On Thu, May 16, 2002 at 02:16:58PM -0400, dcntrnoc@cmp.com wrote:
Hi all,
I have been running syslog-ng on a handful of Solaris boxes for some time now with no problems, and am attempting to get it running on HP-UX. I have compiled (with gcc) and installed syslog-ng 1.5.16 and libol 0.3.2 on a system running HP-UX 11.00. I am using the following source statement in my config file:
source s_sys { pipe("/dev/log"); internal(); };
Err... Ah, are you sure that opening a pipe from /dev/log will yeild what you want? /dev/log is usually a Unix domain socket, which might put more in the stream asside from ASCII. I'd turn off any syslog daemons you have and just cat /dev/log | od If your output looks strikingly similar to the output you have seen in your remote log files, you will know that this is the problem. I don't have any (nor have I ever used) an HP-UX box, but I'd guess you want source s_sys { unix-dgram("/dev/log");}; or source s_sys { unix-stream("/dev/log");}; This might not be the issue, but its really easy to try, so why not rule it out.
The filters are based on facility. It seems that the only readable output in the destination files come from either the internal source (ex. May 7 17:47:24 myhost syslog-ng[5675]: SIGHUP received, restarting syslog-ng), or from a message I sent via logger. The rest of the output looks like this:
[snip]
Any ideas? I don't know quite what to make of this.
As I said above, /dev/log is likely a Unix domain socket. The other things you see might be keep alive messages, header information or other such things (if you are familar with INET domain sockets (TCP) Unix domain sockets can have similar properties and mechanisms). All of which will be binary, not ASCII. ---------------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary (_)/(_) http://pages.cpsc.ucalgary.ca/~arlt/ Computer Science