Syslog-ng Unique Persist Names

I want mail logs in a separate log file /var/log/mail so that postfix and dovecot messages are not be buried in /var/log/message. While upgrading to syslog-ng to version 3.13.2 I suddenly ran into an error that prevented the daemon to start. The error message was:

# /etc/init.d/syslog-ng start
 * Checking your configfile (/etc/syslog-ng/syslog-ng.conf) ...           [ ok ]
 * Starting syslog-ng ...
[2018-08-09T12:43:05.358947] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:6:9'
[2018-08-09T12:43:05.358991] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:9:9'
[2018-08-09T12:43:05.359006] Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down.; persist_name='affile_dd_writers(/var/log/mail)', location='/etc/syslog-ng/mail.conf:13:9'
 * start-stop-daemon: failed to start `/usr/sbin/syslog-ng'
 * Failed to start syslog-ng                                              [ !! ]
 * ERROR: syslog-ng failed to start

The configuration for the separate mail log is included in the main configuration file /etc/syslog-ng/syslog-ng.conf with a directive added to then end of the file:

@include "mail.conf" 

The relevant parts in /etc/syslog-ng/mail.conf that syslog-ng complained about looked like this:

destination mail {
        file("/var/log/mail");
};

destination mailinfo {
        file("/var/log/mail");
};
destination mailwarn {
        file("/var/log/mail");
};

destination mailerr {
        file("/var/log/mail");
};

The problem is that all four destinations go to the same file /var/log/mail which disturbs syslog-ng’s internal book-keeping.

Searching for the error message I came across https://github.com/balabit/syslog-ng/issues/1275 which showed one usage of the persist-name option that is recommended in the error message. Unfortunately, my configuration looked different. The solution is still simple. Just in case, I post my complete fixed and working configuration here:

destination mail {
        file("/var/log/mail" persist-name("mail"));
};

destination mailinfo {
        file("/var/log/mail" persist-name("mailinfo"));
};
destination mailwarn {
        file("/var/log/mail" persist-name("mailwarn"));
};

destination mailerr {
        file("/var/log/mail" persist-name("mailerr"));
};

filter f_mail {
        facility(mail);
};

filter f_info {
        level(info);
};
filter f_warn {
        level(warn);
};

filter f_err {
        level(err);
};

log {
        source(src);
        filter(f_mail);
        destination(mail);
        flags(final);
};

log {
        source(src);
        filter(f_mail);
        filter(f_info);
        destination(mailinfo);
        flags(final);
};

log {
        source(src);
        filter(f_mail);
        filter(f_warn);
        destination(mailwarn);
        flags(final);
};

log {
        source(src);
        filter(f_mail);
        filter(f_err);
        destination(mailerr);
        flags(final);
};

Beware that this is not the entire syslog-ng configuration but just the mail specific part in /etc/syslog-ng/mail.conf included with @include "mail.conf" in /etc/syslog-ng/syslog-ng.conf!


blog comments powered by Disqus