3rd try...anyone?<div><br clear="all">______________________________________________________________ <br><br>Clayton Dukes<br>______________________________________________________________<br>
<br><br><div class="gmail_quote">On Thu, Jan 12, 2012 at 3:48 PM, Clayton Dukes <span dir="ltr"><<a href="mailto:cdukes@gmail.com">cdukes@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can anyone help here? I'm out of ideas :-)<div><span class="HOEnZb"><font color="#888888"><br clear="all">______________________________________________________________ <br><br>Clayton Dukes<br>______________________________________________________________</font></span><div>
<div class="h5"><br>
<br><br><div class="gmail_quote">On Wed, Jan 11, 2012 at 8:05 PM, Clayton Dukes <span dir="ltr"><<a href="mailto:cdukes@gmail.com" target="_blank">cdukes@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hey folks,<div><br></div><div>I have a user experiencing an issue where some of the incoming logs are not getting piped to my perl script until the second time we generate events.</div><div><br></div><div><div>I believe this is generally set using flush_lines(1), but it doesn’t seem to be honoring that setting in the config.</div>
<div>I also tried adding flush_timeout(900), but that has no affect.</div><div>In the output below, if I quit the telnet and start it again, the previously missing events are then received (but the current ones are missing) - basically, it doesn't appear to be flushing every single line.
</div><div>Possible other reason: has something changed between v2.x and 3.x where the program() destination would possibly not send an EOF signal - i.e. is the pipe now kept open vs. an individual call to the program each time in v2.x?</div>
<div><br></div><div><br></div><div>To verify that this is happening:</div><div><br></div><div><br></div><div>Term 1:</div><div>tail -f /tmp/logzilla_import.txt</div><div>Term 2:</div><div>/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -Fdv</div>
<div>Term 3:</div><div>telnet 192.168.254.1</div></div><div><br></div><div>Term 1 results:</div><div><div>192.168.254.1 22 7 3732620769 .Jan 11 2012 19:29:02.284 EST: Telnet2: 1 1 251 1 3751981041 0 <a href="tel:2012-01-11%2019" value="+12012011119" target="_blank">2012-01-11 19</a>:29:02 <a href="tel:2012-01-11%2019" value="+12012011119" target="_blank">2012-01-11 19</a>:29:02</div>
<div>192.168.254.1 22 7 3732620769 .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent WILL ECHO (1) 3751981041 0 <a href="tel:2012-01-11%2019" value="+12012011119" target="_blank">2012-01-11 19</a>:29:02 <a href="tel:2012-01-11%2019" value="+12012011119" target="_blank">2012-01-11 19</a>:29:02</div>
</div><div><br></div><div>Term 2 results:</div>
<div><div>Incoming log entry; line='<183>6987: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent WILL ECHO (1)'</div><div>Incoming log entry; line='<183>6988: .Jan 11 2012 19:29:02.284 EST: Telnet2: 2 2 251 3'</div>
<div>Incoming log entry; line='<183>6989: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent WILL SUPPRESS-GA (3)'</div><div>Incoming log entry; line='<183>6990: .Jan 11 2012 19:29:02.284 EST: Telnet2: 80000 80000 253 24'</div>
<div>Incoming log entry; line='<183>6991: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent DO TTY-TYPE (24)'</div><div>Incoming log entry; line='<183>6992: .Jan 11 2012 19:29:02.284 EST: Telnet2: 10000000 10000000 253 31'</div>
<div>Incoming log entry; line='<183>6993: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent DO WINDOW-SIZE (31)'</div><div>Incoming log entry; line='<183>6994: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet received DO ENCRYPTION (38)'</div>
<div>Incoming log entry; line='<183>6995: .Jan 11 2012 19:29:02.284 EST: TCP2: Telnet sent WONT ENCRYPTION (38) (unimplemented)'</div><div>Incoming log entry; line='<183>6996: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL ENCRYPTION (38)'</div>
<div>Incoming log entry; line='<183>6997: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent DONT ENCRYPTION (38) (unimplemented)'</div><div>Incoming log entry; line='<183>6998: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received DO SUPPRESS-GA (3)'</div>
<div>Incoming log entry; line='<183>6999: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL TTY-TYPE (24)'</div><div>Incoming log entry; line='<183>7000: .Jan 11 2012 19:29:02.292 EST: Telnet2: Sent SB 24 1 '</div>
<div>Incoming log entry; line='<183>7001: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL WINDOW-SIZE (31)'</div><div>Incoming log entry; line='<183>7002: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL TTY-SPEED (32) (refused)'</div>
<div>Incoming log entry; line='<183>7003: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent DONT TTY-SPEED (32)'</div><div>Incoming log entry; line='<183>7004: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL LOCAL-FLOW (33) (refused)'</div>
<div>Incoming log entry; line='<183>7005: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent DONT LOCAL-FLOW (33)'</div><div>Incoming log entry; line='<183>7006: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL LINEMODE (34)'</div>
<div>Incoming log entry; line='<183>7007: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent DONT LINEMODE (34) (unimplemented)'</div><div>Incoming log entry; line='<183>7008: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received WILL NEW-ENVIRON (39)'</div>
<div>Incoming log entry; line='<183>7009: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent DONT NEW-ENVIRON (39) (unimplemented)'</div><div>Incoming log entry; line='<183>7010: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received DO STATUS (5)'</div>
<div>Incoming log entry; line='<183>7011: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet sent WONT STATUS (5) (unimplemented)'</div><div>Incoming log entry; line='<183>7012: .Jan 11 2012 19:29:02.292 EST: TCP2: Telnet received DO ECHO (1)'</div>
<div>Incoming log entry; line='<183>7013: .Jan 11 2012 19:29:02.292 EST: Telnet2: recv SB NAWS 132 63'</div><div>Incoming log entry; line='<183>7014: .Jan 11 2012 19:29:02.292 EST: Telnet2: recv SB 24 0 LINUX'</div>
<div>Incoming log entry; line='<183>7015: .Jan 11 2012 19:29:02.493 EST: TCP2: Telnet received WILL ENVIRONMENT (36) (refused)'</div><div>Incoming log entry; line='<183>7016: .Jan 11 2012 19:29:02.493 EST: TCP2: Telnet sent DONT ENVIRONMENT (36)'</div>
<span><font color="#888888">
<div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>______________________________________________________________ <br><br>Clayton Dukes<br>______________________________________________________________<br>
</font></span></div>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>