Re: syslog-ng digest, Vol 1 #250 - 4 msgs
On Mon, 28 Aug 2000 07:12:48 +0200 syslog-ng-admin@lists.balabit.hu wrote:
1. Once my linux box receive a log, how can I redirect this log message to someone's mail(someone@somewhere.com)?
You could use the program() destination to send messages to a custom script, which may send an email or anything you want to.
Can you show me how to use the program() in syslog-ng.conf? And how does the program() pass the message to a custom script? using system environment? Thanks. Best Regards Jason Tsai E-Mail: jason@leadon.com.tw Tel: +886-2-23949911#815
1. Once my linux box receive a log, how can I redirect this log message to someone's mail(someone@somewhere.com)?
You could use the program() destination to send messages to a custom script, which may send an email or anything you want to.
Can you show me how to use the program() in syslog-ng.conf? And how does the program() pass the message to a custom script? using system environment?
destination script { program("/usr/local/lib/loganal.sh"); }; the script receives its lines on its standard input, line by line. the script is executed once, and is restarted on SIGHUPs. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
Balazs, I've posted in the past about how my loghost that accepts logging only via TCP is unstable while my loghosts that collect only via UDP are very stable. Well I've collected some new data that may be helpful. Every hour at exactly 30 minutes past the hour (7:30, 8:30, 9:30, etc) syslog-ng dies with the error: syslog-ng: io.c:172: io_iter: Assertion `i < nfds' failed. Then at 31 minutes past the hour my "syslog-ng.check" script (running from cron every minute) sees that syslog-ng isn't running and restarts it. syslog-ng runs fine for another hour, then at 30 minutes past the next hour it dies again, and the cycle continues. I'm not a C coder so I have no idea where in the source to look, so I thought I'd just post my findings here. Thanks for any help. OBTW I'm running syslog-ng 1.4.5 with libol 0.2.18 -- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
Nate Campi on Thu 31/08 12:05 -0700:
Every hour at exactly 30 minutes past the hour (7:30, 8:30, 9:30, etc) syslog-ng dies with the error:
syslog-ng: io.c:172: io_iter: Assertion `i < nfds' failed.
Yes, we have the same problem here. But I never compiled debugging symbols into by binary yet so I couldn't get the line number (and there I think three of those assertions in that routine)
Then at 31 minutes past the hour my "syslog-ng.check" script (running from cron every minute) sees that syslog-ng isn't running and restarts it. syslog-ng runs fine for another hour, then at 30 minutes past the next hour it dies again, and the cycle continues.
I also have a script that restarts syslog-ng every hour :) Otherwise, it crashes 3-4 times per day, and leaks memory like a seive. I gave up trying to find the problem because of the strange libol junk.
On Thu, Aug 31, 2000 at 03:48:01PM -0400, Scott McDermott wrote:
Nate Campi on Thu 31/08 12:05 -0700:
Every hour at exactly 30 minutes past the hour (7:30, 8:30, 9:30, etc) syslog-ng dies with the error:
syslog-ng: io.c:172: io_iter: Assertion `i < nfds' failed.
Yes, we have the same problem here. But I never compiled debugging symbols into by binary yet so I couldn't get the line number (and there I think three of those assertions in that routine)
try to apply this patch to your libol: Index: io.c =================================================================== RCS file: /var/cvs/libol/src/io.c,v retrieving revision 1.21 diff -u -r1.21 io.c --- io.c 2000/06/23 12:55:51 1.21 +++ io.c 2000/09/01 10:09:38 @@ -97,11 +97,9 @@ int timeout = -1; time_t now = time(NULL); - nfds = 0; { - /* Prepare fd:s. This fase calls the prepare-methods, also -closes + /* Prepare fd:s. This fase calls the prepare-methods, also closes * and unlinks any fd:s that should be closed, and also counts how * many fd:s there are. */ @@ -140,7 +138,6 @@ *fd_p = fd->next; continue; } - nfds++; fd_p = &fd->next; } @@ -155,6 +152,15 @@ if (timeout == -1 || (n->when - now < timeout)) { timeout = n->when - now; } + } + } + nfds = 0; + + { + struct nonblocking_fd *fd; + + for(fd = b->files; fd; fd = fd->next) { + nfds++; } }
Then at 31 minutes past the hour my "syslog-ng.check" script (running from cron every minute) sees that syslog-ng isn't running and restarts it. syslog-ng runs fine for another hour, then at 30 minutes past the next hour it dies again, and the cycle continues.
I also have a script that restarts syslog-ng every hour :) Otherwise, it crashes 3-4 times per day, and leaks memory like a seive. I gave up trying to find the problem because of the strange libol junk.
I understand that libol may be a bit cumbersome for someone new to garbage collectors and such. I've silently released 1.4.6 of syslog-ng, my crashtest was the following: I had two computers: szundi and kuka both of them running syslog-ng. szundi sent its logs to kuka using a TCP connection. Two instances of stresstest.sh (found in the /doc directory, modified to loop forever) was running continuosly on szundi, and a single instance on kuka. Every 20 minutes a HUP signal was sent to both hosts. syslog-ng didn't leak on either one. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
Just as I'm leaving, I noticed this on my loghost at work (redhat 6.2, UDP logging for around 50 hosts): Sep 5 18:13:04 loghost syslog-ng[24136]: syslog-ng version 1.4.4 starting Sep 5 18:13:04 loghost syslog: syslog-ng startup succeeded Sep 5 18:13:04 loghost syslog: klogd startup succeeded Sep 5 18:13:06 loghost syslog-ng[24136]: io.c: do_write: write() failed (errno 27), File too large Obviously I need to rotate the logs more often on that host, but were you aware that there is a limit to the file sizes syslog-ng could write to? # ls -al /var/log/messages -rw----r-- 1 root root 9048923 Sep 5 18:15 messages Ok, that's a huge logfile, but I just wanted to post that here in case it's relevant. -- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
hi,
Just as I'm leaving, I noticed this on my loghost at work (redhat 6.2, UDP logging for around 50 hosts):
Sep 5 18:13:04 loghost syslog-ng[24136]: syslog-ng version 1.4.4 starting Sep 5 18:13:04 loghost syslog: syslog-ng startup succeeded Sep 5 18:13:04 loghost syslog: klogd startup succeeded Sep 5 18:13:06 loghost syslog-ng[24136]: io.c: do_write: write() failed (errno 27), File too large
Obviously I need to rotate the logs more often on that host, but were you aware that there is a limit to the file sizes syslog-ng could write to?
# ls -al /var/log/messages -rw----r-- 1 root root 9048923 Sep 5 18:15 messages
Ok, that's a huge logfile, but I just wanted to post that here in case it's relevant.
it's not that huge. I've syslog-ng installations where the log file size was above 1gigs, so I don't think it's syslog-ng which limits the file size. maybe your log partition was full? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Tue, 5 Sep 2000, Nate Campi wrote:
# ls -al /var/log/messages -rw----r-- 1 root root 9048923 Sep 5 18:15 messages
Ok, that's a huge logfile, but I just wanted to post that here in case it's relevant.
I'm sorry, I didn't show the big one: # ls -al /var/log/maillog -rw------- 1 root root 2147483647 Sep 2 20:50 maillog Is over 2 gigs huge? ;) Now is that the limit of syslog-ng? I have 15 gigs or so free in the filesystem it's on. -- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
Your log file size of 2147483647 strongly suggests that Linux ext2 filesystem has max single file size of 2 gigabytes. As (2^32)/2 equals 2147483648... -Mni ------------------------------------------------------------- Mikko Niskanen phone +358 3 224 5384 Network Specialist fax +358 3 224 3116 Tampere Telephone Plc address P.O.Box 138, 33101 TAMPERE Finland
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu]On Behalf Of Nate Campi Sent: Wed, 06 Sep 2000 22:17 To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]file to large error
On Tue, 5 Sep 2000, Nate Campi wrote:
# ls -al /var/log/messages -rw----r-- 1 root root 9048923 Sep 5 18:15 messages
Ok, that's a huge logfile, but I just wanted to post that here in case it's relevant.
I'm sorry, I didn't show the big one:
# ls -al /var/log/maillog -rw------- 1 root root 2147483647 Sep 2 20:50 maillog
Is over 2 gigs huge? ;) Now is that the limit of syslog-ng? I have 15 gigs or so free in the filesystem it's on.
-- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
On Thu, 7 Sep 2000, Mikko Niskanen wrote:
Your log file size of 2147483647 strongly suggests that Linux ext2 filesystem has max single file size of 2 gigabytes. As (2^32)/2 equals 2147483648...
-Mni
D'oh! Here I am poining fingers at poor Balazs when it had nothing to do with his code. Sorry for wasting your time. -- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
I have a firewall that receives logs over TCP for one host, logs locally, and forwards all logs over UDP to another host inside a private network. The logs forwarded over UDP from the relay are all being logged on the inside host with the hostname of the relaying box. I used this on the gateway box: options { chain_hostnames(yes); long_hostnames(off); sync(0); }; Doesn't the chain_hostnames variable control this? What do I need to do? -- Nate Campi "If we knew what we were doing, it wouldn't be called research." - Einstein
I have a firewall that receives logs over TCP for one host, logs locally, and forwards all logs over UDP to another host inside a private network.
The logs forwarded over UDP from the relay are all being logged on the inside host with the hostname of the relaying box.
I used this on the gateway box:
options { chain_hostnames(yes); long_hostnames(off); sync(0); };
Doesn't the chain_hostnames variable control this? What do I need to do?
chain_hostnames is equivalent to long_hostnames, so you turn it on and off :), and the last one is significant. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
participants (5)
-
Balazs Scheidler
-
Jason Tsai
-
Mikko Niskanen
-
Nate Campi
-
Scott McDermott