Hi Gabor, I am running a Debian buster in a VBox guest. Can you check which terminals are the user 'thanos' logged in? *root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATthanos ttyS0 - Mon20 8:27 0.05s 0.04s -bashthanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bashthanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv]thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]* Here are the serial configurations: *root@debian10st:/home/thanos# stty -F /dev/ttyS0 -aspeed 9600 baud; rows 24; columns 80; line = 0;intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard = <undef>; min = 1; time = 0;-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extprocroot@debian10st:/home/thanos# stty -F /dev/pts/0 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard = <undef>; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* *root@debian10st:/home/thanos# stty -F /dev/pts/1 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* *root@debian10st:/home/thanos# stty -F /dev/pts/2 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* Thanks, Alex On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port?
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, October 23, 2020 17:46 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq