Hi Gabor,

Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.

Furthermore, I tried strace and saw the following:
[pid  2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0
[pid  2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96
[pid  2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)

Do you know why? I am launching syslog-ng as root. (full strace in attachment)

Regards,
Alex

thanos@debian10st:~$ echo test > /dev/ttyS0
test

root@debian10st:/home/thanos# who am i
thanos   pts/1        2020-10-26 20:21 (10.0.2.2)
root@debian10st:/home/thanos# echo "test1" > /dev/pts/1
test1
root@debian10st:/home/thanos#

thanos@debian10st:~$ who am i
thanos   pts/0        2020-10-26 20:21 (10.0.2.2)
thanos@debian10st:~$ echo "test0" > /dev/pts/0
test0
thanos@debian10st:~$

root@debian10st:/home/thanos# who am i
thanos   pts/2        2020-10-26 20:26 (10.0.2.2)
root@debian10st:/home/thanos# echo "test2" > /dev/pts/2
test2

On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:
Thanks for the info!

It looks good, messages should be seen on ssh and on serial console too.
Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please?
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com>
Sent: Tuesday, October 27, 2020 10:20
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Using usertty
 
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi Gabor,

I am running a Debian buster in a VBox guest.

Can you check which terminals are the user 'thanos' logged in?
root@debian10st:/home/thanos# w thanos
 09:15:47 up 22:00,  4 users,  load average: 0.00, 0.02, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
thanos   ttyS0    -                Mon20    8:27   0.05s  0.04s -bash
thanos   pts/0    10.0.2.2         Mon20   12:54m  0.03s  0.03s -bash
thanos   pts/1    10.0.2.2         Mon20   12:50m  0.12s  0.18s sshd: thanos [priv]
thanos   pts/2    10.0.2.2         Mon20    1.00s  0.04s  0.20s sshd: thanos [priv]

Here are the serial configurations:
root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a
speed 9600 baud; rows 24; columns 80; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;
discard = <undef>; min = 1; time = 0;
-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc

root@debian10st:/home/thanos# stty -F /dev/pts/0 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;
discard = <undef>; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc

root@debian10st:/home/thanos# stty -F /dev/pts/1 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc

root@debian10st:/home/thanos# stty -F /dev/pts/2 -a
speed 38400 baud; rows 50; columns 184; line = 0;
intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc

Thanks,
Alex

On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!

I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too:
[2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0'
[2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0'
[2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1'
[2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'

Can you check which terminals are the user 'thanos' logged in?
E.g. use the following command on the command line:
$w thanos

If you don't see a tty with ssh login, that can explain it.

About the serial port, maybe it's misconfigured.
Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please?
Can you tell us a bit more about your host and how did you set up the serial port?

Regards,
Gabor
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com>
Sent: Friday, October 23, 2020 17:46
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] Using usertty
 
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi,
I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.

But I am not getting any messages in serial port or ssh.

I am sending the configurations and the debug log in attachment.

Can you help me to understand what is happening?

Thanks in advance,
Alex
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq