Difficulty with source(net) on Solaris 8 [syslog-ng-1.4.9a]
Greetings, I did as you suggested and I do see the recvfrom() when a message arrives. Never uised truss befor. Interesting, but nothing into the log file. kparis@netlog$ ps -aef | grep sysl kparis 25013 24857 0 13:38:59 pts/1 0:00 grep sysl root 23643 1 0 Sep 12 ? 0:00 /usr/local/sbin/syslog-ng - f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-n truss -p 23643 poll(0xFFBEF658, 3, 60000) = 1 recvfrom(3, " < 5 > 6 7 5 : S e p ".., 519, 0, 0xFFBEF448, 0xFFBEF444) = 99 time() = 1000499766 poll(0xFFBEF658, 3, 100) = 0 poll(0xFFBEF658, 3, 60000) (sleeping...) signotifywait() (sleeping...) lwp_cond_wait(0xFF0F55C8, 0xFF0F55D8, 0xFF1D5C48) (sleeping...) door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) This repeats anytime I change the config on the cisco device ( which immediately sends a message to loghost ) My current config is: kparis@netlog$ cat syslog-ng.conf options { sync(0); keep_hostname(yes); chain_hostnames(no); log_fifo_size (30000); }; source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal (); }; source s_net_udp { udp(); }; destination d_local { file("/var/log/default"); }; log { source(s_local); source(s_net_udp); destination(d_local); }; kparis@netlog$ ls -l /var/log total 34 -rw------- 1 root sys 0 Aug 17 14:41 authlog -rw------- 1 root root 9057 Sep 14 13:29 default .... I can see this indicates the message is arriving to syslog-ng. Am I close ? I am not sure how to proceed from this point. Thanks for your suggestions and support. Best regards, Ken Paris/
try truss-ing syslog-ng whether it receives packets. you should see recvfrom() calls when a message arrives.
-- Bazsi
On Fri, Sep 14, 2001 at 01:50:29PM -0700, Ken Paris wrote:
Greetings,
I did as you suggested and I do see the recvfrom() when a message arrives.
Never uised truss befor. Interesting, but nothing into the log file.
kparis@netlog$ ps -aef | grep sysl kparis 25013 24857 0 13:38:59 pts/1 0:00 grep sysl root 23643 1 0 Sep 12 ? 0:00 /usr/local/sbin/syslog-ng - f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-n
truss -p 23643
poll(0xFFBEF658, 3, 60000) = 1 recvfrom(3, " < 5 > 6 7 5 : S e p ".., 519, 0, 0xFFBEF448, 0xFFBEF444) = 99 time() = 1000499766 poll(0xFFBEF658, 3, 100) = 0 poll(0xFFBEF658, 3, 60000) (sleeping...) signotifywait() (sleeping...) lwp_cond_wait(0xFF0F55C8, 0xFF0F55D8, 0xFF1D5C48) (sleeping...) door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
This repeats anytime I change the config on the cisco device ( which immediately sends a message to loghost )
My current config is: kparis@netlog$ cat syslog-ng.conf options { sync(0); keep_hostname(yes); chain_hostnames(no); log_fifo_size (30000); }; source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal (); }; source s_net_udp { udp(); }; destination d_local { file("/var/log/default"); }; log { source(s_local); source(s_net_udp); destination(d_local); };
kparis@netlog$ ls -l /var/log total 34 -rw------- 1 root sys 0 Aug 17 14:41 authlog -rw------- 1 root root 9057 Sep 14 13:29 default ....
I can see this indicates the message is arriving to syslog-ng. Am I close ?
yes, syslog-ng receives the entry without problems. and the configuration looks ok as well, messages should show up in /var/log/default. If they don't it must be a strange bug. Which syslog-ng version are you using? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Ken Paris