Managing and checking the syslog-ng service on Linux

This section describes how to start, stop and check the status of AxoSyslog service on Linux.

Starting AxoSyslog

To start AxoSyslog, execute the following command as root. For example:

systemctl start syslog-ng

If the service starts successfully, no output will be displayed.

The following message indicates that AxoSyslog can not start (see Checking AxoSyslog status):

Job for syslog-ng.service failed because the control process exited with error code. See `systemctl status syslog-ng.service` and `journalctl -xe` for details.

Stopping AxoSyslog

To stop AxoSyslog

  1. Execute the following command as root.

    systemctl stop syslog-ng

  2. Check the status of AxoSyslog service (see Checking AxoSyslog status).

Restarting AxoSyslog

To restart AxoSyslog, execute the following command as root.

systemctl restart syslog-ng

Reloading configuration file without restarting AxoSyslog

To reload the configuration file without restarting AxoSyslog, execute the following command as root.

systemctl reload syslog-ng

Checking AxoSyslog status

To check the following status-related components, observe the suggestions below.

Checking the status of AxoSyslog service

To check the status of AxoSyslog service

  1. Execute the following command as root.

    systemctl --no-pager status syslog-ng

  2. Check the Active: field, which shows the status of AxoSyslog service. The following statuses are possible:

    • active (running) - syslog-ng service is up and running

          syslog-ng.service - System Logger Daemon
          Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
          Active: active (running) since Tue 2019-06-25 08:58:09 CEST; 5s ago
          Main PID: 6575 (syslog-ng)
          Tasks: 3
          Memory: 13.3M
          CPU: 268ms
          CGroup: /system.slice/syslog-ng.service
          6575 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
      
    • inactive (dead) - syslog-ng service is stopped

          syslog-ng.service - System Logger Daemon
          Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
          Active: inactive (dead) since Tue 2019-06-25 09:14:16 CEST; 2min 18s ago
          Process: 6575 ExecStart=/opt/syslog-ng/sbin/syslog-ng -F --no-caps --enable-core $SYSLOGNG_OPTIONS (code=exited, status=0/SUCCESS)
          Main PID: 6575 (code=exited, status=0/SUCCESS)
          Status: "Shutting down... Tue Jun 25 09:14:16 2019"
          Jun 25 09:14:31 as-syslog-srv systemd: Stopped System Logger Daemon.
      

Checking the process of AxoSyslog

To check the process of AxoSyslog, execute one of the following commands.

  • ps u <pid of syslog-ng>

    Expected output example:

    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
    
  • ps axu | grep syslog-ng | grep -v grep

    Expected output example:

    syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core
    

Checking the internal logs of AxoSyslog

The internal logs of AxoSyslog contains informal, warning and error messages.

By default, AxoSyslog log messages (generated on the internal() source) are written to /var/log/messages.

Check the internal logs of AxoSyslog for any issue.

Message processing

The AxoSyslog application collects statistics about the number of processed messages on the different sources and destinations.

Central statistics

To check the central statistics, execute the following command to see the number of received and queued (sent) messages by AxoSyslog.

watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center"

The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is processing the messages. Output example:

    Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center       Tue Jun 25 10:33:25 2019
    center;;queued;a;processed;112
    center;;received;a;processed;28

Source statistics

To check the source statistics, execute the following command to see the number of received messages on the configured sources.

watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source"

The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is receiving messages on the sources. Output example:

    Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source      Tue Jun 25 10:40:50 2019
    source;s_null;;a;processed;0
    source;s_net;;a;processed;0
    source;s_local;;a;processed;90

Destination statistics

To check the source statistics, execute the following command to see the number of received messages on the configured sources.

watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source"

The output will be updated in every 2 seconds. If the numbers are changing, AxoSyslog is receiving messages on the sources. Output example:

    Every 2.0s: /opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^destination      Tue Jun 25 10:41:02 2019
    destination;d_logserver2;;a;processed;90
    destination;d_messages;;a;processed;180
    destination;d_logserver;;a;processed;90
    destination;d_null;;a;processed;0
Last modified June 4, 2024: More github link updates (13f3206)