# Syslog-ng: error initializing configuration

## Andersson

I'm trying to install syslog-ng on an older computer. I copied my configuration file /etc/syslog-ng/syslog-ng.conf from my own computer, but when I try to start I get an error:

* Starting syslog-ng...

Error initializing configuration, exiting.

* Failed to start syslog-ng [ !! ]

I also tried the syslog-ng configuration file from the gentoo linux security guide. The permissions ( -rw-r--r-- root root ) are the same as on my own computer.

Any tips?

----------

## bugg

Try starting syslog-ng manually with debugging turned on (/usr/sbin/syslog-ng -d -v).  With a bit of luck this will give you enough information to work out what it doesn't like.

- olly

----------

## axxackall

Try to start it with the config file that comes with the distribution. What does it say? 

Also, ususally syslog-ng is informative enough in it's log files to tell you why it doesn't start. Check the latest by date log file, at its end, what does it say?

Just for a case of still wrong permissions temporary (!) chmod 777 /var/log and try to start syslog again.

Once I had such situation - I copied the config file AND (!) I edited it a little bit (that's what I thought - a little bit). A grammar error broke it.

----------

## Andersson

It only says:

io.c: Preparing fd 3 for reading

Error initializing configuration, exiting.

I also tried the f option, to make sure it was reading the right file. No luck.

edit:

 *axxackall wrote:*   

> Try to start it with the config file that comes with the distribution. What does it say? 
> 
> Also, ususally syslog-ng is informative enough in it's log files to tell you why it doesn't start. Check the latest by date log file, at its end, what does it say? 
> 
> Just for a case of still wrong permissions temporary (!) chmod 777 /var/log and try to start syslog again. 
> ...

 

I didn't see your post when I was writing this post. I get the same error message when I try the original config file. I'll try changing the permissions and looking at the logs...

----------

## Andersson

No, nothing in the logs since february 14th when I decided to upgrade to 2.6 and replace metalog with syslog-ng. No success after changing the permissions either.

Is the logger picky about the hostname? I'm having problems with X as well, it seems like it can't find the hostname (  :Evil or Very Mad:  computer!)... Perhaps that's what breaks syslog-ng as well?

----------

## bugg

```
io.c: Preparing fd 3 for reading

Error initializing configuration, exiting. 
```

Well, I've seen more helpful error messages before.  All I can suggest now is strace'ing syslog-ng how far it gets before barfing.

- olly

----------

## axxackall

 *Andersson wrote:*   

> No, nothing in the logs since february 14th when I decided to upgrade to 2.6 and replace metalog with syslog-ng. No success after changing the permissions either.
> 
> Is the logger picky about the hostname? I'm having problems with X as well, it seems like it can't find the hostname (  computer!)... Perhaps that's what breaks syslog-ng as well?

 

I hope you still have your good old 2.4, don't you? If so - just reboot with the old one and see if it changes anything. If you've wiped the old one out already, then install 2.4 keep both (or more) kernels in GRUB options.

I remember a misconfigured host that has seen itself as a localhost. Syslo-ng worked on it anyway.

If nothing else helps you, then I would recommend to downgrade your CFLAGS down to something extremely very simple, and then  'emerge -e syslog-ng'.

----------

## Andersson

Since my last post I've had time to fix the hostname, so you're right, that wasn't the problem. I also switched back to metalog, and it wasn't working either...

 *axxackall wrote:*   

> I hope you still have your good old 2.4, don't you? If so - just reboot with the old one and see if it changes anything.

 

Yes, I still have it. And surprise, metalog works with the old kernel! I wouldn't be surprised if syslog-ng worked as well, the problem seems to be the 2.6 kernel. I've tried four different 2.6 kernels the last few days by the way (vanilla, gentoo, mm and love), but nothing logged between february 14 and now. Perhaps something in the way I configure them?

Maybe I should keep the 2.4...

----------

## axxackall

Based on my experience with 2.2 and 2.4 (2.0 doesn't count as previous line wasn't stable either) - I always keep stable line (2.4 for this case) until at least something like 2.x.8 (2.6.8 for this case) is released. More precisely, I check changelog of all recent 2.6.x releases and see when the amount of backports from next development line (2.7 for this case) will overgrow the amount of bug fixes (if the fix is not related to previously released backport from the next development line).

Then I'll prepare the box specially dedicated for that testing, and I'll test 2.6 on that box with all software I use if that software is somehow related to the kernel (alsa, iptables etc). I guess, from now (after you discover that 2.6 may break logging) I'll add logging to the laundry list to be tested with new kernel before I'll roll it out for my production environment.

P.S. It would better if kernel developer will keep on their own the rule I've described about using the ratio of backports vs old bugs. If they will do it next time, then 2.8.0 will be really stable, not an experimental release for your own risk.

----------

## Andersson

Yes, you're probably right. On my own computer I haven't had much trouble with the 2.6 kernel, but on this one I've also had problems with the computer freezing if I left it idle for too long since I upgraded to 2.6.

 *bugg wrote:*   

> 
> 
> ```
> io.c: Preparing fd 3 for reading 
> 
> ...

 

I installed strace and ran syslog-ng one more time, just out of curiosity  :Smile: . This is the output. I don't understand much of it, but at least it opens the right file...

```
execve("/usr/sbin/syslog-ng", ["/usr/sbin/syslog-ng", "-f", "/etc/syslog-ng/syslog-ng.conf"], [/* 36 vars */]) = 0

uname({sys="Linux", node="nburk", ...}) = 0

brk(0)                                  = 0x805f000

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000

open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=32834, ...}) = 0

mmap2(NULL, 32834, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000

close(3)                                = 0

open("/lib/libnsl.so.1", O_RDONLY)      = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300;\0"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=89509, ...}) = 0

mmap2(NULL, 84768, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001e000

mprotect(0x40030000, 11040, PROT_NONE)  = 0

mmap2(0x40030000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x11) = 0x40030000

mmap2(0x40031000, 6944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40031000

close(3)                                = 0

open("/lib/libresolv.so.2", O_RDONLY)   = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000)\0\000"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=75305, ...}) = 0

mmap2(NULL, 73604, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40033000

mprotect(0x40042000, 12164, PROT_NONE)  = 0

mmap2(0x40042000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xf) = 0x40042000

mmap2(0x40043000, 8068, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40043000

close(3)                                = 0

open("/usr/lib/libwrap.so.0", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0  \0\000"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=34687, ...}) = 0

mmap2(NULL, 31300, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40045000

mprotect(0x4004b000, 6724, PROT_NONE)   = 0

mmap2(0x4004b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5) = 0x4004b000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300Y\1"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=1466894, ...}) = 0

mmap2(NULL, 1232196, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4004d000

mprotect(0x40174000, 23876, PROT_NONE)  = 0

mmap2(0x40174000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x126) = 0x40174000

mmap2(0x40178000, 7492, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40178000

close(3)                                = 0

munmap(0x40015000, 32834)               = 0

open("/dev/urandom", O_RDONLY)          = 3

read(3, "\220\370\312\365\233*z\301d\275\272v\21\234o\226\276\205"..., 32) = 32

close(3)                                = 0

brk(0)                                  = 0x805f000

brk(0x8060000)                          = 0x8060000

brk(0)                                  = 0x8060000

open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3

brk(0)                                  = 0x8060000

brk(0x8064000)                          = 0x8064000

ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbffff750) = -1 ENOTTY (Inappropriate ioctl for device)

fstat64(3, {st_mode=S_IFREG|0644, st_size=2941, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000

read(3, "options { long_hostnames(off); s"..., 8192) = 2941

read(3, "", 4096)                       = 0

brk(0)                                  = 0x8064000

brk(0x8065000)                          = 0x8065000

brk(0)                                  = 0x8065000

brk(0x8066000)                          = 0x8066000

brk(0)                                  = 0x8066000

brk(0x8067000)                          = 0x8067000

read(3, "", 8192)                       = 0

ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbffff1f0) = -1 ENOTTY (Inappropriate ioctl for device)

close(3)                                = 0

munmap(0x40015000, 4096)                = 0

pipe([3, 4])                            = 0

fork()                                  = 14363

close(4)                                = 0

read(3, Error initializing configuration, exiting.

"\1", 1)                        = 1

--- SIGCHLD (Child exited) @ 0 (0) ---

_exit(1)                                = ?
```

----------

## bugg

 *Andersson wrote:*   

> 
> 
> ```
> open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3
> 
> ...

 

Okay, so it's opening the right file, and seems to be able to read it (the "options { long_hostnames(off);" is the start of the file, right?).  But this doesn't show us what's going wrong - it's fork()ing off the daemon process so we lose sight of it.

Can you please rerun the strace, this time 'strace syslog-ng -d -v'.  The -v stops it from becoming a daemon, so it should give you a complete strace.  Can you also show me 'ls -l /dev/log'?

Cheers,

- olly

----------

## Andersson

Yes, { long_hostnames... is the start of the file. The configuration is from this page. The first few lines are these:

```
options { long_hostnames(off); sync(0); };

#source where to read log

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };

#define destinations

destination authlog { file("/var/log/auth.log"); };

destination syslog { file("/var/log/syslog"); };
```

I can't find a /dev/log. I rebooted with the 2.4 kernel, and it's still gone. Now logging doesn't work for the 2.4 either  :Laughing:  How does one create a /dev/log/? I'm starting to believe something is seriously wrong with this system. It's a fresh installation, so maybe I should just reinstall?

Here's the output with -d and -v:

```
execve("/usr/sbin/syslog-ng", ["/usr/sbin/syslog-ng", "-f", "/etc/syslog-ng/syslog-ng.conf", "-d", "-v"], [/* 35 vars */]) = 0

uname({sys="Linux", node="nburk", ...}) = 0

brk(0)                                  = 0x805f000

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000

open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=32834, ...}) = 0

mmap2(NULL, 32834, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40015000

close(3)                                = 0

open("/lib/libnsl.so.1", O_RDONLY)      = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300;\0"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=89509, ...}) = 0

mmap2(NULL, 84768, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001e000

mprotect(0x40030000, 11040, PROT_NONE)  = 0

mmap2(0x40030000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x11) = 0x40030000

mmap2(0x40031000, 6944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40031000

close(3)                                = 0

open("/lib/libresolv.so.2", O_RDONLY)   = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000)\0\000"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=75305, ...}) = 0

mmap2(NULL, 73604, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40033000

mprotect(0x40042000, 12164, PROT_NONE)  = 0

mmap2(0x40042000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xf) = 0x40042000

mmap2(0x40043000, 8068, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40043000

close(3)                                = 0

open("/usr/lib/libwrap.so.0", O_RDONLY) = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0  \0\000"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=34687, ...}) = 0

mmap2(NULL, 31300, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40045000

mprotect(0x4004b000, 6724, PROT_NONE)   = 0

mmap2(0x4004b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5) = 0x4004b000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300Y\1"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=1466894, ...}) = 0

mmap2(NULL, 1232196, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4004d000

mprotect(0x40174000, 23876, PROT_NONE)  = 0

mmap2(0x40174000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x126) = 0x40174000

mmap2(0x40178000, 7492, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40178000

close(3)                                = 0

munmap(0x40015000, 32834)               = 0

open("/dev/urandom", O_RDONLY)          = 3

read(3, "\27\255\237\244\275\0\274\21\n\340\0h\213\250\1N\307\\"..., 32) = 32

close(3)                                = 0

brk(0)                                  = 0x805f000

brk(0x8060000)                          = 0x8060000

brk(0)                                  = 0x8060000

open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3

brk(0)                                  = 0x8060000

brk(0x8064000)                          = 0x8064000

ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbffff760) = -1 ENOTTY (Inappropriate ioctl for device)

fstat64(3, {st_mode=S_IFREG|0644, st_size=2941, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000

read(3, "options { long_hostnames(off); s"..., 8192) = 2941

read(3, "", 4096)                       = 0

brk(0)                                  = 0x8064000

brk(0x8065000)                          = 0x8065000

brk(0)                                  = 0x8065000

brk(0x8066000)                          = 0x8066000

brk(0)                                  = 0x8066000

brk(0x8067000)                          = 0x8067000

read(3, "", 8192)                       = 0

ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbffff200) = -1 ENOTTY (Inappropriate ioctl for device)

close(3)                                = 0

munmap(0x40015000, 4096)                = 0

brk(0)                                  = 0x8067000

brk(0x806a000)                          = 0x806a000

open("/proc/kmsg", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 3

lseek(3, 0, SEEK_END)                   = 0

brk(0)                                  = 0x806a000

brk(0x806b000)                          = 0x806b000

fcntl64(3, F_GETFL)                     = 0x8800 (flags O_RDONLY|O_NONBLOCK|O_LARGEFILE)

fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0

fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0

write(2, "io.c: Preparing fd 3 for reading"..., 33io.c: Preparing fd 3 for reading

) = 33

socket(PF_UNIX, SOCK_STREAM, 0)         = -1 ENOSYS (Function not implemented)

write(2, "Error initializing configuration"..., 43Error initializing configuration, exiting.

) = 43

_exit(2)                                = ?
```

----------

## bugg

 *Andersson wrote:*   

> I can't find a /dev/log. I rebooted with the 2.4 kernel, and it's still gone. Now logging doesn't work for the 2.4 either :lol: How does one create a /dev/log/? I'm starting to believe something is seriously wrong with this system. It's a fresh installation, so maybe I should just reinstall?
> 
> Here's the output with -d and -v:
> 
> ```
> ...

 

Don't reinstall quite yet :)  We seem to be getting somewhere.  The problem seems to be that syslog-ng is failing to create the /dev/log socket when it starts.

Off the top of my head I can think of two possible reasons for this:You don't have support for Unix domain sockets built into your kernel (your .config should have CONFIG_UNIX=y)

/dev is read-only.Can you check to see if either of these is true.  The error seems to suggest the former, but I would have thought your system would be much more broken than this if you'd missed that out of your kernel.

Cheers,

- olly

----------

## Andersson

 *bugg wrote:*   

> You don't have support for Unix domain sockets built into your kernel (your .config should have CONFIG_UNIX=y)

 

Ok, cat /usr/src/linux-2.6.3-rc2-mm1/.config  | grep UNIX gives me this:

CONFIG_UNIX98_PTYS=y

CONFIG_UNIX98_PTY_COUNT=256

None of the other source directories has the CONFIG_UNIX line, except 2.4.20, the one that worked. What is it called exactly in the kernel config? I've been through every menu now, on 2.4 and 2.6 both, without finding it.

 *bugg wrote:*   

> The error seems to suggest the former, but I would have thought your system would be much more broken than this if you'd missed that out of your kernel.

 

My system is pretty broken. Earlier in this thread I mentioned startx not working. The error message I get now also says something about not being able to open sockets, so this could solve a lot of problems for me  :Smile: 

/dev has the following permissions:

drwxr-xr-x    1 root     root            0 Jan  1  1970 dev

The timestamp looks strange, but it's the same on my working computer.

edit: Found it, under networking. I had the whole networking tree disabled, since the computer doesn't have a network card.  :Rolling Eyes:  Compiling now, hope it works!

----------

## bugg

 *Andersson wrote:*   

> 
> 
> Ok, cat /usr/src/linux-2.6.3-rc2-mm1/.config  | grep UNIX gives me this:
> 
> CONFIG_UNIX98_PTYS=y
> ...

 

[root menu] -> Device Drivers -> Networking Support -> Networking Options -> Unix domain sockets.

- olly

----------

## Andersson

Ok, logging works again!  :Very Happy: 

I think I might have learned a few things as well. Thanks to both of you!

----------

## axxackall

 *Andersson wrote:*   

> Ok, logging works again! 
> 
> I think I might have learned a few things as well. Thanks to both of you!

 

Would you mind to share what you learnd here? Just to make sure that nobody else steps in the same problem.

----------

## Andersson

 *axxackall wrote:*   

> Would you mind to share what you learnd here? Just to make sure that nobody else steps in the same problem.

 

In the future I'll be more careful with the kernel configuration. Removing bloat or unused features from the kernel is good, but next time I'll test the kernel afterwards. The fact that so many things broke should have made me suspect the kernel immediately -instead I tried to solve the problems one by one.

Also, strace looks quite useful. I can't read much of the output, but at least I have one more source of information when troubleshooting the next unwilling program.

----------

## bugg

 *Andersson wrote:*   

>  *axxackall wrote:*   Would you mind to share what you learnd here? Just to make sure that nobody else steps in the same problem. 
> 
> In the future I'll be more careful with the kernel configuration. Removing bloat or unused features from the kernel is good, but next time I'll test the kernel afterwards. The fact that so many things broke should have made me suspect the kernel immediately -instead I tried to solve the problems one by one.

 

Also, when the kernel help says "Unless you really know what you are doing, you should say Y here" it's generally a good idea to say "Y"  :Razz: 

 *Andersson wrote:*   

> Also, strace looks quite useful. I can't read much of the output, but at least I have one more source of information when troubleshooting the next unwilling program.

 

Most of the stuff strace comes up with is garbage (all the mmaps and brks), and I don't understand a lot of the other stuff, but I've found it useful on numerous occasions - like this - in tracking down the exact location of a problem.

- olly

----------

