I robbed the HP-UX configuration file and have tried it on my AIX box. If the last line isn't commented out, it logs nothing. With it commented, netmessages acts as expect but either way no other files are created, nothing else is logged. Configuration file follows: /etc/syslog-ng/syslog-ng.conf options { sync (0); time_reopen (10); chain_hostnames (no); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { unix-dgram("/dev/log"); internal(); }; source s_udp { udp(ip("0.0.0.0") port(514)); }; source s_udp_s { udp(ip("0.0.0.0") port(601)); }; source s_tcp { tcp(ip("0.0.0.0") port(601)); }; destination d_cons { file("/data/logs/console"); }; destination d_mesg { file("/data/logs/syslog.log"); }; destination d_mail { file("/data/logs/mail.log"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; destination netmessages { file("/data/logs/netmessages.log" perm(0660)); }; destination net_pipe { pipe("/data/pipes/net_pipe" perm(0660)); }; filter f_filter1 { facility(mail) and level(debug); }; filter f_filter2 { (facility(mail) and level(debug)) or level(info); }; filter f_filter3 { level(alert); }; filter f_filter4 { level(emerg); }; log { source(s_sys); filter(f_filter1); destination(d_mail); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_cons); destination(d_mlrt); }; log { source(s_sys); filter(f_filter4); destination(d_mlal); }; log { source(s_udp); source (s_udp_s); source (s_tcp); destination(netmessages); }; # log { source(s_udp); source (s_udp_s); source (s_tcp); destination(net_pipe); }; arg-mailgate1.argushealth.com made the following annotations---------------------------------------------------------------------PRIVILEGED AND CONFIDENTIAL This email transmission contains privileged and confidential information intended only for the use of the individual or entity named above. If the reader of the email is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any use, dissemination or copying of this email transmission is strictly prohibited by the sender. If you have received this transmission in error, please delete the email and immediately notify the sender via the email return address or mailto:postmaster@argushealth.com. Thank you. ---------------------------------------------------------------------
Okay, since no one has responded yet I'll add that I've noticed when the pipe is enabled in the config file I'll get some messages in both the netmessages.log file and the pipe - but then it will stop when the pipe gets to 32657 bytes...can it be a clue? ---------- Forwarded message ---------- From: Brian Loe <knobdy@gmail.com> Date: Aug 7, 2006 1:33 PM Subject: Syslog-ng again To: syslog-ng@lists.balabit.hu I robbed the HP-UX configuration file and have tried it on my AIX box. If the last line isn't commented out, it logs nothing. With it commented, netmessages acts as expect but either way no other files are created, nothing else is logged. Configuration file follows:
Brian Loe wrote:
Okay, since no one has responded yet I'll add that I've noticed when the pipe is enabled in the config file I'll get some messages in both the netmessages.log file and the pipe - but then it will stop when the pipe gets to 32657 bytes...can it be a clue?
[ Don't expect prompt answers on mailing lists, we are supporting syslog-ng against our free time... ] Enabling/disabling the pipe shouldn't have any effect on other destinations, so I think your notification isn't correct. Is there a process on the other end of the pipe reading the messages? Can it really read from the pipe? You are specifiing perm(0660) without owner and group, so check the actual permission of the pipe and your other destinations. Using pipes destinations may be hazardous, the OS can block the writing processes when the readers are gone... What version of syslog-ng are you referring to? -- Sandor Geller wildy@balabit.hu
On 8/8/06, Sandor Geller <wildy@balabit.hu> wrote:
[ Don't expect prompt answers on mailing lists, we are supporting syslog-ng against our free time... ]
I wasn't expecting a prompt answer - especially since I've noticed that this is a failry low volume list. I was, however, taking advantage of the fact that the first post hadn't been responded to. Perhaps I should have worded it better.
Enabling/disabling the pipe shouldn't have any effect on other destinations, so I think your notification isn't correct.
Is there a process on the other end of the pipe reading the messages?
Not yet.
Can it really read from the pipe? You are specifiing perm(0660) without owner and group, so check the actual permission of the pipe and your other destinations.
I have to set the ownership manually - if I had a permissions setting in the syslog-ng config that I posted, its been removed since. I didn't see the point since syslog-ng will not create a pipe. I'm just trying everything.
Using pipes destinations may be hazardous, the OS can block the writing processes when the readers are gone...
I was wondering if that may be the case - but unsure why syslog-ng would stop writing to both the pipe and the log file.
What version of syslog-ng are you referring to?
2.0rc1 Thanks!
It appears it may be a problem with AIX and the way AIX deals with named pipes. Since I don't yet have a script to read (and clean) the data being fed to the pipe, AIX blocks it...? On 8/8/06, Sandor Geller <wildy@balabit.hu> wrote:
Brian Loe wrote:
Okay, since no one has responded yet I'll add that I've noticed when the pipe is enabled in the config file I'll get some messages in both the netmessages.log file and the pipe - but then it will stop when the pipe gets to 32657 bytes...can it be a clue?
participants (2)
-
Brian Loe
-
Sandor Geller