Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 228973 - app-admin/syslog-ng attempts to start before all dependencies
Summary: app-admin/syslog-ng attempts to start before all dependencies
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] baselayout (show other bugs)
Hardware: All Linux
: High normal with 1 vote (vote)
Assignee: Mr. Bones. (RETIRED)
: 394185 (view as bug list)
Depends on:
Blocks: need-net
  Show dependency tree
Reported: 2008-06-22 22:18 UTC by Graham Murray
Modified: 2013-08-24 22:42 UTC (History)
10 users (show)

See Also:
Package list:
Runtime testing required: ---

/tmp/0001-Only-the-loopback-interface-should-provide-net.patch (0001-Only-the-loopback-interface-should-provide-net.patch,654 bytes, text/plain)
2012-02-06 21:18 UTC, William Hubbs
syslog-ng (syslog-ng,1.11 KB, text/plain)
2012-10-23 21:31 UTC, William Hubbs
fix.patch (fix.patch,4.64 KB, patch)
2012-12-16 23:59 UTC, William Hubbs
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Graham Murray 2008-06-22 22:18:33 UTC
/etc/init.d/syslog-ng has a dependency on net. In /etc/rc.conf I have rc_depend_strict="YES" and on startup the system (baselayout-2/openrc) attempts to start syslog-ng before all of the net devices have been started which causes the startup to fail. syslog-ng can be successfully started manually after the system has booted.

 emerge --info
Portage 2.2_rc1 (default/linux/x86/2008.0/desktop, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.25-gentoo-r5 i686)
System uname: Linux-2.6.25-gentoo-r5-i686-Intel-R-_Core-TM-2_CPU_6700_@_2.66GHz-with-glibc2.0
Timestamp of tree: Sun, 22 Jun 2008 19:15:02 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r11, 2.5.2-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.2.5
sys-devel/autoconf:  2.13, 2.62
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   2.2.4
virtual/os-headers:  2.6.25-r4
CFLAGS="-O2 -march=native -mtune=native -pipe -ggdb"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=native -mtune=native -pipe -ggdb"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="buildsyspkg distlocks installsources parallel-fetch preserve-libs sandbox sfperms splitdebug strict unmerge-orphans userfetch"
LINGUAS="en_GB en"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/portage/local/layman/musicbrainz /usr/portage/local/layman/sunrise /usr/local/portage"
USE="X a52 aac aalib acl acpi aim alsa apache2 arts audiofile avi bash-completion berkdb bluetooth bonobo branding browserplugin bzip2 bzlib cairo caps cddb cdparanoia cdr cjk cli cracklib crypt cups curl cvs cxx dbus directfb doc dri dts dvd dvdr dvdread eds emacs emboss encode esd ethereal evo examples exif expat fam fbcon ffmpeg fftw flac foomaticdb fortran ftp gcj gd gdbm gif glut gmp gnome gnome-keyring gnutls gphoto2 gpm graphviz gstreamer gtk gtk2 gtkhtml guile hal iconv icq idn ieee1394 imagemagick imlib ipv6 isdnlog jabber jack java javascript jbig jce jpeg jpeg2k junit kde kdehiddenvisibility kerberos ladspa latex lcms ldap leim libgda libnotify libsamplerate libwww lirc lm_sensors logrotate lua m17n-lib mad matroska mbox midi mikmod milter mime mmap mmx mng modplug mono mozilla mp3 mpeg mpi mplayer msn mudflap musepack ncurses nls nptl nptlonly nsplugin odbc offensive ogg oggvorbis openal opengl openmp oscar oss pam pcntl pcre pdf perl png postgres ppds pppd profile pulseaudio python qt3 qt3support qt4 quicktime readline recode reflection ruby sasl sdl session sharedmem sndfile snmp sockets sox speex spell spl sqlite sqlite3 sse sse2 ssl startup-notification subversion svg sysvipc tcl tcltk tcpd theora threads tiff tk truetype uicktime unicode usb v4l v4l2 vim-syntax vorbis wavpack win32codecs wmf wxwindows x264 x86 xattr xcb xface xine xml xml2 xorg xulrunner xv xvid yahoo zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en" LIRC_DEVICES="asusdh" USERLAND="GNU" VIDEO_CARDS="radeon vesa fbdev vga"
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2008-06-23 03:42:41 UTC
Sounds like a baselayout-2 issue.
Comment 2 Roy Marples 2008-07-09 20:47:35 UTC
Please state which net scripts are in the runlevel that syslog-ng is in.
Comment 3 Graham Murray 2008-07-10 00:33:05 UTC
(In reply to comment #2)
> Please state which net scripts are in the runlevel that syslog-ng is in.

net.eth0 (which is started)
net.aa6  (a routed sit tunnel)

both are symlinks to /etc/init.d/net.lo
Comment 4 Jeremy Sermersheim 2009-04-02 00:08:21 UTC
I have this same exact problem.  I don't think the case statement in the depend function of the syslog-ng init script is working properly.  Since I receive remote logging with this machine the network needs to be up before syslog-ng starts.  It might be due to having iptables in the same runlevel since it has a depend of before net and use logger.  Any ideas on how to fix?
Comment 5 Philipp Riegger 2009-04-17 15:00:17 UTC
I "fixed" this removing the dependency on syslog from iptables, but it's not really a fix, just a workaround.
Comment 6 Balazs Nemeth 2010-10-15 15:47:24 UTC
2.0.9 is way too old, it is not even supported by upstream
wouldn'be good to close this bug?
Comment 7 Xuefer 2011-05-06 12:37:50 UTC
reproduced here with:

== reproduce preconditions 1
$ grep tcp /etc/syslog-ng/syslog-ng.conf
    tcp(ip( port(514));

reason: see /etc/init.d/syslog-ng
depend() {
        # Make networking dependency conditional on configuration
        case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in
                        need net <- this one
                        use stunnel ;;

        config /etc/syslog-ng/syslog-ng.conf
        use clock
        need hostname localmount
        provide logger <- this one

== reproduce preconditions 2

depend() {
        before net <- this one
        use logger <- this one

the dependency circle is made up with conditions above but only reproduce visually with the following condition
== reproduce preconditions 3

Comment 8 Petr Pisar 2011-08-12 09:22:40 UTC
The same problem with stunnel-4.35, rc_parallel=YES and rc_depend_strict=NO (openrc-0.8.3-r1, syslog-ng-3.2.4, iptables- Once adding stunnel to default level, cycle with stunnel, logger and iptables appears.

I guess this is because init scripts say syslog-ng uses stunnel and stunnel is before logger.
Comment 9 Patrick 2011-09-17 07:30:23 UTC
I also get this problem. I have network sources in my syslog-ng config, so the init script for it adds the 'need net' dependency. I then also have iptables, which has 'use logger' and 'before net'. So iptables has to start before 'net', but it needs syslog-ng, and syslog-ng cant start without 'net'. So we have ourselfs a nice circular dependency.
Comment 10 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-09-17 17:51:45 UTC
I think the only viable solution here is to drop the 'need net' from syslog-ng's dependencies. syslog-ng CAN start up even when dest/source are network targets and there is no networking yet, as it just reconnects. Ideally you actually want the log buffering until that point, but that's only in the non-free version of syslog-ng.
Comment 11 Mr. Bones. (RETIRED) gentoo-dev 2011-09-18 05:45:13 UTC
I think removing "need net" has the potential to cause major headaches.  There might be some situations where syslog-ng is happy starting without networking (when there's some network-related item in the config file) but I'm pretty sure there are other situation where syslog-ng will bail when the network isn't up.

I still don't understand why the dep resolver equates "use" and "need".  I would expect "use" to give way to "need" in the dep resolution.
Comment 12 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-09-18 23:31:46 UTC
From the iptables side, can we relax the 'use logger' part of the init script somehow? (or make it optional for users to select if their rules contain LOG targets, which I think is rare, as lots of users moved to ULOG,NFLOG.)

(In reply to comment #11)
> I think removing "need net" has the potential to cause major headaches.  There
> might be some situations where syslog-ng is happy starting without networking
> (when there's some network-related item in the config file) but I'm pretty sure
> there are other situation where syslog-ng will bail when the network isn't up.
Can we come up with some testcases?

The only one I have so far is explicitly binding to a source address that does not yet exist. Binding to, or anything with a destination works fine (it retries).

Also, the detection for source/dest fails to pick up cases like this:
source s_hosts_tls {
    tcp(ip( port(6514)
        keep-alive(yes) max-connections(500)

> I still don't understand why the dep resolver equates "use" and "need".  I
> would expect "use" to give way to "need" in the dep resolution.
Running from memory here, there is only one very slightly different between use/need. In both cases, the listed services if they pass the tests get started before the consuming service.
- use only requires a service if it is already in the runlevel.
- need always requires that the list service(s).
Comment 13 alexsaa 2011-09-19 20:13:52 UTC
I have 'source network {udp(ip(""),port(514))}' in /etc/syslog-ng/syslog-ng.conf. When I tried to replace 'need net' with 'need net.lo', syslog-ng died at startup (obviously it failed to bind to

So it seems that removing 'need net' is not a general solution.
Comment 14 William Hubbs gentoo-dev 2011-12-09 22:56:36 UTC
*** Bug 394185 has been marked as a duplicate of this bug. ***
Comment 15 Sven E. 2011-12-09 23:51:26 UTC
Since my bug was marked as a duplicate of this, I want to comment here, I see the same issue, but it is not caused by syslog-ng. It is, as states a problem with openrc (or baselayout for that matter), which manifests unfortunately mostly with syslog-ng. It is not at all limited so syslog-ng.

Here is more information and thoughts on this:

As we saw, depend_strict does not change the behaviour and that is simply not influenced by syslog-ng and as such not limited to syslog-ng's init script.

But eben without depend_strict, it should be possible, to make syslog wait for ALL networinterfaces, by manual intervention, for my, I did this:

rc_logger_after="net_intel net_realtek"

The first line should esentially achieve the same, starting net services before logger.

Now, let's take a look at the deptree:








We can see that the manually added contraints are in place in the deptree.

Assuming the numbering is the supposed order of execution (which would be plausible) we clearly see, that net.* should be startet before logger/syslog-ng.

What puzzles me though is that, when logger has all the additional deps and syslog-ng is the provider of the service, why should syslog-ng have a lower order, Assuming the numbering is the priority.

But indepently of the last question, the deptree suggests, that the logger is to be started AFTER net services, while it is started by openrc inbetween.

Additional info, the deptree has net.lo and net.ppp0 as 50 and 51, thus putting them inbetween and net.realtek. net.lo is in a different level (boot) and therefore started before both of them, but it seems wrong, that net.lo is not before all other net devices in the tree.
Comment 16 Sven E. 2011-12-10 00:04:12 UTC
Looking at the other posts, I am wondering too, why iptable's 'use' should take precedence over syslogger's 'need'.

Thinking about this, a correct evaluation should start iptables (before net) which CAN use logger, followed by net (because it is needed by logger), then logger.

Even when we consider iptables rules with LOG targets, the logging will take place (a little deferred) while having no logger at all is simply no option in daily use.

The dependencies reflect this, since iptables only USEs logger, but the evaluated order seems to be borked ...

And somebody stated PARALLEL startup is a precodition - I can not confirm this, as I am seeing the problem with non parallel startup here. (Assuming the setting is honored, though)
Comment 17 William Hubbs gentoo-dev 2011-12-10 03:29:51 UTC
Another thing I would like to see you try is adding something like this to /etc/conf.d/syslog-ng:

rc_need="!net net.int1 net.int2 net.int3 ..."

where* are the names of the individual network interface scripts that syslog-ng needs on your system for networking.
Comment 18 Sven E. 2011-12-11 07:11:52 UTC
(In reply to comment #17)
> Another thing I would like to see you try is adding something like this to
> /etc/conf.d/syslog-ng:
> rc_need="!net net.int1 net.int2 net.int3 ..."
> where* are the names of the individual network interface scripts that
> syslog-ng needs on your system for networking.

Adding the line, no change.

Afterwards removing the stuff I added to rc.conf, no change either.

What is weird is this:
After (first) adding the line, running rc-update -u did not update the tree correctly (the stuff vom rc_need was not reflected in the syslog-ng entry within the deptree).

After reboot the changes showed up in the deptree.

Just to make sure I did another reboot.

Anyhow, this is not really a nice thing (not starting syslogger + tests to get the issues fixed) to be done on a live/production system.
Comment 19 William Hubbs gentoo-dev 2012-02-06 21:18:42 UTC
Created attachment 301081 [details]


I have proposed this patch to openrc on the -dev list. If everyone is
comfortable with it, this will take care of this issue by requiring
users to configure services to start after the interfaces that they
depend on if they bind to a specific ip address.
Comment 20 alexsaa 2012-02-07 00:27:24 UTC
(In reply to comment #19)
Is it a good idea to refer to 'just all networking' with simple 'net' dependence?
Just not to tune precise interfaces names in /etc/init.d/ when configuring application-level services (which are not required for net or syslog).
Comment 21 William Hubbs gentoo-dev 2012-10-23 16:17:04 UTC
The other problem with syslog-ng having "need net" in the dependencies
is that this makes syslog-ng stop when *any* network interface is
stopped. This is not good for machines that have multiple network
interfaces on different networks.
Comment 22 William Hubbs gentoo-dev 2012-10-23 21:31:56 UTC
Created attachment 327252 [details]

Here is the init script I recommend using for syslog-ng.

You will want to add documentation to /etc/conf.d/syslog-ng to show
users how to configure interfaces if they need them for networkloging.
For example:

#if using oldnet:
#if using newnet and configuring the interface with the network script:
# if using dhcpcd, networkmanager, etc to configure interfaces:

#If they want to use stunnel, they can add:

What are your thoughts?
Comment 23 William Hubbs gentoo-dev 2012-10-23 21:56:26 UTC
Also, if they use include files in /etc/syslog-ng/syslog-ng.conf, they
can add:
rc_config="file1 file2 file3 ..."

where the file names are full paths.
Comment 24 William Hubbs gentoo-dev 2012-12-16 20:20:02 UTC
Are there any objections to this init script and possible updates to the
conf.d file? If not, can I have permission to do the updates myself 24
hours from now?
Comment 25 William Hubbs gentoo-dev 2012-12-16 23:59:39 UTC
Created attachment 332524 [details, diff]

This patch is a significant rewrite of the init script, and also
documents one way to configure network logging in the syslog-ng conf.d
Comment 26 Reuben Farrelly 2012-12-18 22:08:56 UTC
The patch in comment 25 works (quite) well for me.

I have set:  rc_need="net.eth0"  in /etc/conf.d/syslog-ng

I'm still having a problem with syslog-ng binding to an IPv6 interface during boot up.  What is strange is that once the machine has finished booted up, syslog-ng then is able to start up without error.

The error as logged on the console is:

[Routes added above here, both IPv4 and IPv6 and static routes]

* Checking your configfile (/etc/syslog-ng/syslog-ng.conf) ...
* Starting syslog-ng ...
Error binding socket; addr='AF_INET6([2001:44b8:3333:1310::20]:514)', error='Cannot assign requested address (99)'
Error initializing source driver; source='net', id='net#0'
Error initializing message pipeline;
* start-stop-daemon: failed to start 'syslog-ng'
* Failed to start syslog-ng
* ERROR: syslog-ng failed to start
* Starting clamd ...

tornado syslog-ng # ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9000
        inet  netmask  broadcast
        inet6 fe80::a236:9fff:fe00:f4aa  prefixlen 64  scopeid 0x20<link>
        inet6 2001:44b8:3333:1310::23  prefixlen 64  scopeid 0x0<global>
        inet6 2001:44b8:3333:1310::22  prefixlen 64  scopeid 0x0<global>
        inet6 2001:44b8:3333:1310::21  prefixlen 64  scopeid 0x0<global>
        inet6 2001:44b8:3333:1310::20  prefixlen 64  scopeid 0x0<global>
        ether a0:36:9f:00:f4:aa  txqueuelen 1000  (Ethernet)

The console also shows that this interface along with all the IP addresses as above does start prior to syslog-ng.

If I start syslog-ng manually after the machine has completed booting it works without error and listens correctly on this IP.

Now I *think* this may be an issue that needs to be taken upstream but I'd like confirmation of this first.  Then again, it shouldn't matter where in the init this service is started provided the relevant interfaces are up, should it?

Apart from that issue, the latest proposed patch makes the configuration clearer and (otherwise) everything works well.
Comment 27 Petr Pisar 2012-12-19 08:52:56 UTC
I guess the address is in tentative mode at the time and binding to tentative address is refused by kernel. Try investigating `ip addr show' output close (a few seconds) to the syslog failure.
Comment 28 Reuben Farrelly 2012-12-19 09:50:18 UTC
Spot on Petr - I think you're right.

Here's the (truncated) output of 'ip addr show' immediately before syslog-ng starts up:

2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 9000 qdisc mq state DOWN qlen 1000
    link/ether a0:36:9f:00:f4:aa brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
    inet brd scope global secondary eth0
    inet brd scope global secondary eth0
    inet6 2001:44b8:3333:1310::23/64 scope global tentative 
       valid_lft forever preferred_lft forever
    inet6 2001:44b8:3333:1310::22/64 scope global tentative 
       valid_lft forever preferred_lft forever
    inet6 2001:44b8:3333:1310::21/64 scope global tentative 
       valid_lft forever preferred_lft forever
    inet6 2001:44b8:3333:1310::20/64 scope global tentative 
       valid_lft forever preferred_lft forever

Note "NO-CARRIER" on eth0, and "tentative" on the IPv6 addresses.

At the end of the init script execution, link is up, and the addresses are no longer tentative any more.  Presumably this is why this is no longer a problem.

Given this is an Intel I350T2 card, I wonder if there is some delay before the port comes up properly.  From a switching perspective both ports are set to access and spanning tree portfast is set (Cisco 3560-X) so I don't think it's the switch that is delaying things.

I guess the key question is, in terms of this bugzilla entry, is this something that the init script for syslog-ng should be acting to workaround?  Should the init script for syslog-ng be waiting briefly until link actually comes up and the addresses are no longer tentative before attempting to start, on account of IPv6 addresses bound to it not being available till some time later?
Comment 29 Petr Pisar 2012-12-19 10:03:32 UTC
I remember I saw checks for tentative addresses in OpenRC net.lo script making net.* service available only after all(/any?) IPv6 addresses became DAD-verified and thus not tentative any more. 

I don't know if this is still true.

AFAIK OpenRC has an option whether to wait on IP address on not. Thus I conclude net.* should wait on at least one address if the option requires an address.

However any network daemon should be aware that bind can fail and especially in case the daemon auto-discovers new addresses at run time and binds to each of them separately it should cope with tentative addresses gracefully.
Comment 30 Reuben Farrelly 2012-12-19 10:28:21 UTC
Going by the following two commits:;a=commitdiff_plain;h=807e5d725086832b899ba03a2203824ecf296d8b;a=commitdiff;h=444bdfbfc4d1a336233ccc5a29495cc1f523b5a3

and this bug report:

It looks like the problem is something in which if I'm reading this correctly should not be allowing the boot up to proceed until the addresses are no longer tentative and linked up (my output above shows no carrier, yet openrc proceeds nonetheless).

If this is the case then I'm thinking it's a problem with openrc and not syslog-ng.  I would appreciate if someone can confirm.

If my suggestion is right then I have no other issues with the proposed patch.
Comment 31 Mr. Bones. (RETIRED) gentoo-dev 2013-05-10 22:37:14 UTC
try it with syslog-ng-3.4.1 please.
Comment 32 Jeremy Sermersheim 2013-05-11 17:11:26 UTC
the latest update seems to have corrected the issue for me.  i rebooted my server and my remote hosts still log properly
Comment 33 Mr. Bones. (RETIRED) gentoo-dev 2013-08-13 21:45:34 UTC
use syslog-ng 3.4.x
Comment 34 alexsaa 2013-08-24 22:42:32 UTC
I've updated to syslog-ng 3.4.2. Added 'rc_need="net.net0"' to /etc/conf.d/syslog-ng, according to comments there. Syslog-ng starts now.

The solution seems satisfactory for me (as I have no need to stop net.net0).