Hi, I'm trying to use the unix-stream destination to send data to another application which opens the socket in line mode. The problem is that both ends complain about the connection breaking all the time: syslog-ng[31002]: Syslog connection broken; fd='24', server='AF_UNIX(/var/run/otherapp.sock)', time_reopen='60' otherapp[123445]: failed to read from socket #10: Connection reset by peer I tracked down the problem to the fact that otherapp sends some data after receiving a line from syslog-ng: "data ok", and syslog-ng doesn't seem to like that. If I set up a unidirectional proxy (that filters out upstream "data ok") between syslog-ng and otherapp everything works fine: socat -u UNIX-LISTEN:/tmp/proxy.sock,fork UNIX-CONNECT:/var/run/otherapp.sock Am I doing something wrong here, or is this a known limitation of syslog-ng?
Do you have access to the sourcode of otherapp ? My first guess would be to look at the options of how each end handles the socket. Jim On Wed, Apr 12, 2017 at 7:21 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I'm trying to use the unix-stream destination to send data to another application which opens the socket in line mode. The problem is that both ends complain about the connection breaking all the time:
syslog-ng[31002]: Syslog connection broken; fd='24', server='AF_UNIX(/var/run/otherapp.sock)', time_reopen='60' otherapp[123445]: failed to read from socket #10: Connection reset by peer
I tracked down the problem to the fact that otherapp sends some data after receiving a line from syslog-ng: "data ok", and syslog-ng doesn't seem to like that.
If I set up a unidirectional proxy (that filters out upstream "data ok") between syslog-ng and otherapp everything works fine:
socat -u UNIX-LISTEN:/tmp/proxy.sock,fork UNIX-CONNECT:/var/run/ otherapp.sock
Am I doing something wrong here, or is this a known limitation of syslog-ng?
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Syslog-ng doesnt expect data on the socket on the reverse direction and shuts down the connection if anything is received. It is meant to work with /dev/log like devices. I was wondering if it's correct to ignore the reverse direction, is it? On Apr 12, 2017 2:34 PM, "Jim Hendrick" <james.r.hendrick@gmail.com> wrote:
Do you have access to the sourcode of otherapp ?
My first guess would be to look at the options of how each end handles the socket.
Jim
On Wed, Apr 12, 2017 at 7:21 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I'm trying to use the unix-stream destination to send data to another application which opens the socket in line mode. The problem is that both ends complain about the connection breaking all the time:
syslog-ng[31002]: Syslog connection broken; fd='24', server='AF_UNIX(/var/run/otherapp.sock)', time_reopen='60' otherapp[123445]: failed to read from socket #10: Connection reset by peer
I tracked down the problem to the fact that otherapp sends some data after receiving a line from syslog-ng: "data ok", and syslog-ng doesn't seem to like that.
If I set up a unidirectional proxy (that filters out upstream "data ok") between syslog-ng and otherapp everything works fine:
socat -u UNIX-LISTEN:/tmp/proxy.sock,fork UNIX-CONNECT:/var/run/otherapp.sock
Am I doing something wrong here, or is this a known limitation of syslog-ng?
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Maybe an option for the destination that controls that? Would you ever want to receive status back on the destination, or would simply an "ignore responses" fit the bill? On Wed, Apr 12, 2017 at 4:04 PM, Balazs Scheidler <bazsi77@gmail.com> wrote:
Syslog-ng doesnt expect data on the socket on the reverse direction and shuts down the connection if anything is received.
It is meant to work with /dev/log like devices.
I was wondering if it's correct to ignore the reverse direction, is it?
On Apr 12, 2017 2:34 PM, "Jim Hendrick" <james.r.hendrick@gmail.com> wrote:
Do you have access to the sourcode of otherapp ?
My first guess would be to look at the options of how each end handles the socket.
Jim
On Wed, Apr 12, 2017 at 7:21 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
I'm trying to use the unix-stream destination to send data to another application which opens the socket in line mode. The problem is that both ends complain about the connection breaking all the time:
syslog-ng[31002]: Syslog connection broken; fd='24', server='AF_UNIX(/var/run/otherapp.sock)', time_reopen='60' otherapp[123445]: failed to read from socket #10: Connection reset by peer
I tracked down the problem to the fact that otherapp sends some data after receiving a line from syslog-ng: "data ok", and syslog-ng doesn't seem to like that.
If I set up a unidirectional proxy (that filters out upstream "data ok") between syslog-ng and otherapp everything works fine:
socat -u UNIX-LISTEN:/tmp/proxy.sock,fork UNIX-CONNECT:/var/run/otherapp.sock
Am I doing something wrong here, or is this a known limitation of syslog-ng?
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Wed, Apr 12, 2017 at 04:40:29PM -0400, Jim Hendrick wrote:
Would you ever want to receive status back on the destination, or would simply an "ignore responses" fit the bill?
for my particular use-case ignoring would fit perfectly :-) see https://github.com/balabit/syslog-ng/pull/1433
Hi, On Wed, Apr 12, 2017 at 10:04:34PM +0200, Balazs Scheidler wrote:
Syslog-ng doesnt expect data on the socket on the reverse direction and shuts down the connection if anything is received.
It is meant to work with /dev/log like devices.
I was wondering if it's correct to ignore the reverse direction, is it?
Would you agree to change the behaviour? I don't think it would break existing behaviour (only unexpectedly repair things :))
Well, I can agree that this should be an option, but I didnt get around to implement this. We actually process the input right now, but instead of simply terminating the connnection we should just read and ignore it. On May 9, 2017 2:33 PM, "Fabien Wernli" <wernli@in2p3.fr> wrote:
Hi,
On Wed, Apr 12, 2017 at 10:04:34PM +0200, Balazs Scheidler wrote:
Syslog-ng doesnt expect data on the socket on the reverse direction and shuts down the connection if anything is received.
It is meant to work with /dev/log like devices.
I was wondering if it's correct to ignore the reverse direction, is it?
Would you agree to change the behaviour? I don't think it would break existing behaviour (only unexpectedly repair things :))
I wonder - would there be value to be able to see the returned data? Maybe as an option to populate a macro with this data. Just thinking that there might be useful information coming back on the socket in some cases. Jim On Wed, May 10, 2017 at 2:54 AM, Balazs Scheidler <bazsi77@gmail.com> wrote:
Well, I can agree that this should be an option, but I didnt get around to implement this.
We actually process the input right now, but instead of simply terminating the connnection we should just read and ignore it.
On May 9, 2017 2:33 PM, "Fabien Wernli" <wernli@in2p3.fr> wrote:
Hi,
On Wed, Apr 12, 2017 at 10:04:34PM +0200, Balazs Scheidler wrote:
Syslog-ng doesnt expect data on the socket on the reverse direction and shuts down the connection if anything is received.
It is meant to work with /dev/log like devices.
I was wondering if it's correct to ignore the reverse direction, is it?
Would you agree to change the behaviour? I don't think it would break existing behaviour (only unexpectedly repair things :))
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Wed, May 10, 2017 at 04:28:33PM -0400, Jim Hendrick wrote:
I wonder - would there be value to be able to see the returned data?
Maybe as an option to populate a macro with this data.
Just thinking that there might be useful information coming back on the socket in some cases.
Great idea, then again, it would even make sense to have a mixed source-destination :-D
Well, that's called a protocop transport, and we have those :) On May 11, 2017 8:21 AM, "Fabien Wernli" <wernli@in2p3.fr> wrote:
On Wed, May 10, 2017 at 04:28:33PM -0400, Jim Hendrick wrote:
I wonder - would there be value to be able to see the returned data?
Maybe as an option to populate a macro with this data.
Just thinking that there might be useful information coming back on the socket in some cases.
Great idea, then again, it would even make sense to have a mixed source-destination :-D
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Balazs Scheidler
-
Fabien Wernli
-
Jim Hendrick