Troubleshooting

This chapter provides tips and guidelines about troubleshooting problems related to syslog-ng.

As a general rule, first try to log the messages to a local file. Once this is working, you know that AxoSyslog is running correctly and receiving messages, and you can proceed to forwarding the messages to the server.
Always check the configuration files for any syntax errors on both the client and the server using the syslog-ng --syntax-only command.
If the AxoSyslog server does not receive the messages, verify that the IP addresses and ports are correct in your sources and destinations. Also, check that the client and the server uses the same protocol (a common error is to send logs on UDP, but configure the server to receive logs on TCP).
If the problem persists, use tcpdump or a similar packet sniffer tool on the client to verify that the messages are sent correctly, and on the server to verify that it receives the messages.
To find message-routing problems, run AxoSyslog with the following command syslog-ng -Fevd. That way AxoSyslog will run in the foreground, and display debug messages about the messages that are processed.
If AxoSyslog is closing the connections for no apparent reason, be sure to check the log messages of syslog-ng. You may also want to run syslog-ng with the --verbose or --debug command-line options for more-detailed log messages. You can enable these messages without restarting syslog-ng using the syslog-ng-ctl verbose --set=on command. For details, see the The syslog-ng.conf manual page.
Build up encrypted connections step-by-step. First create a working, unencrypted (for example, TCP) connection, then add TLS encryption, and finally, client authentication if needed.
If you use the same driver and options in the destination of your AxoSyslog client and the source of your AxoSyslog server, everything should work as expected. Unfortunately, there are some other combinations, that may seem to work, but result in losing parts of the messages. For details on the working combinations, see Things to consider when forwarding messages between AxoSyslog hosts.

Support

In case you need help with any of the AxoSyslog projects, or directly with syslog-ng, you have several ways to contact us:

Open a GitHub issue in the relevant repository.
Chat with us in the syslog-ng channel of the Axoflow Discord server.
Fill the Axoflow contact form.

We also provide consulting and professional services for logging and observability related projects. Contact us if you need our help!

Possible causes of losing log messages

Creating core files

Collecting debugging information with strace, truss, or tusc

Running a failure script

Stopping the syslog-ng process

Reporting bugs and finding help

Recover data from orphaned diskbuffer files

No local logs after specifying an unusual storage directory

No logs after specifying an unusual port number

Error messages

SELinux prevents using the execmem access on a process

Last modified December 11, 2023: Adds content to the support page (a5b9913)