Failed to open syslog writer

Question

Failed to open syslog writer

yathindra opened this issue 8 years ago · comments

Description

I'm seeing a failure to open syslog writer. Is there additional setup that I need? I also tried making syslogd listen on /var/run/go-audit.sock but still no luck. I tried this on Ubuntu 16.04.

$ sudo go-audit -config examples/go-audit/go-audit.yaml 
Flushed existing audit rules
Added audit rule #1
Added audit rule #2
Added audit rule #3
Added audit rule #4
Added audit rule #5
Added audit rule #6
Added audit rule #7
Added audit rule #8
Added audit rule #9
Added audit rule #10
Failed to open syslog writer. Error: dial unix /var/run/go-audit.sock: connect: connection refused

Nate Brown · Answer 1 · Sat Nov 26 2016 05:41:11 GMT+0800 (China Standard Time)

My assumption is that you don't have the rsyslog-imptcp package installed on ubuntu. check /var/log/syslog after restarting rsyslog and you should see some errors eluding to a bad configuration/missing or unknown plugin.

Nate Brown · Answer 2 · Wed Jan 25 2017 12:22:12 GMT+0800 (China Standard Time)

Feel free to re-open this issue if it is still valid.