chrisb [2017-11-29, 08:41:25]:
> Hello forum members,
>
> Having spent a couple of weeks on this problem I thought someone might be
> able to help getting syslog-ng 3.9.1 to write log files on OpenBSD 6.2. This
> really is a pain in the back-side.
>
> The O/S was a fresh install, then syslog-ng and lastly BIND. No other
> packages except syslog-ng and BIND dependencies have been installed.
>
> The .conf file was copied over from an older OpenBSD system, also running an
> older WORKING syslog-ng (3.1.1). The required changes to the .conf were made
> so that syslog-ng 3.9.1 with supervisor starts and remains running. By
> killing the syslog-ng process I was able to test that the supervisor process
> restarts syslog-ng. The rc.d script starts, stops and restarts syslog-ng as
> expected. /usr/local/sbin/syslog-ng -s returns no errors, indicating that
> the config file is at least sane.
>
> In /var/log the only thing it writes are syslog-ng start/stop messages. In
> an effort to localise the problem, a stub syslog-ng.conf was created with
> the following contents:
>
> <code>
> @version: 3.9.1
> source s_local {
> unix-dgram("/dev/log");
> };
> #
> destination catchall { file(/var/log/catchall); };
> log { source(s_local); destination(catchall); };
> </code>
>
> The permissions and ownership on /var, /var/log, /var/run, and /etc are
> correct according to the OBSD /etc/mtree/special file. Syslog-ng starts,
> retaining root permissions (default) and creates /dev/log if it does not
> exist. The syslog_ng_flags I use are:
>
> <code>
> "-R /var/run/syslog-ng.persist -c /var/run/syslog-ng.ctl -p
> /var/run/syslog-ng.pid"
> </code>
>
> Have tried running without any flags to see if that would help, but did not
> help.
> The output of syslog-ng -V is:
>
> <code>
> syslog-ng 3.9.1
> Installer-Version: 3.9.1
> Revision:
> Module-Directory: /usr/local/lib/syslog-ng
> Module-Path: /usr/local/lib/syslog-ng
> Available-Modules:
> affile,afprog,afsocket,afsql,afuser,basicfuncs,cef,confgen,cryptofuncs,csvparser,curl,date,dbparser,disk-buffer,geoip-plugin,graphite,kvformat,linux-kmsg-format,pseudofile,system-source,add-contextual-data,json-plugin,syslogformat
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: off
> </code>
>
> On my hunt I found a message on NARKIVE where a user was having the same
> problem with syslog-ng 3.6 on OpenBSD 5.9, there was no solution. There was
> a reply saying: "With the changes in 5.6 using sendsyslog(2), only syslogd
> picks up local syslog.". Setting up a few OBSD VMs later than 5.5 from
> scratch and installing syslog-ng, I still get the same problem/symptoms.
Indeed syslog-ng does not capture local syslog messages since sendsyslog(2)
was introduced.
I suggest you read this thread
https://marc.info/?t=142175714200003
