<div dir="ltr"><div>Hi Gabor,</div><div><br></div><div>Thanks for the hint. It was really due to Linux capabilities.</div><div><br></div><div>When running by default syslog-ng has the following capabilities:</div><div></div><div><b><span style="font-family:monospace">root@debian10st:/home/thanos# ps -ewfH | grep syslog<br>message+ 410 1 0 Oct27 ? 00:00:28 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only<br>root 5185 2168 0 16:07 pts/0 00:00:00 grep syslog<br>root 5178 4138 0 16:06 pts/1 00:00:00 /usr/sbin/syslog-ng -Fvde --cfgfile=/home/thanos/syslog-ng.2.conf
<br>root@debian10st:/home/thanos# getpcaps 5178<br>Capabilities for `5178': = cap_syslog+ep cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_net_bind_service,cap_net_broadcast,cap_net_raw+p</span></b></div><div><b><span style="font-family:monospace"><br></span></b></div><div><span style="font-family:arial,sans-serif">By changing capability of </span>discretionary access control
<span style="font-family:arial,sans-serif"> to also be effective, I was able to broadcast the log messages using usertty(*)</span></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><b><span style="font-family:monospace"></span></b></div><div><b><span style="font-family:monospace">usr/sbin/syslog-ng -Fvde --cfgfile=/home/thanos/syslog-ng.2.conf --caps "cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_search,cap_chown,cap_fowner=p cap_dac_override,cap_syslog=ep"</span></b><br></div><div><br></div><div><b><span style="font-family:monospace">root@debian10st:/home/thanos# getpcaps $(pgrep syslog-ng)<br>Capabilities for `5471': = cap_dac_override,cap_syslog+ep cap_chown,cap_dac_read_search,cap_fowner,cap_net_bind_service,cap_net_broadcast,cap_net_raw+p</span></b></div><div><span style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif">Cheers,</span></div><div><span style="font-family:monospace"><span style="font-family:arial,sans-serif">Alex</span></span><b><span style="font-family:monospace"><br></span></b></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 4, 2020 at 9:25 AM Gabor Nagy (gnagy) <<a href="mailto:Gabor.Nagy@oneidentity.com">Gabor.Nagy@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Hi Alex!<br>
<br>
When syslog-ng is running as root and you see permission access problems, it's most likely due to Linux capabilities [1].<br>
Even running as root, syslog-ng is dropping most of it's capabilities, unless they are configured with the --caps command line option.<br>
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
The easiest solution is if you don't need Linux capabilities is to use the "--no-caps" command line option of syslog-ng (put it into syslog-ng's service file for permanent setup).</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
If you would like to use Linux capabilities and tune syslog-ng to use the necessary capabilities I recommend one of our blog posts as a starting point:<br>
<a href="https://www.syslog-ng.com/community/b/blog/posts/working-around-linux-capabilities-problems-for-syslog-ng" id="gmail-m_2754271002235832775LPlnk" target="_blank">https://www.syslog-ng.com/community/b/blog/posts/working-around-linux-capabilities-problems-for-syslog-ng</a></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
I'll add some error messages to usertty() driver to detect future issues.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
[1] <a href="https://man7.org/linux/man-pages/man7/capabilities.7.html" id="gmail-m_2754271002235832775LPlnk" target="_blank">https://man7.org/linux/man-pages/man7/capabilities.7.html</a><br>
<br>
<div></div>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt">Regards,</span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Gabor</div>
<div id="gmail-m_2754271002235832775appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_2754271002235832775divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>> on behalf of Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>><br>
<b>Sent:</b> Monday, November 2, 2020 17:21<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>
<b>Subject:</b> Re: [syslog-ng] Using usertty</font>
<div> </div>
</div>
<div>
<div style="background-color:rgb(255,235,156);width:100%;border-style:solid;border-color:rgb(156,101,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left">
<span style="color:rgb(156,101,0);font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<div>
<div dir="ltr">
<div>Hi Gabor, <br>
</div>
<div><br>
</div>
<div>Do you have some news regarding this issue?<br>
</div>
<div>Another update from my side, is that if I login as root in serial console, I am able to get the notifications:</div>
<div><br>
</div>
<div><b><span style="font-family:monospace">[pid 4155] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = 18</dev/ttyS0<char 4:64>><br>
[pid 4155] write(18</dev/ttyS0<char 4:64>>, "2020 Nov 2 16:14:35 debian10st Entry local0.crit 2020-11-02T16:14:35,489343700+00:00\n", 86) = 86<br>
[pid 4155] close(18</dev/ttyS0<char 4:64>>) = 0</span></b></div>
<div><b><span style="font-family:monospace"><br>
</span></b></div>
<div><b><span style="font-family:monospace">root@debian10st:/home/thanos# w thanos<br>
16:19:50 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00<br>
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>
thanos pts/0 10.0.2.2 26Oct20 6:14 0.07s 1.85s sshd: thanos [priv]<br>
thanos pts/1 10.0.2.2 26Oct20 6:37 0.12s 1.87s sshd: thanos [priv]<br>
thanos pts/2 10.0.2.2 26Oct20 0.00s 0.05s 1.93s sshd: thanos [priv]<br>
root@debian10st:/home/thanos# w root<br>
16:20:15 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00<br>
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>
root ttyS0 - 16:14 13.00s 0.01s 0.01s -bash<br>
<br>
</span></b></div>
<div>Any help appreciated.</div>
<div>Thanks,</div>
<div>Alex<br>
</div>
<div><br>
<b><span style="font-family:monospace"></span></b></div>
</div>
<br>
<div>
<div dir="ltr">On Wed, Oct 28, 2020 at 5:24 PM Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Hi Gabor,</div>
<div><br>
</div>
<div>Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.</div>
<div><br>
</div>
<div>Furthermore, I tried strace and saw the following:</div>
<b><span style="font-family:monospace">[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0<br>
[pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96<br>
[pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)</span></b><br>
<div><br>
</div>
<div>Do you know why? I am launching syslog-ng as root. (full strace in attachment)</div>
<div><br>
</div>
<div>Regards,</div>
<div>Alex<br>
</div>
<div><br>
</div>
<div><b><span style="font-family:monospace">thanos@debian10st:~$ echo test > /dev/ttyS0<br>
test<br>
<br>
root@debian10st:/home/thanos# who am i<br>
thanos pts/1 2020-10-26 20:21 (10.0.2.2)<br>
root@debian10st:/home/thanos# echo "test1" > /dev/pts/1<br>
test1<br>
root@debian10st:/home/thanos#<br>
<br>
thanos@debian10st:~$ who am i<br>
thanos pts/0 2020-10-26 20:21 (10.0.2.2)<br>
thanos@debian10st:~$ echo "test0" > /dev/pts/0<br>
test0<br>
thanos@debian10st:~$<br>
<br>
root@debian10st:/home/thanos# who am i<br>
thanos pts/2 2020-10-26 20:26 (10.0.2.2)<br>
root@debian10st:/home/thanos# echo "test2" > /dev/pts/2<br>
test2</span></b></div>
</div>
<br>
<div>
<div dir="ltr">On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) <<a href="mailto:Gabor.Nagy@oneidentity.com" target="_blank">Gabor.Nagy@oneidentity.com</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Thanks for the info!<br>
<br>
It looks good, messages should be seen on ssh and on serial console too.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="background-color:rgb(255,255,255);display:inline">Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please?</span><br>
</div>
<div id="gmail-m_2754271002235832775x_gmail-m_-8736610256321757847gmail-m_278091542039254679appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_2754271002235832775x_gmail-m_-8736610256321757847gmail-m_278091542039254679divRplyFwdMsg" dir="ltr">
<font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>> on behalf of Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>><br>
<b>Sent:</b> Tuesday, October 27, 2020 10:20<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>
<b>Subject:</b> Re: [syslog-ng] Using usertty</font>
<div> </div>
</div>
<div>
<div style="background-color:rgb(255,235,156);width:100%;border-style:solid;border-color:rgb(156,101,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left">
<span style="color:rgb(156,101,0);font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<div>
<div dir="ltr">
<div><span style="color:rgb(0,0,255)">Hi Gabor,</span></div>
<div><span style="color:rgb(0,0,255)"><br>
</span></div>
<div><span style="color:rgb(0,0,255)">I am running a Debian buster in a VBox guest.</span></div>
<div><br>
</div>
<div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt">Can you check which terminals are the user 'thanos' logged in?</span></div>
<div><span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt"><b><font size="2"><span style="font-family:monospace">root@debian10st:/home/thanos# w thanos<br>
09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00<br>
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT<br>
thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash<br>
thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash<br>
thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv]<br>
thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]</span></font></b><br>
</span></div>
<div><span style="color:rgb(0,0,255)"><br>
</span></div>
<div><span style="color:rgb(0,0,255)">Here are the serial configurations:</span></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a<br>
speed 9600 baud; rows 24; columns 80; line = 0;<br>
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;<br>
discard = <undef>; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
<br>
root@debian10st:/home/thanos# stty -F /dev/pts/0 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;<br>
discard = <undef>; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace"><br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/pts/1 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;<br>
discard = ^O; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc<br>
</span></span></span></b></div>
<div><b><span style="color:rgb(0,0,255)"><span style="color:rgb(0,0,0)"><span style="font-family:monospace"><br>
</span></span></span></b></div>
<div><span style="color:rgb(0,0,255)"><b><span style="color:rgb(0,0,0)"><span style="font-family:monospace">root@debian10st:/home/thanos# stty -F /dev/pts/2 -a<br>
speed 38400 baud; rows 50; columns 184; line = 0;<br>
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;<br>
discard = ^O; min = 1; time = 0;<br>
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts<br>
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8<br>
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0<br>
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc</span></span><br>
</b></span></div>
<div><br>
</div>
<div><span style="color:rgb(0,0,255)">Thanks,</span></div>
<div><span style="color:rgb(0,0,255)">Alex</span><br>
</div>
</div>
<br>
<div>
<div dir="ltr">On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <<a href="mailto:Gabor.Nagy@oneidentity.com" target="_blank">Gabor.Nagy@oneidentity.com</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Hi Alex!<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too:<br>
[2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0'
<div>[2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0'</div>
<div>[2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1'</div>
[2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt">Can you check which terminals are the user 'thanos' logged in?</span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
E.g. use the following command on the command line:<br>
$w thanos<br>
<br>
<span style="background-color:rgb(255,255,255);display:inline">If you don't see a tty with ssh login, that can explain it.</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
About the serial port, maybe it's misconfigured.<br>
Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
<span style="background-color:rgb(255,255,255);display:inline">Can you tell us a bit more about your host and how did you set up the serial port?</span><br>
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Regards,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:11pt;color:rgb(0,0,0)">
Gabor</div>
<div id="gmail-m_2754271002235832775x_gmail-m_-8736610256321757847gmail-m_278091542039254679x_gmail-m_4206308395796789584appendonsend">
</div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_2754271002235832775x_gmail-m_-8736610256321757847gmail-m_278091542039254679x_gmail-m_4206308395796789584divRplyFwdMsg" dir="ltr">
<font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>> on behalf of Alexandre Santos <<a href="mailto:alexandre.rosas.santos@gmail.com" target="_blank">alexandre.rosas.santos@gmail.com</a>><br>
<b>Sent:</b> Friday, October 23, 2020 17:46<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>
<b>Subject:</b> [syslog-ng] Using usertty</font>
<div> </div>
</div>
<div>
<div style="background-color:rgb(255,235,156);width:100%;border-style:solid;border-color:rgb(156,101,0);border-width:1pt;padding:2pt;font-size:10pt;line-height:12pt;font-family:"Calibri";color:black;text-align:left">
<span style="color:rgb(156,101,0);font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>
<br>
<div>
<div dir="ltr">
<div>Hi,</div>
<div>I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.</div>
<div><br>
</div>
<div>But I am not getting any messages in serial port or ssh.<br>
</div>
<div><br>
</div>
<div>I am sending the configurations and the debug log in attachment.</div>
<div><br>
</div>
<div>Can you help me to understand what is happening?</div>
<div><br>
</div>
<div>Thanks in advance,</div>
<div>Alex<br>
</div>
</div>
</div>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064749117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=7vP5RvwprdjTsnpxn%2FGKZSnLKEKNMkZSWLRNm0VcmWM%3D&reserved=0" rel="noreferrer" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064759123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Xm7GImjSLVZjF%2FxVZnfekoEcneSZtZbGLVUMgQjCXbg%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064769102%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=mYy8R5ApHZkNnPpzWBej0b5puajc1UXSZRAmKGtai3Y%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=IJAXC5HyXCssCt0wEokwSAAtyGlr95rEivm4n2oecWc%3D&reserved=0" rel="noreferrer" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=EmG04zdddhO3YGOAs3wy5C3cQaDjZnImfMX3oIpJXuU%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064789099%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=OuBE9WCW2aBFClFyvG%2FuyfmrJTCuJRcLps6xNvnLkmQ%3D&reserved=0" rel="noreferrer" target="_blank">
http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>