<div dir="ltr"><div>
Hi Gabor, <br></div><div><br></div><div>Do you have some news regarding this issue?<br></div><div>Another update from my side, is that if I login as root in serial console, I am able to get the notifications:</div><div><br></div><div><b><span style="font-family:monospace">[pid 4155] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = 18</dev/ttyS0<char 4:64>><br>[pid 4155] write(18</dev/ttyS0<char 4:64>>, "2020 Nov 2 16:14:35 debian10st Entry local0.crit 2020-11-02T16:14:35,489343700+00:00\n", 86) = 86<br>[pid 4155] close(18</dev/ttyS0<char 4:64>>) = 0</span></b></div><div><b><span style="font-family:monospace"><br></span></b></div><div><b><span style="font-family:monospace">root@debian10st:/home/thanos# w thanos<br> 16:19:50 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00<br>USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>thanos pts/0 10.0.2.2 26Oct20 6:14 0.07s 1.85s sshd: thanos [priv]<br>thanos pts/1 10.0.2.2 26Oct20 6:37 0.12s 1.87s sshd: thanos [priv]<br>thanos pts/2 10.0.2.2 26Oct20 0.00s 0.05s 1.93s sshd: thanos [priv]<br>root@debian10st:/home/thanos# w root<br> 16:20:15 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00<br>USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>root ttyS0 - 16:14 13.00s 0.01s 0.01s -bash<br><br></span></b></div><div>Any help appreciated.</div><div>Thanks,</div><div>Alex<br></div><div><br><b><span style="font-family:monospace"></span></b></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Oct 28, 2020 at 5:24 PM Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com">alexandre.rosas.santos@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi Gabor,</div><div><br></div><div>Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.</div><div><br></div><div>Furthermore, I tried strace and saw the following:</div><b><span style="font-family:monospace">[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0<br>[pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96<br>[pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)</span></b><br><div><br></div><div>Do you know why? I am launching syslog-ng as root. (full strace in attachment)</div><div><br></div><div>Regards,</div><div>Alex<br></div><div><br></div><div><b><span style="font-family:monospace">thanos@debian10st:~$ echo test > /dev/ttyS0<br>test<br><br>root@debian10st:/home/thanos# who am i<br>thanos pts/1 2020-10-26 20:21 (10.0.2.2)<br>root@debian10st:/home/thanos# echo "test1" > /dev/pts/1<br>test1<br>root@debian10st:/home/thanos#<br><br>thanos@debian10st:~$ who am i<br>thanos pts/0 2020-10-26 20:21 (10.0.2.2)<br>thanos@debian10st:~$ echo "test0" > /dev/pts/0<br>test0<br>thanos@debian10st:~$<br><br>root@debian10st:/home/thanos# who am i<br>thanos pts/2 2020-10-26 20:26 (10.0.2.2)<br>root@debian10st:/home/thanos# echo "test2" > /dev/pts/2<br>test2</span></b></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) <<a href="mailto:Gabor.Nagy@oneidentity.com" target="_blank">Gabor.Nagy@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Thanks for the info!<br>
<br>
It looks good, messages should be seen on ssh and on serial console too.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="background-color:rgb(255,255,255);display:inline">Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console,
please?</span><br>
</div>
<div id="gmail-m_-8736610256321757847gmail-m_278091542039254679appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_-8736610256321757847gmail-m_278091542039254679divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>> on behalf of Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>><br>
<b>Sent:</b> Tuesday, October 27, 2020 10:20<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>
<b>Subject:</b> Re: [syslog-ng] Using usertty</font>
<div> </div>
</div>
<div>
<div style="background-color:rgb(255,235,156);width:100%;border-style:solid;border-color:rgb(156,101,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left">
<span style="color:rgb(156,101,0);font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<div>
<div dir="ltr">
<div><span style="color:rgb(0,0,255)">Hi Gabor,</span></div>
<div><span style="color:rgb(0,0,255)"><br>
</span></div>
<div><span style="color:rgb(0,0,255)">I am running a Debian buster in a VBox guest.</span></div>
<div><br>
</div>
<div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt">Can you check which terminals are the user 'thanos' logged in?</span></div>
<div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt"><b><font size="2"><span style="font-family:monospace">root@debian10st:/home/thanos# w thanos<br>
09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00<br>
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>
thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash<br>
thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash<br>
thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv]<br>
thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]</span></font></b><br>
</span></div>
<div><span style="color:rgb(0,0,255)"><br>
</span></div>
<div><span style="color:rgb(0,0,255)">Here are the serial configurations:</span></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a<br>
speed 9600 baud; rows 24; columns 80; line = 0;<br>
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;<br>
discard = <undef>; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
<br>
root@debian10st:/home/thanos# stty -F /dev/pts/0 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;<br>
discard = <undef>; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace"><br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/pts/1 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;<br>
discard = ^O; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace"><br>
</span></span></span></b></div>
<div><span style="color:rgb(0,0,255)"><b><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/pts/2 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;<br>
discard = ^O; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc</span></span><br>
</b></span></div>
<div><br>
</div>
<div><span style="color:rgb(0,0,255)">Thanks,</span></div>
<div><span style="color:rgb(0,0,255)">Alex</span><br>
</div>
</div>
<br>
<div>
<div dir="ltr">On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <<a href="mailto:Gabor.Nagy@oneidentity.com" target="_blank">Gabor.Nagy@oneidentity.com</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Hi Alex!<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too:<br>
[2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0'
<div>[2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0'</div>
<div>[2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1'</div>
[2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt">Can you check which terminals are the user 'thanos' logged in?</span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
E.g. use the following command on the command line:<br>
$w thanos<br>
<br>
<span style="background-color:rgb(255,255,255);display:inline">If you don't see a tty with ssh login, that can explain it.</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
About the serial port, maybe it's misconfigured.<br>
Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="background-color:rgb(255,255,255);display:inline">Can you tell us a bit more about your host and how did you set up the serial port?</span><br>
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Regards,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Gabor</div>
<div id="gmail-m_-8736610256321757847gmail-m_278091542039254679x_gmail-m_4206308395796789584appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_-8736610256321757847gmail-m_278091542039254679x_gmail-m_4206308395796789584divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>>
on behalf of Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>><br>
<b>Sent:</b> Friday, October 23, 2020 17:46<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>
<b>Subject:</b> [syslog-ng] Using usertty</font>
<div> </div>
</div>
<div>
<div style="background-color:rgb(255,235,156);width:100%;border-style:solid;border-color:rgb(156,101,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left">
<span style="color:rgb(156,101,0);font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<div>
<div dir="ltr">
<div>Hi,</div>
<div>I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.</div>
<div><br>
</div>
<div>But I am not getting any messages in serial port or ssh.<br>
</div>
<div><br>
</div>
<div>I am sending the configurations and the debug log in attachment.</div>
<div><br>
</div>
<div>Can you help me to understand what is happening?</div>
<div><br>
</div>
<div>Thanks in advance,</div>
<div>Alex<br>
</div>
</div>
</div>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uLzSrjVRpdHdUeYGd5oKCyalC9zt9EPR8%2F7rc%2BrmG8Y%3D&reserved=0" rel="noreferrer" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=x0ploVfgWoWXdwd14XpF46Rtb1VZJ7KNNZL5RjBE%2BIY%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243562552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=D%2FTy0bCNhsysvG7HWYtJGquzYyjWCCFC5lPaUVhXtdM%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
</blockquote></div>