Roberto Thanks. Are you saying if you start syslog-ng before networking and iptables that syslog-ng won't start??? So basically you must start it AFTER filtered network up or else apply your patch? Is that right? chris On Wed, Feb 12, 2003 at 10:10:39AM +0100, Roberto Nibali wrote:
Hello Seberino,
I saw your name on the syslog-ng mailing list
I saw your name on a lot of mailinglists lately, IIRC :)
and was hoping I could humbly ask you a newbie question about it
I'm only on the list since January this year but I've been working with syslog-ng for about 2 years now, so I might be able to help you.
if you don't mind. I read manual and could not find this question answered...
The manual is rather sparse with words and assumes that the reader is already very familiar with other daemons and Unix processing.
Can I just start syslog-ng daemon from /etc/rc.d/rc.local (in Linux) like this...
I'm not so sure what Linux distribution you use but I can hardly imagine that you start daemons from ../rc.local. There must be a /etc/rc.d/init.d/syslog-ng and then some softlinks from your runlevel dir to /etc/rc.d/init.d/syslog-ng
/usr/local/sbin/syslog-ng &
There is no need to send it in the background since it is a daemon. It will fork() and then the calling process will _exit().
i.e. 1. Do I need any switches on command line?
I do not know your node's requirements and I also do not know your architectural approach to logging so it's kind of difficult to make accurate suggestions. What you could do is invoke syslog-ng with --help as option and read through those:
# ./syslog-ng --help Usage: syslog-ng [options] Accept and manage system log messages
Options: -s, --syntax-only Only read and parse config file -d, --debug Turn on debugging messages -v, --verbose Be a bit more verbose -F, --foreground Don't fork into background -f <fname>, --cfgfile=<fname> Set config file name, default=/etc/syslog-ng/syslog-ng.conf -V, --version Display version number (syslog-ng 1.5.26) -p <fname>, --pidfile=<fname> Set pid file name, default=/var/run/syslog-ng.pid -C <dir>, --chroot=<dir> Chroot to directory -u <user>, --user=<user> Switch to user -g <group>, --group=<group> Switch to group #
Feel free to submit any of those to your syslog-ng start command line :)
2. Is there any danger in not starting logging sooner in boot process??
From you email I cannot see exactly at which point you start the syslog-ng but I recommend you to start it early enough or you might loose some important messages. There is a problem with starting it early and having strict packet filter rules and interface link state down. It's a feature in syslog-ng that it will not restart in that case. I've done a simplistic but very useful (for our purposes) patch:
--- syslog-ng-1.5.26-template/src/afinet.c Wed Feb 5 16:04:56 2003 +++ syslog-ng-1.5.26-template-tA/src/afinet.c Thu Feb 6 13:52:33 2003 @@ -491,7 +491,11 @@ return ST_OK | ST_GOON; } else { +#if 0 if (errno == ECONNREFUSED) { +#else + if ( 1 ) { +#endif io_callout(self->cfg->backend, self->cfg->time_reopen, make_driver_reinit(&self->super.super.super, self->cfg));
So if you get your question answered may I humbly ask you to send this to Nate Campi <mailto:nate@campin.net> for a possible inclusion into the FAQ? He might add it or might not, depending on how generous he is towards newbie questions :)
HTH and best regards, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
-- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2872 San Diego, CA 92152-6147 U.S.A. Phone: (619) 553-9973 Fax: Email: seberino@spawar.navy.mil _______________________________________