I am using syslog-ng 1.6.5 on a Gentoo Linux system running kernel 2.6.9. I have recently modified an open source utility called NTsyslog to send Windows NT style event logs via TCP to my syslog-ng server. Everything seems to work fine except I receive a io.c read() error for every event sent over the network via TCP. Anyone have any ideas of what my problem might be? Here are a few bits of info: Logs that I see when TCP syslog communication is attempted: Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3038 Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3038 Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3039 Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3039 Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3066 Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3066 Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3067 Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3067 Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3077 Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3077 Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3078 Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3078 Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3092 Mar 30 10:58:53 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3092 Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3093 Mar 30 10:59:16 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3093 Afinet.c in syslog-ng 1.6.6 sources where io_read() is called: /* af_inet source connection */ static int do_init_afinet_source_connection(struct log_handler *c, struct syslog_config *cfg, struct persistent_config *persistent) { CAST(afsocket_source_connection, self, c); if (self->client_addr) { CAST(inet_address_info, inet, self->client_addr); /* SOCK_STREAM */ notice("AF_INET client connected from %S, port %i\n", inet->ip, inet->port); io_read(self->client, make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, cfg->bad_hostname, c), make_afsocket_source_close_callback(self)); } else { /* SOCK_DGRAM */ io_read(self->client, make_log_reader(1, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, cfg->bad_hostname, c), make_afsocket_source_close_callback(self)); } return ST_OK | ST_GOON; } < -----END of CODE ---- > I have been trying to find what values are passed to io_read() and make_log_reader() but I have been unsuccessfull. Thanks in advance for any replies. Alex S. <p class=MsoNormal><span style='font-size:8.5pt'>This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient. Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</p>
It looks like NTsyslog for each message is: 1] creates a TCP session, 2] sends the message 3] closes TCP ----- Offhand I'm not familiar with NT syslog, but see if you can keep a persistant TCP connection with it. A non-optimal solution would be to filter those messages out with syslog-ng. - Dave On Wed, 30 Mar 2005 11:14:43 -0600, SOLIS, ALEX <asolis@oppd.com> wrote:
I am using syslog-ng 1.6.5 on a Gentoo Linux system running kernel 2.6.9. I have recently modified an open source utility called NTsyslog to send Windows NT style event logs via TCP to my syslog-ng server. Everything seems to work fine except I receive a io.c read() error for every event sent over the network via TCP. Anyone have any ideas of what my problem might be? Here are a few bits of info:
Logs that I see when TCP syslog communication is attempted:
Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3038
Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3038
Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3039
Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3039
Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3066
Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3066
Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3067
Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3067
Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3077
Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3077
Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3078
Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3078
Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3092
Mar 30 10:58:53 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3092
Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client connected from 192.168.11.19, port 3093
Mar 30 10:59:16 src@lookout syslog-ng[3166]: io.c: do_read: read() failed (errno 104), Connection reset by peer
Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client dropped connection from 192.168.11.19, port 3093
Afinet.c in syslog-ng 1.6.6 sources where io_read() is called:
/* af_inet source connection */
static int
do_init_afinet_source_connection(struct log_handler *c,
struct syslog_config *cfg,
struct persistent_config *persistent)
{
CAST(afsocket_source_connection, self, c);
if (self->client_addr) {
CAST(inet_address_info, inet, self->client_addr);
/* SOCK_STREAM */
notice("AF_INET client connected from %S, port %i\n",
inet->ip, inet->port);
io_read(self->client,
make_log_reader(0, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, cfg->bad_hostname, c),
make_afsocket_source_close_callback(self));
}
else {
/* SOCK_DGRAM */
io_read(self->client,
make_log_reader(1, NULL, cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0, cfg->bad_hostname, c),
make_afsocket_source_close_callback(self));
}
return ST_OK | ST_GOON;
}
< -----END of CODE ---- >
I have been trying to find what values are passed to io_read() and make_log_reader() but I have been unsuccessfull.
Thanks in advance for any replies.
Alex S.
<p class=MsoNormal><span style='font-size:8.5pt'>This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient. Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</p>
participants (2)
-
Dave Johnson
-
SOLIS, ALEX