syslog-ng-2.0.5 on HP-UX 11.11
Hello, I try to compile the new version 2.0.5 on HP-UX 11.11. configure is running without erorrs. (./configure --enable-dynamic-linking) make stops with the following error : if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/eventlog -DLIBNET_BIG_ENDIAN -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 -Wall -g -MT afinet.o -MD -MP -MF ".deps/afinet.Tpo" \ -c -o afinet.o `test -f 'afinet.c' || echo './'`afinet.c; \ then mv -f ".deps/afinet.Tpo" ".deps/afinet.Po"; \ else rm -f ".deps/afinet.Tpo"; exit 1; \ fi afinet.c: In function 'afinet_setup_socket': afinet.c:163: error: storage size of 'mreq' isn't known afinet.c:163: warning: unused variable 'mreq' *** Error exit code 1 How can I solve this problem ? kind regards Uwe Martin Festo AG & Co. KG Uwe Martin Abteilung IN-O Network-Operation Obere Kaiserstraße 303 D - 66386 St. Ingbert Tel: ++49 (0) 6894-591-6323 Fax: ++49 (0) 6894-591-6326 http://www.festo.com Der Inhalt dieses E-Mails ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieses E-Mails durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender des E-Mails in Verbindung zu setzen, falls Sie nicht der Adressat dieses E-Mails sind und das Material von Ihrem Computer zu loeschen. This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended recipient of this e-mail, please delete it and immediately notify the sender. Rechtsform: Kommanditgesellschaft Sitz: Esslingen a.N. Registergericht Stuttgart HRA 211583 Umsatzsteuerident-Nummer: DE 145339206 Persoenlich haftende Gesellschafterin:Festo Aktiengesellschaft Sitz: Stuttgart Registergericht Stuttgart HRB 18535 Vorstand: Dr. Ekkehard Gericke, Lothar Kempf, Dipl.-Ing. Rudi Menrad Dr. Thomas Rubbe Dr. Eberhard Veit (Sprecher) Dr. Ulrich Walker Aufsichtsratsvorsitzender: Dr. Wilfried Stoll
On Mon, 2007-07-30 at 16:53 +0200, Uwe Martin wrote:
Hello,
I try to compile the new version 2.0.5 on HP-UX 11.11. configure is running without erorrs. (./configure --enable-dynamic-linking)
make stops with the following error :
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/eventlog -DLIBNET_BIG_ENDIAN -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 -Wall -g -MT afinet.o -MD -MP -MF ".deps/afinet.Tpo" \ -c -o afinet.o `test -f 'afinet.c' || echo './'`afinet.c; \ then mv -f ".deps/afinet.Tpo" ".deps/afinet.Po"; \ else rm -f ".deps/afinet.Tpo"; exit 1; \ fi afinet.c: In function 'afinet_setup_socket': afinet.c:163: error: storage size of 'mreq' isn't known afinet.c:163: warning: unused variable 'mreq' *** Error exit code 1
How can I solve this problem ?
Hmm... struct ip_mreq is defined in <netinet/in.h> on HP-UX, and that file is included by afinet.c Can you check if adding _HPUX_SOURCE define to your CFLAGS fixes the problem? You can accomplish this by rerunning configure like this: ./configure CFLAGS=-D_HPUX_SOURCE and then run make again. -- Bazsi
I try it with : ./configure --enable-dynamic-linking CFLAGS=-D_HPUX_SOURCE but the result is the same. The same error occure again. Uwe Balazs Scheidler <bazsi@balabit.hu> 1. Aug. 2007 11:37 Gesendet von: syslog-ng-bounces@lists.balabit.hu 01.08.2007 11:35 Bitte antworten an Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> |--+---------------> | | | |--+--------------->
--------------------------------------------------------------------------------------------------------------------------------------------------| | | | | | An| | Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> | | Kopie| | | | Thema| | Re: [syslog-ng] syslog-ng-2.0.5 on HP-UX 11.11 | | | | | | | | | | | --------------------------------------------------------------------------------------------------------------------------------------------------|
On Mon, 2007-07-30 at 16:53 +0200, Uwe Martin wrote:
Hello,
I try to compile the new version 2.0.5 on HP-UX 11.11. configure is running without erorrs. (./configure --enable-dynamic-linking)
make stops with the following error :
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/eventlog -DLIBNET_BIG_ENDIAN -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 -Wall -g -MT afinet.o -MD -MP -MF ".deps/afinet.Tpo" \ -c -o afinet.o `test -f 'afinet.c' || echo './'`afinet.c; \ then mv -f ".deps/afinet.Tpo" ".deps/afinet.Po"; \ else rm -f ".deps/afinet.Tpo"; exit 1; \ fi afinet.c: In function 'afinet_setup_socket': afinet.c:163: error: storage size of 'mreq' isn't known afinet.c:163: warning: unused variable 'mreq' *** Error exit code 1
How can I solve this problem ?
Hmm... struct ip_mreq is defined in <netinet/in.h> on HP-UX, and that file is included by afinet.c Can you check if adding _HPUX_SOURCE define to your CFLAGS fixes the problem? You can accomplish this by rerunning configure like this: ./configure CFLAGS=-D_HPUX_SOURCE and then run make again. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Festo AG & Co. KG Uwe Martin Abteilung IN-O Network-Operation Obere Kaiserstraße 303 D - 66386 St. Ingbert Tel: ++49 (0) 6894-591-6323 Fax: ++49 (0) 6894-591-6326 http://www.festo.com Der Inhalt dieses E-Mails ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieses E-Mails durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender des E-Mails in Verbindung zu setzen, falls Sie nicht der Adressat dieses E-Mails sind und das Material von Ihrem Computer zu loeschen. This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended recipient of this e-mail, please delete it and immediately notify the sender. Rechtsform: Kommanditgesellschaft Sitz: Esslingen a.N. Registergericht Stuttgart HRA 211583 Umsatzsteuerident-Nummer: DE 145339206 Persoenlich haftende Gesellschafterin:Festo Aktiengesellschaft Sitz: Stuttgart Registergericht Stuttgart HRB 18535 Vorstand: Dr. Ekkehard Gericke, Lothar Kempf, Dipl.-Ing. Rudi Menrad Dr. Thomas Rubbe Dr. Eberhard Veit (Sprecher) Dr. Ulrich Walker Aufsichtsratsvorsitzender: Dr. Wilfried Stoll
On Wed, 2007-08-01 at 12:24 +0200, Uwe Martin wrote:
I try it with : ./configure --enable-dynamic-linking CFLAGS=-D_HPUX_SOURCE but the result is the same. The same error occure again.
I've found this problem, gcc defines _XOPEN_SOURCE unconditionally, so you need to use: CFLAGS="-U_XOPEN_SOURCE -U_XOPEN_SOURCE_EXTENDED -D_HPUX_SOURCE" And additionally, there's a bug in one of the system headers, more specifically in <sys/socket.h> on my HP-UX 11.11 system. I copied the system header to the local gcc directory $prefix/lib/gcc/<gcc-version/include/sys/socket.h and applied this patch: bash-3.00# diff /usr/include/sys/socket.h /var/etalon/zbs2/build/hpux/hpux-11_syslog-ng/usr/local/lib/gcc/hppa2.0w-hp-hpux11.11/4.1.0/include/sys/socket.h 438a439
#ifndef _APP32_64BIT_OFF_T 442a444 #endif
Too bad the diff command does not know unified diffs. So it is impossible to apply by hand, but assuming you have the same header file, you can apply this using 'patch'. -- Bazsi
The compiler error is solve. I get now the following error : # make No suffix list. make all-recursive No suffix list. Making all in src gcc -U_XOPEN_SOURCE -U_XOPEN_SOURCE_EXTENDED -D_HPUX_SOURCE -Wall -g -o syslog-ng main.o libsyslog-ng.a -lnsl -lrt -lfl -L/usr/local/lib -lglib-2.0 -lintl -liconv -L/usr/local/lib -levtlog -lnet /usr/ccs/bin/ld: Unsatisfied symbols: strtoll (first referenced in libsyslog-ng.a(affile.o)) (code) collect2: ld returned 1 exit status *** Error exit code 1 Stop. *** Error exit code 1 Stop. *** Error exit code 1 Stop. Thanks for your help and suppport. Uwe Balazs Scheidler <bazsi@balabit.hu> 2. Aug. 2007 15:25 Gesendet von: syslog-ng-bounces@lists.balabit.hu 02.08.2007 15:24 Bitte antworten an Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> |--+---------------> | | | |--+--------------->
--------------------------------------------------------------------------------------------------------------------------------------| | | | | | An| | Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> | | Kopie| | | | Thema| | Re: [syslog-ng] Antwort: Re: syslog-ng-2.0.5 on HP-UX 11.11 | | | | | | | | | | | --------------------------------------------------------------------------------------------------------------------------------------|
On Wed, 2007-08-01 at 12:24 +0200, Uwe Martin wrote:
I try it with : ./configure --enable-dynamic-linking CFLAGS=-D_HPUX_SOURCE but the result is the same. The same error occure again.
I've found this problem, gcc defines _XOPEN_SOURCE unconditionally, so you need to use: CFLAGS="-U_XOPEN_SOURCE -U_XOPEN_SOURCE_EXTENDED -D_HPUX_SOURCE" And additionally, there's a bug in one of the system headers, more specifically in <sys/socket.h> on my HP-UX 11.11 system. I copied the system header to the local gcc directory $prefix/lib/gcc/<gcc-version/include/sys/socket.h and applied this patch: bash-3.00# diff /usr/include/sys/socket.h /var/etalon/zbs2/build/hpux/hpux-11_syslog-ng/usr/local/lib/gcc/hppa2.0w-hp-hpux11.11/4.1.0 /include/sys/socket.h 438a439
#ifndef _APP32_64BIT_OFF_T 442a444 #endif
Too bad the diff command does not know unified diffs. So it is impossible to apply by hand, but assuming you have the same header file, you can apply this using 'patch'. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Festo AG & Co. KG Uwe Martin Abteilung IN-O Network-Operation Obere Kaiserstraße 303 D - 66386 St. Ingbert Tel: ++49 (0) 6894-591-6323 Fax: ++49 (0) 6894-591-6326 http://www.festo.com Der Inhalt dieses E-Mails ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieses E-Mails durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender des E-Mails in Verbindung zu setzen, falls Sie nicht der Adressat dieses E-Mails sind und das Material von Ihrem Computer zu loeschen. This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended recipient of this e-mail, please delete it and immediately notify the sender. Rechtsform: Kommanditgesellschaft Sitz: Esslingen a.N. Registergericht Stuttgart HRA 211583 Umsatzsteuerident-Nummer: DE 145339206 Persoenlich haftende Gesellschafterin:Festo Aktiengesellschaft Sitz: Stuttgart Registergericht Stuttgart HRB 18535 Vorstand: Dr. Ekkehard Gericke, Lothar Kempf, Dipl.-Ing. Rudi Menrad Dr. Thomas Rubbe Dr. Eberhard Veit (Sprecher) Dr. Ulrich Walker Aufsichtsratsvorsitzender: Dr. Wilfried Stoll
Hi, I was thinking that some sylog-ng logs might look more readable with an additional newline character after each logged entry. I mean, to separate each log entry with an empty line. Is there any easy way to add that? What's the full syntax? BTW - I don't want to change anything else about the rest of the default logging format.. Thanks, Sam Darwin Thirteen.org
On Thu, 2007-08-02 at 16:14 -0400, Darwin, Samuel wrote:
Hi,
I was thinking that some sylog-ng logs might look more readable with an additional newline character after each logged entry. I mean, to separate each log entry with an empty line.
Is there any easy way to add that? What's the full syntax? BTW - I don't want to change anything else about the rest of the default logging format..
Use this template for your destination file: template("$DATE $HOST $MSG\n\n"); and you are set. -- Bazsi
Hi, Is there a good way to have syslog-ng email me when particular log events occur? I am running a very standard, default installation of CentOS 5. Example: I tried this sort of methodology, but it didn't work: source net { udp(); }; destination emailer { program("mail myaddress@yahoo.com"); }; log { source(net); destination(emailer); }; In this case, I'd expect to be emailed a copy of every single message received over udp. However, what happens is that the program "mail myaddress@yahoo.com" gets run and appears in the process table, but no emails are sent. The syslog log file shows dropped='program(mail myaddress@yahoo.com)=0' , indicating something is being "dropped". I think that I must be going about this the wrong way. Maybe I can't use syslog-ng to send emails? Thanks, Sam Darwin Thirteen.org
Hi I think SEC can do what you're looking for. Simple Events Correlator is a powerful perl script which can detect special logs. Just have a look at :http://www.estpak.ee/~risto/sec/ after that, you'l have to write your own rules which is pretty simple bye 2007/8/3, Darwin, Samuel <darwins@thirteen.org>:
Hi,
Is there a good way to have syslog-ng email me when particular log events occur?
I am running a very standard, default installation of CentOS 5.
Example:
I tried this sort of methodology, but it didn't work:
source net { udp(); }; destination emailer { program("mail myaddress@yahoo.com"); }; log { source(net); destination(emailer); };
In this case, I'd expect to be emailed a copy of every single message received over udp. However, what happens is that the program "mail myaddress@yahoo.com" gets run and appears in the process table, but no emails are sent. The syslog log file shows dropped='program(mail myaddress@yahoo.com)=0' , indicating something is being "dropped".
I think that I must be going about this the wrong way. Maybe I can't use syslog-ng to send emails?
Thanks, Sam Darwin Thirteen.org
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
I may have somethig else for you if you wait a few days. I wrote a a pure perl daemon a few years back called syslog-mailer I created a source forge site but I never posted it. A few weeks ago I started doing some updates to it and I intend to post it thes week. It works very well its designed to work with syslog-ng and has an xml config that supports using a rudimentry message rewrite engine, wiith message grouping that allows you to specify the maximum amount of lies per email and the maximum amount of time to wait before flushing an message type to email. I'll notify the list as soon as I post it. The original idae behind it was to use syslog-ng with this daemon to create a very light wait email alerting engine
On Sat, Aug 04, 2007 at 02:13:15PM +0200, fredzy padzy wrote:
I think SEC can do what you're looking for.
Simple Events Correlator is a powerful perl script which can detect special logs.
Just have a look at :http://www.estpak.ee/~risto/sec/
after that, you'l have to write your own rules which is pretty simple
SEC works out really well for me. I have it notify people via email of expiring LDAP passwords, email things being logged in the monitoring system, submit monitoring alerts for things found in the logs, and even reach out and fix problems (using cfrun from cfengine). Pipe directly into it from syslog-ng like I show here: http://www.campin.net/newlogcheck.html#sec -- Nate "COFFEE.EXE missing. Insert cup and press any key." -Anon.
Yes while this it true and I'm very well familiar with sec due to my active involvment with prelude ids and while I agree it is a very powerfulll tool it does requier perl development effort to have a working implementation which means its not right for people not familiar with perl programing . In addition to my knowlege it was written as a prototype for a correlator engine for prelude ids, and has served its purpose and as such is no longer being activly developed in favor of the correlator which will be released soon. Syslog-mailer is tool which was designed to be simple to implement. Right now all I have to do is the documentation and I will post a release. I'm not saying its the right tool for every one is just easier to implement.
On Sun, Aug 05, 2007 at 10:13:53PM -0400, Paul Robert Marino wrote:
Yes while this it true and I'm very well familiar with sec due to my active involvment with prelude ids and while I agree it is a very powerfulll tool it does requier perl development effort to have a working implementation which means its not right for people not familiar with perl programing . In addition to my knowlege it was written as a prototype for a correlator engine for prelude ids, and has served its purpose and as such is no longer being activly developed in favor of the correlator which will be released soon. Syslog-mailer is tool which was designed to be simple to implement. Right now all I have to do is the documentation and I will post a release. I'm not saying its the right tool for every one is just easier to implement.
SEC doesn't require perl programming at all. -- Nate "The mind is everything. What you think you become." - Buddha
I have something I wrote a while ago. It's called Syslog Management Tool. http://smt.dangermen.com. It's a web driven centralized syslog management system(GPL'd). It can email out alerts, launch programs based on matched rules, and quite a bit more. -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711 -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu on behalf of Nate Campi Sent: Mon 8/6/2007 1:11 AM To: Paul Robert Marino; Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Emailing log events On Sun, Aug 05, 2007 at 10:13:53PM -0400, Paul Robert Marino wrote:
Yes while this it true and I'm very well familiar with sec due to my active involvment with prelude ids and while I agree it is a very powerfulll tool it does requier perl development effort to have a working implementation which means its not right for people not familiar with perl programing . In addition to my knowlege it was written as a prototype for a correlator engine for prelude ids, and has served its purpose and as such is no longer being activly developed in favor of the correlator which will be released soon. Syslog-mailer is tool which was designed to be simple to implement. Right now all I have to do is the documentation and I will post a release. I'm not saying its the right tool for every one is just easier to implement.
SEC doesn't require perl programming at all. -- Nate "The mind is everything. What you think you become." - Buddha _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Thu, 2007-08-02 at 18:42 +0200, Uwe Martin wrote:
The compiler error is solve. I get now the following error : # make No suffix list. make all-recursive No suffix list. Making all in src gcc -U_XOPEN_SOURCE -U_XOPEN_SOURCE_EXTENDED -D_HPUX_SOURCE -Wall -g -o syslog-ng main.o libsyslog-ng.a -lnsl -lrt -lfl -L/usr/local/lib -lglib-2.0 -lintl -liconv -L/usr/local/lib -levtlog -lnet /usr/ccs/bin/ld: Unsatisfied symbols: strtoll (first referenced in libsyslog-ng.a(affile.o)) (code) collect2: ld returned 1 exit status *** Error exit code 1
--- a/src/affile.c +++ b/src/affile.c @@ -166,7 +166,7 @@ affile_sd_init(LogPipe *s, GlobalConfig *cfg, PersistentConfig *persist) str = persist_config_fetch(persist, affile_sd_format_persist_name(self)); if (str) { - cur_pos = strtoll(str, NULL, 10); + cur_pos = g_ascii_strtoll(str, NULL, 10); log_reader_set_pos((LogReader *) self->reader, cur_pos); g_free(str); } --- a/src/cfg-lex.l +++ b/src/cfg-lex.l @@ -226,9 +226,9 @@ word [^ \#'"\(\)\{\}\\;\n\t,|\.] \n { linenum++; } {white}+ ; \.\. { return DOTDOT; } -0x{digit}+ { yylval.num = strtoll(yytext, NULL, 16); return NUMBER; } -0{digit}+ { yylval.num = strtoll(yytext, NULL, 8); return NUMBER; } -(-|\+)?{digit}+ { yylval.num = strtoll(yytext, NULL, 10); return NUMBER; } +0x{digit}+ { yylval.num = g_ascii_strtoll(yytext, NULL, 16); return NUMBER; } +0{digit}+ { yylval.num = g_ascii_strtoll(yytext, NULL, 8); return NUMBER; } +(-|\+)?{digit}+ { yylval.num = g_ascii_strtoll(yytext, NULL, 10); return NUMBER; } ({word}+(\.)?)*{word}+ { return check_reserved_words(yytext); } \( { return '('; } \) { return ')'; } After this, I get a linking error, but that might be a local issue, I'm still trying to solve. -- Bazsi
participants (7)
-
Balazs Scheidler
-
Darwin, Samuel
-
fredzy padzy
-
Guthrie, Jeremy
-
Nate Campi
-
Paul Robert Marino
-
Uwe Martin