Hi, I have following lines in syslog-ng.conf filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); }; When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe What does it mean ? It happen from time to time, not always. przemol
I have following lines in syslog-ng.conf
filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); };
When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe
What does it mean ? It happen from time to time, not always.
probably the mail program exits for some reason... you may try to write a wrapper script sending logs in a batch, e.g.: repeat while something is available: read 100 lines, mail it loop maybe mail can't read messages exceeding some limit in size. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Wed, Apr 05, 2000 at 05:04:44PM +0200, Balazs Scheidler wrote:
I have following lines in syslog-ng.conf
filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); };
When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe
What does it mean ? It happen from time to time, not always.
probably the mail program exits for some reason... you may try to write a wrapper script sending logs in a batch, e.g.:
repeat while something is available: read 100 lines, mail it loop
maybe mail can't read messages exceeding some limit in size.
I use standard mail program in Debian slink: # which mail /usr/bin/mail # dpkg -S `which mail` mailx: /usr/bin/mail przemol
On Wed, Apr 05, 2000 at 05:04:44PM +0200, Balazs Scheidler wrote:
I have following lines in syslog-ng.conf
filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); };
When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe
What does it mean ? It happen from time to time, not always.
probably the mail program exits for some reason... you may try to write a wrapper script sending logs in a batch, e.g.:
repeat while something is available: read 100 lines, mail it loop
maybe mail can't read messages exceeding some limit in size.
When I run: # logger aaa I can see (ps ax), that mail is waiting for something. # strace -p <pid of mail> read(0, <CTRL>C # It looks like mail is waiting for something to finish (<CTRL>C means pressing CTRL+C). przemol
filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); };
When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe
What does it mean ? It happen from time to time, not always.
probably the mail program exits for some reason... you may try to write a wrapper script sending logs in a batch, e.g.:
repeat while something is available: read 100 lines, mail it loop
maybe mail can't read messages exceeding some limit in size.
When I run: # logger aaa I can see (ps ax), that mail is waiting for something. # strace -p <pid of mail> read(0, <CTRL>C #
It looks like mail is waiting for something to finish (<CTRL>C means pressing CTRL+C).
Of course it's waiting for something, the body of the message. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Fri, Apr 07, 2000 at 02:07:58PM +0200, Balazs Scheidler wrote:
filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); }; [...] It looks like mail is waiting for something to finish (<CTRL>C means pressing CTRL+C).
Of course it's waiting for something, the body of the message.
So it means that I misunderstood documentation. It is written in there: This driver fork()'s executes the given program with the given arguments and sends messages down to the stdin of the child. I expected that it (driver program()) will send line of message to stdin of mail. Am I wrong, Bazsi (look at begin of my e-mail, there is part of my configuration file) ? przemol
destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); }; [...] It looks like mail is waiting for something to finish (<CTRL>C means pressing CTRL+C).
Of course it's waiting for something, the body of the message.
So it means that I misunderstood documentation. It is written in there:
This driver fork()'s executes the given program with the given arguments and sends messages down to the stdin of the child.
I expected that it (driver program()) will send line of message to stdin of mail. Am I wrong, Bazsi (look at begin of my e-mail, there is part of my configuration file) ?
syslog-ng forks, executes the given program and keeps this program running while syslog-ng is reinitialized or is shut down. Lines are written to the stdin as they become available, but the stream is not closed after each line. So mail waits for a line, and waits for the next one and so on, presumably until its internal buffer gets full. It then probably exits, thus the pipe is broken, which results in the error message emitted by syslog-ng. I hope I could clear up the situation. Use a small script reading a single line at a time, and lauch mail after each line, like I suggested in one of my previous messages. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
participants (2)
-
Balazs Scheidler
-
Przemek Bak