docker-logs-syslog-ng-conf-warning

Q & ACategory: Questionsdocker-logs-syslog-ng-conf-warning
marxper asked 2 months ago

Hi every one ,i\’m working on ELK using docker and i\’m started the syslog-ng container using  docker run –name=syslog-ng-server –restart=unless-stopped -d -v \”PWD\”/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf -v /var/log/remote:/var/log/remote -p 514:514 -p 601:601 syslog-ng-server:3.7and this is my syslog-ng.conf look like : @version: 3.9@include \”scl.conf\”@include \”`scl-root`/system/tty10.conf\”# Syslog-ng configuration file, compatible with default Debian syslogd# installation.# First, set some global options.options { chain_hostnames(off);};######################### Sources######################### If you wish to get logs from remote machine you should uncomment# this and comment the above source line.#source net { network(); };######################### Destinations######################### First some standard logfile#destination apache_error { file(\”/var/log/remote/apache2/${YEAR}/${MONTH}/${DAY}/error.log\”); };######################### Filters######################### Here\’s come the filter options. With this rules, we can set which# message go where.filter apache2_error { filter(local) and facility(local1); };######################### Log paths########################log { source(s_net); filter(f_apache2_access); destination(d_apache_access); };### when i execute docker logs <container _id>I got this result syslog-ng: Error setting capabilities, capability management disabled; error=\’Operation not permitted\'[2017-12-04T10:39:15.275051] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode Please update it to use the syslog-ng 3.12 format at your time of convenience, compatibility mode can operate less efficiently in some cases. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file.;

1 Answers
Kokan answered 2 months ago

Hello,
Please next time format your comment properly, it is a little hard to read 🙂
It is not really clear for me, what kind of container are you running.
syslog-ng-server:3.7
Would it be possible to share the Dockerfile also ?
 
From the message it looks like, you are actually running syslog-ng 3.12 instead of 3.7, and thus in the configuration file the 

@version: 3.12

should be used, otherwise it is running in compatible mode.
 
 
Kokan