Pihole 5.17.3 - send logs to syslog

Hello guys,

I just upgraded to v5.17.3 and my syslog-ng stop working...i am trying to fix it for some time, i can't, this is what i'm getting.

Jan 12 07:09:39 pihole systemd[1]: Starting System Logger Daemon...
Jan 12 07:09:39 pihole syslog-ng[643]: [2024-01-12T07:09:39.295791] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 forma>
Jan 12 07:09:39 pihole syslog-ng[643]: DIGEST-MD5 common mech free
Jan 12 07:09:39 pihole syslog-ng[643]: [2024-01-12T07:09:39.750351] WARNING: The internal_queue_length stat counter has been renamed to internal_source.queued. The old name will be removed in future versions>
Jan 12 07:09:39 pihole systemd[1]: Started System Logger Daemon.

I also upgraded it to 3.35 , no luck:

syslog-ng --version
syslog-ng 3 (3.35.1)
Config version: 3.35
Installer-Version: 3.35.1
Revision: 3.35.1-1

Anyone facing the same issue?
Or is there another way to send logs to a syslog server?

Thanks in advance.
Radu

Have you checked here?

$ apt-file list syslog-ng-core
/etc/default/syslog-ng
/etc/init.d/syslog-ng
/etc/logcheck/ignore.d.paranoid/syslog-ng
/etc/logcheck/ignore.d.server/syslog-ng
/etc/logcheck/violations.ignore.d/syslog-ng
/etc/logrotate.d/syslog-ng
/etc/syslog-ng/scl.conf
/etc/syslog-ng/syslog-ng.conf
[..]

I dont run syslog-ng but as it seems its only complaining about the format of above config file(s), you could try move them out of the way to your home folder "~" for backup with below:

EDIT: Ooops, I noticed below will fail as all the source file names are the same.
Try back them up in some other way and delete them at source before continuing with reinstalling!

sudo mv \
/etc/default/syslog-ng \
/etc/init.d/syslog-ng \
/etc/logcheck/ignore.d.paranoid/syslog-ng \
/etc/logcheck/ignore.d.server/syslog-ng \
/etc/logcheck/violations.ignore.d/syslog-ng \
/etc/logrotate.d/syslog-ng \
/etc/syslog-ng/scl.conf \
/etc/syslog-ng/syslog-ng.conf \
~

And reinstall them fresh with below:

sudo apt -o Dpkg::Options::="--force-confmiss" install --reinstall syslog-ng-core

Might want to check if those files returned before run below to apply!

sudo systemctl restart syslog-ng.service

And check the logs/journal again.

Ps. this is not related to Pi-hole in any way.
Pi-hole doesnt do anything with syslog-ng.
Any logging done by Pi-hole is through systemd-journald.service which can be forwarded to syslog-ng:

$ cat /var/log/README
You are looking for the traditional text log files in /var/log, and they are
gone?

Here's an explanation on what's going on:

You are running a systemd-based OS where traditional syslog has been replaced
with the Journal. The journal stores the same (and more) information as classic
syslog. To make use of the journal and access the collected log data simply
invoke "journalctl", which will output the logs in the identical text-based
format the syslog files in /var/log used to be. For further details, please
refer to journalctl(1).

Alternatively, consider installing one of the traditional syslog
implementations available for your distribution, which will generate the
classic log files for you. Syslog implementations such as syslog-ng or rsyslog
may be installed side-by-side with the journal and will continue to function
the way they always did.

Thank you!

Further reading:
        man:journalctl(1)
        man:systemd-journald.service(8)
        man:journald.conf(5)
        https://0pointer.de/blog/projects/the-journal.html

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.