<div dir="ltr">okay thanks let me check to see if tcpdump is installed appreciate.</div><br><div class="gmail_quote"><div dir="ltr">On Mon, Nov 12, 2018 at 2:02 PM PÁSZTOR György <<a href="mailto:pasztor@linux.gyakg.u-szeged.hu">pasztor@linux.gyakg.u-szeged.hu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Rodney,<br>
<br>
"Rodney Bizzell" <<a href="mailto:hardworker30@gmail.com" target="_blank">hardworker30@gmail.com</a>> írta 2018-11-12 13:28-kor:<br>
> So I upgraded to syslog-ng 3.18 and it has syslog-ng-debun options. I was<br>
<br>
Just to run syslog-ng-debun, you should not had to upgrade your syslog-ng.<br>
syslog-ng-debun is a simple all in one portable shell script which's<br>
purpose is to gather information about any kind of syslog-ng installation.<br>
Always safe to use the latest one of this from the master branch, as I<br>
suggested to download via wget.<br>
<br>
> reading through the documentation and when I issue syslog-ng-debun -d -P<br>
> 'port 12201' should I see anything on standard out because all that happen<br>
> was it displayed the options for the command. That is all that happened<br>
<br>
Yepp. In the meantime János Szigetrvári added an extra -r option to the<br>
script and that changed the default behaviour. Without the -r option it's<br>
just a "--dry-run"-ish parametering. It does nothing, except test the<br>
parameters.<br>
You can see that changeset following this link:<br>
<a href="https://github.com/balabit/syslog-ng/commit/f9312f87b758c450c6108abe8da9cf0b4d16ced4" rel="noreferrer" target="_blank">https://github.com/balabit/syslog-ng/commit/f9312f87b758c450c6108abe8da9cf0b4d16ced4</a><br>
<br>
So, from that point on, every syslog-ng-debun command should be replaced<br>
with the same, just adding an extra -r option.<br>
<br>
Which in your case, means: you should've run:<br>
syslog-ng-debun -r -d -P 'port 12201'<br>
<br>
> when I issued the command below in this email. I tried to run<br>
> syslog-ng-debun -r and that executed and created a tarball.<br>
<br>
Yep. This -r -d -P 'port 12201' will also create a tarball. Just a more<br>
useful one: It will run tcpdump in the bacground, to collect network<br>
traffic at the same time, matching the "port 12201" filtering expression.<br>
<br>
Btw.: Make sure, you have tcpdump installed on the system. Otherwise the<br>
script won't be able to run tcpdump.<br>
<br>
When you finished, we need that tarball what the script created.<br>
<br>
Regards,<br>
Gyu<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>