On Thu, Aug 21, 2008 at 7:25 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, 2008-08-20 at 09:10 -0500, midnight codder wrote:
> Thanks for all of those alternatives.
> Allow me to rephrase my question (any idea): Does anyone have any idea
> as to why I am getting the broken pipe?
> The script I am using now is for the sake of simplifying things so I
> can pin point where troubles begin.
> We are not going to use such a script in production.
> The original java program that was supposed to be the destination is
> much more complicated, although in a sense it still reads the log
> messages off of std in, just like the script. (it is the handling of
> the logs afterwards that is complex).
> I shall investigate into using one of the alternatives, however - I
> will still be happy to know what might have went wrong.

>
>         <priC> <date 08-08-19T15:13:56.198-05:00> <host=oracle-test>
>         <msg=syslog-ng[27971]: I/O error occurred while writing;
>         fd='11', error='Broken pipe (32)'>
>         <priF> <date 08-08-19T15:13:56.198-05:00> <host=oracle-test>
>         <msg=syslog-ng[27971]: Sending child a TERM signal;
>         child_pid='27972'>

Your script terminates for some reason, it's not syslog-ng that kills
your process, it is your script that dies.

please run syslog-ng under strace -f (to follow forks) and see why your
shell script exits.

--
Bazsi

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


Balazs,
I can't seem to find the command line option that you've mentioned. there is -F (running int he foreground) and -f <config file name>.
I don't see any command line option that refers to following forks.
I am running syslog-ng with -v and -d to get as many as messages as possible.

The good news, however, are that the script now is running successfully. (I had a typo, as usually, the mistake is so obvious it cannot be noticed)
But my java program still fails to intercept any message. For any of you java driven syslog-ng users out there, please review this bit of code, perhaps you can point out where I went wrong. Here is the java code, it is a small main method:


 static public void main(String[] args) throws IOException {
      int counter = 0;
      Scanner scanner = new Scanner(System.in);
      while (scanner.hasNextLine()) {
         counter++;
         String syslog = scanner.nextLine();
         FileWriter writer =
            new FileWriter(
               new File(
                  System.getProperty("user.home") + "/" +
                  SyslogProgramDestination.class.getSimpleName() + "_" +
                  counter + ".log"));
         try {
            writer.write(syslog + "\n");
         } catch (Exception e) {
            e.printStackTrace();
         } finally {
            writer.close();
         }
      }
   }
}