Experiences and question from a newbie
Hi, today i had some free minutes was able to play around with syslog-ng the first time. First some experiences I made while installing syslog-ng: I downloaded the latest releases of libol and syslog-ng nd tried to compile them on my test-box (2.0.35, a SuSE 5.3 system). The configuration, making ant the installation of libol succeded without any problems. But when I used configure in the syslog-ng it was unable to find libol-config although it had detected libol (It displayed the correct version number). After adding the source-path of libol to $path I was was able to compile syslog-ng without any further errors. If this is the normal behaviour it might be a good idea to add a hint to the documentation. From this point on everything worked as expected. Thanks for this great product. Now, some questions: - In the sample config file in the debian/ subdirectory there is a line wich states that support for special files is not fully implemented. I am currently using the "old" syslog-package on one of my hosts to log data into a FIFO from which the data is fetched by a perl script, analysed and put into a database. Syslog-ng seems currently not be able to handle fifos correctly. When can we expect this to be implemented? - Is there a howto or a detailed description for writing additional (destination) drivers for syslog-ng? I have serveral ideas how to enhance syslog-ng by some new drivers (keywords: mail, program, mysql, lpr) and will maybe able to contribute. Stefan
Hi,
I downloaded the latest releases of libol and syslog-ng nd tried to compile them on my test-box (2.0.35, a SuSE 5.3 system). The configuration, making ant the installation of libol succeded without any problems. But when I used configure in the syslog-ng it was unable to find libol-config although it had detected libol (It displayed the correct version number). After adding the source-path of libol to $path I was was able to compile syslog-ng without any further errors. If this is the normal behaviour it might be a good idea to add a hint to the documentation. From this point on everything worked as expected. Thanks for this great product.
Hmm... libol-config is installed to $prefix/bin (which is by default /usr/local/bin), so you need to add that directory to the path. I don't know how the configure script could find the correct version number without libol-config. (it's determined by libol-config --version)
Now, some questions:
- In the sample config file in the debian/ subdirectory there is a line wich states that support for special files is not fully implemented. I am currently using the "old" syslog-package on one of my hosts to log data into a FIFO from which the data is fetched by a perl script, analysed and put into a database. Syslog-ng seems currently not be able to handle fifos correctly. When can we expect this to be implemented?
You could use file /path/to/fifo; but when syslog-ng tries to open this file, it blocks as long as the other end opens the fifo as well. I'll try to fix this.
- Is there a howto or a detailed description for writing additional (destination) drivers for syslog-ng? I have serveral ideas how to enhance syslog-ng by some new drivers (keywords: mail, program, mysql, lpr) and will maybe able to contribute.
not yet. though once you made yourself familiar with make_class, which preprocesses .c files, it's very simple. syslog-ng uses a slightly modified version of lsh's backend. lsh is a GPLd reimplementation of the SSH2 protocols. make_class comes from lsh, and generates information for the garbage collector. You can find some information about make_class in the file HACKING in the lsh source tree. As an example destination driver check afuser.c, it's quite simple. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
[...] configure in the syslog-ng it was unable to find libol-config although it had detected libol (It displayed the correct version number). After adding the source-path of libol to $path I was was able to compile syslog-ng without any further errors. If this is the normal behaviour it [...]
Hmm... libol-config is installed to $prefix/bin (which is by default /usr/local/bin), so you need to add that directory to the path. I don't know how the configure script could find the correct version number without libol-config. (it's determined by libol-config --version)
Ok, at least this explains the problems I experienced. /usr/local/bin is not part of the path in a unmodified SuSE installation. Definitly not your fault.
Now, some questions:
- In the sample config file in the debian/ subdirectory there is a line wich states that support for special files is not fully implemented. I am currently using the "old" syslog-package on one of my hosts to log data into a FIFO from which the data is fetched by a perl script, analysed and put into a database. Syslog-ng seems currently not be able to handle fifos correctly. When can we expect this to be implemented?
You could use file /path/to/fifo; but when syslog-ng tries to open this file, it blocks as long as the other end opens the fifo as well. I'll try to fix this.
I have tried this but since it was described as "not implemented" I did not add a detailed description to my last mail in order to keep the noise on this list low. Now, since you mentioned some of the problems I think it is the roght time to add some other things I have noticed. As you recommended I used "file /my/fifio". As you said syslog-ng block until it can open the file (i.e. a program has connected to the other side of the fifo) and only starts up when it this has happened. When I send the syslog-ng process which is configured to write to a fifo a HUP it coredumps. Last, if the reading program dies syslog-ng will output an error msg. (in debug mode) and stop writing to the fifo. If the reading program is restartet it will get no more data out of the fifo. (I know that this is not a very good description but i do not have access to my test box right now)
- Is there a howto or a detailed description for writing additional (destination) drivers for syslog-ng? I have serveral ideas how [...]
not yet. though once you made yourself familiar with make_class, which preprocesses .c files, it's very simple. syslog-ng uses a slightly modified version of lsh's backend. lsh is a GPLd reimplementation of the SSH2 protocols. make_class comes from lsh, and generates information for the garbage collector. You can find some information about make_class in the file HACKING in the lsh source tree.
As an example destination driver check afuser.c, it's quite simple.
Thank you very much, I hope I'll be able to spend some time on this :) Stefan
Hello, With help I've finally gotten syslog-ng to work, up to a point. It loads the simple configuration file without a problem, and streams to all the right files; but after about a minute the program gives up and segfaults, leaving a core file. I have saved a large (1250k) 'truss -f' output file; the tail end follows: ---- 13356: poll(0xEFFFFA28, 5, 100) = 1 13356: recvfrom(3, " < 2 0 > J u n 8 2".., 1024, 0, 0xEFFFF808, 0xEFFFF804) = 119 13356: time() = 928842741 13356: door_info(9, 0xEFFFD300) = 0 13356: door_call(9, 0xEFFFD2E8) = 0 13356: open("/etc/hosts", O_RDONLY) = 0 13356: ioctl(0, TCGETA, 0xEFFFCFBC) Err#25 ENOTTY 13356: fstat64(0, 0xEFFFD030) = 0 13356: read(0, " #\n # I n t e r n e t".., 8192) = 116 13356: read(0, 0x00056594, 8192) = 0 13356: llseek(0, 0, SEEK_CUR) = 116 13356: close(0) = 0 13356: stat("/etc/resolv.conf", 0xEFFFC190) = 0 13356: door_return(0x00000000, 0, 0x00000000, 0) = 0 13356: lwp_create(0xEF3059A0, LWP_DETACHED, 0xEF204E0C) = 5 13356: lwp_create() (returning as new lwp ...) = 0 13356: lwp_self() = 5 13356: lwp_schedctl(SC_STATE, -1, 0xEF204D6C) = 0 13356: so_socket(2, 1, 0, "", 1) = 0 13356: yield() = 0 13356: connect(0, 0x0004FAF4, 16, 1) = 0 13356: Incurred fault #6, FLTBOUNDS %pc = 0x0001F2F8 13356: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 13356: Received signal #11, SIGSEGV [caught] 13356: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 13356: sysconfig(_CONFIG_SIGRT_MIN) = 38 13356: sigprocmask(SIG_SETMASK, 0xEF57BEF0, 0x00000000) = 0 13356: sigaction(SIGSEGV, 0xEF3057C0, 0x00000000) = 0 13356: sysconfig(_CONFIG_SIGRT_MIN) = 38 13356: setcontext(0xEF305908) 13356: send(0, "17C101\0\001\0\0\0\0\0\0".., 43, 0) = 43 13356: Incurred fault #6, FLTBOUNDS %pc = 0x0001F2F8 13356: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 13356: Received signal #11, SIGSEGV [default] 13356: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 13356: *** process killed *** ---- I also have the core file, but doing a backtrace on it only reveals hex offsets which I can't associate with functions in syslog-ng's source .. I'm a gdb beginner so any help would be appreciated. My conf file looks like this: ---- source src { udp 0.0.0.0,514; sun-door /etc/.syslog_door; internal; }; destination c1 { file /log/mail/remotehost1/mail.log; }; destination c2 { file /log/mail/remotehost2/mail.log; }; destination c3 { file /log/mail/remotehost3/mail.log; }; destination c4 { file /log/mail/remotehost4/mail.log; }; filter f_c1 { host("remotehost1"); }; filter f_c2 { host("remotehost2"); }; filter f_c3 { host("remotehost3"); }; filter f_c4 { host("remotehost4"); }; log { source src; filter f_c1; destination c1; }; log { source src; filter f_c2; destination c2; }; log { source src; filter f_c3; destination c3; }; log { source src; filter f_c4; destination c4; }; ---- Any ideas? --Jubal --- Jubal Kessler, Systems Administrator, interQ Incorporated Key Fingerprint: 5D32 BEB1 8E4B B454 6B9A FDCD 2D4C 19DD 9B47 7DC4
With help I've finally gotten syslog-ng to work, up to a point. It loads the simple configuration file without a problem, and streams to all the right files; but after about a minute the program gives up and segfaults, leaving a core file.
I have saved a large (1250k) 'truss -f' output file; the tail end follows:
I think this could be a reentrancy problem. Sending output to log destinations is not reentrant, but is not protected by a mutex. (other input methods do not use threads, so reentrancy was not an targeted aim) I'll protect non-reentrant parts with a mutex, that should do the trick. I am going to hack in fifo support, and add this mutex and release 1.1.23. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
participants (3)
-
Balazs Scheidler
-
Jubal Kessler
-
Stefan Seufert