Hi Gabor,Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.Furthermore, I tried strace and saw the following:[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0
[pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96
[pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)Do you know why? I am launching syslog-ng as root. (full strace in attachment)Regards,Alexthanos@debian10st:~$ echo test > /dev/ttyS0
test
root@debian10st:/home/thanos# who am i
thanos pts/1 2020-10-26 20:21 (10.0.2.2)
root@debian10st:/home/thanos# echo "test1" > /dev/pts/1
test1
root@debian10st:/home/thanos#
thanos@debian10st:~$ who am i
thanos pts/0 2020-10-26 20:21 (10.0.2.2)
thanos@debian10st:~$ echo "test0" > /dev/pts/0
test0
thanos@debian10st:~$
root@debian10st:/home/thanos# who am i
thanos pts/2 2020-10-26 20:26 (10.0.2.2)
root@debian10st:/home/thanos# echo "test2" > /dev/pts/2
test2On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:______________________________________________________________________________Thanks for the info!
It looks good, messages should be seen on ssh and on serial console too.Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please?
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com>
Sent: Tuesday, October 27, 2020 10:20
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Using userttyCAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Gabor,
I am running a Debian buster in a VBox guest.
Can you check which terminals are the user 'thanos' logged in?root@debian10st:/home/thanos# w thanos
09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash
thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash
thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv]
thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]
Here are the serial configurations:root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a
speed 9600 baud; rows 24; columns 80; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;
discard = <undef>; min = 1; time = 0;
-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
root@debian10st:/home/thanos# stty -F /dev/pts/0 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;
discard = <undef>; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
root@debian10st:/home/thanos# stty -F /dev/pts/1 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
root@debian10st:/home/thanos# stty -F /dev/pts/2 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
Thanks,Alex
On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:
______________________________________________________________________________Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too:
[2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0'[2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0'[2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1'[2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in?
E.g. use the following command on the command line:
$w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured.
Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please?Can you tell us a bit more about your host and how did you set up the serial port?
Regards,Gabor
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com>
Sent: Friday, October 23, 2020 17:46
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] Using userttyCAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance,Alex
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq