Hello, I've just tried 1.6.2 on Solaris 8 and encountered one problem. When I try to set filter f_filter_test { level(debug); }; I can see no output and no activity like opening destination file. When I try to change this priority to 'notice', the file gets opened and output is send there. What's wrong with 'debug' priority...? The rest of my text config follows. options { sync (1); time_reopen (10); log_fifo_size (2048); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); }; destination d_test { file("/var/log/testlog"); }; log { source(s_sys); filter(f_filter_test); destination(d_test); flags(catchall); }; Thanks for any information, including direction to TFM ;-) -- *********************************************************************** Pavel Urban (pavel.urban@ct.cz) IOL system disaster Internet OnLine, www.iol.cz (owned by Czech Telecom, www.ct.cz) *********************************************************************** Vegetables should not operate electronic equipment. Computer Stupidities, http://rinkworks.com/stupid/ ***********************************************************************
2004-03-08, h keltezéssel 14:46-kor Pavel Urban ezt írta:
Hello,
I've just tried 1.6.2 on Solaris 8 and encountered one problem. When I try to set
filter f_filter_test { level(debug); };
I can see no output and no activity like opening destination file. When I try to change this priority to 'notice', the file gets opened and output is send there. What's wrong with 'debug' priority...?
The rest of my text config follows.
syslog-ng opens the file when the first message would be written to it. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
I cannot confirm this. Here is an output from truss utility (only relevant part): 16989: Received signal #1, SIGHUP, in poll() [caught] 16989: siginfo: SIGHUP pid=16972 uid=0 16989: lwp_sigredirect(1, SIGHUP, 0xFF00FC44) = 0 16989: poll(0xFFBEFA90, 1, 530000) Err#4 EINTR 16989: sigaction(SIGHUP, 0xFFBEF520, 0x00000000) = 0 16989: sigprocmask(SIG_SETMASK, 0xFF0DEFE8, 0x00000000) = 0 16989: sigaction(SIGHUP, 0xFFBEF420, 0xFFBEF520) = 0 16989: sigprocmask(SIG_SETMASK, 0xFF0EAD68, 0x00000000) = 0 16989: setcontext(0xFFBEF400) 16989: so_socket(2, 1, 0, "", 1) = 3 16989: ioctl(3, 0x40046957, 0xFFBEFAA4) = 0 16989: ioctl(3, 0xC0086914, 0xFFBEFA9C) = 0 16989: ioctl(3, 0xC0206911, 0xFFBEFA7C) = 0 16989: ioctl(3, 0xC0206911, 0xFFBEFA7C) = 0 16989: close(3) = 0 16989: sysinfo(SI_SRPC_DOMAIN, "iol.cz", 256) = 7 16989: open("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT 16989: getpid() = 16989 [1] 16989: time() = 1078752369 16989: time() = 1078752369 16989: time() = 1078752369 16989: poll(0x00000000, 0, 1000) (sleeping...) 16989: signotifywait() (sleeping...) 16989: lwp_sema_wait(0xFEF0DE30) (sleeping...) 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) (sleeping...) 16989: door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) 16989: poll(0x00000000, 0, 1000) = 0 16989: open("/etc/syslog-ng.conf", O_RDONLY) = 3 16989: ioctl(3, TCGETA, 0xFFBEF8D4) Err#25 ENOTTY 16989: fstat64(3, 0xFFBEF2D0) = 0 16989: ioctl(3, TCGETA, 0xFFBEF25C) Err#25 ENOTTY 16989: read(3, " # s y s l o g - n g ".., 8192) = 2859 16989: read(3, 0x00049E24, 8192) = 0 16989: ioctl(3, TCGETA, 0xFFBEF334) Err#25 ENOTTY 16989: llseek(3, 0, SEEK_CUR) = 2859 16989: close(3) = 0 16989: time() = 1078752370 16989: time() = 1078752370 16989: time() = 1078752370 16989: poll(0x00000000, 0, 0) = 0 16989: door_revoke(5) = 0 16989: close(5) Err#9 EBADF 16989: time() = 1078752370 16989: time() = 1078752370 16989: poll(0x00000000, 0, 0) = 0 16989: open("/dev/log", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3 16989: ioctl(3, I_STR, 0xFFBEF8C8) = 0 16989: stat("/etc/.syslog_door", 0xFFBEF840) = 0 16989: umount2("/etc/.syslog_door", 0x00000000) = 0 16989: door_create(0x0001DCD0, 0x00000000, 0x00000000) = 5 16989: getpid() = 16989 [1] 16989: ioctl(5, I_CANPUT, 0x00000000) Err#89 ENOSYS 16989: door_info(5, 0xFFBEF7A8) = 0 16989: mount("", "/etc/.syslog_door", 0x00000804, "namefs", 0xFFBEF7A4, 4) = 0 16989: getpid() = 16989 [1] 16989: time() = 1078752370 16989: open("/var/log/testlog", O_WRONLY|O_APPEND|O_NONBLOCK|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 6 16989: chown("/var/log/testlog", 0, 0) = 0 16989: chmod("/var/log/testlog", 0600) = 0 16989: fcntl(6, F_GETFL, 0xFFFFFFFF) = 8329 16989: fstat64(6, 0xFFBEF330) = 0 16989: fstat64(6, 0xFFBEF330) = 0 16989: fcntl(6, F_SETFL, 0x00002089) = 0 16989: fcntl(6, F_SETFD, 0x00000001) = 0 16989: time() = 1078752370 16989: close(4) = 0 16989: poll(0xFFBEFA88, 2, 100) = 0 16989: getpid() = 16989 [1] 16989: time() = 1078752370 16989: getpid() = 16989 [1] 16989: time() = 1078752370 16989: poll(0xFFBEFA88, 2, 600000) (sleeping...) 16989: signotifywait() (sleeping...) 16989: lwp_sema_wait(0xFEF0DE30) (sleeping...) 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) (sleeping...) 16989: door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) here the file has been created and open for appending, but nothing has been written to it. now I've invoked something like 'logger -p local2.notice 'testik 11''. 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) Err#62 ETIME 16989: poll(0xFFBEFA88, 2, 600000) (sleeping...) 16989: signotifywait() (sleeping...) 16989: lwp_sema_wait(0xFEF0DE30) (sleeping...) 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) (sleeping...) 16989: door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) 16989: poll(0xFFBEFA88, 2, 600000) = 1 16989: getmsg(3, 0xFFBED190, 0xFFBED180, 0xFFBED164) = 0 16989: time() = 1078752429 16989: time() = 1078752429 16989: time() = 1078752429 16989: time() = 1078752429 16989: poll(0xFFBEFA88, 2, 100) = 1 16989: write(6, " M a r 8 1 4 : 2 6".., 302) = 302 16989: time() = 1078752429 16989: poll(0xFFBEFA88, 2, 100) = 0 16989: getpid() = 16989 [1] 16989: time() = 1078752429 16989: getpid() = 16989 [1] 16989: time() = 1078752429 16989: poll(0xFFBEFA88, 2, 541000) (sleeping...) 16989: signotifywait() (sleeping...) 16989: lwp_sema_wait(0xFEF0DE30) (sleeping...) 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) (sleeping...) 16989: door_return(0x00000000, 0, 0x00000000, 0) (sleeping...) 16989: lwp_cond_wait(0xFF0E5548, 0xFF0E5558, 0xFF0DEDB0) Err#62 ETIME 16989: poll(0xFFBEFA88, 2, 541000) (sleeping...) Anyway, when I've tried to set priority for filter to 'debug', nothing has been logged. Is this normal? We have lost some quite important system logs in the past, so I'm trying to do some research to avoid this (messages on kernel.notice facility/priority weren't logged into file etc). Thanks! Balazs Scheidler wrote:
2004-03-08, h keltezéssel 14:46-kor Pavel Urban ezt írta:
Hello,
I've just tried 1.6.2 on Solaris 8 and encountered one problem. When I try to set
filter f_filter_test { level(debug); };
I can see no output and no activity like opening destination file. When I try to change this priority to 'notice', the file gets opened and output is send there. What's wrong with 'debug' priority...?
The rest of my text config follows.
syslog-ng opens the file when the first message would be written to it.
-- *********************************************************************** Pavel Urban (pavel.urban@ct.cz) IOL system disaster Internet OnLine, www.iol.cz (owned by Czech Telecom, www.ct.cz) *********************************************************************** Vegetables should not operate electronic equipment. Computer Stupidities, http://rinkworks.com/stupid/ ***********************************************************************
2004-03-08, h keltezéssel 15:41-kor Pavel Urban ezt írta:
I cannot confirm this. Here is an output from truss utility (only relevant part):
16989: open("/etc/syslog-ng.conf", O_RDONLY) = 3 16989: ioctl(3, TCGETA, 0xFFBEF8D4) Err#25 ENOTTY 16989: fstat64(3, 0xFFBEF2D0) = 0 16989: ioctl(3, TCGETA, 0xFFBEF25C) Err#25 ENOTTY 16989: read(3, " # s y s l o g - n g ".., 8192) = 2859 16989: read(3, 0x00049E24, 8192) = 0 16989: ioctl(3, TCGETA, 0xFFBEF334) Err#25 ENOTTY 16989: llseek(3, 0, SEEK_CUR) = 2859 16989: close(3) = 0 16989: time() = 1078752370 16989: time() = 1078752370 16989: time() = 1078752370 16989: poll(0x00000000, 0, 0) = 0 16989: door_revoke(5) = 0 16989: close(5) Err#9 EBADF 16989: time() = 1078752370 16989: time() = 1078752370 16989: poll(0x00000000, 0, 0) = 0 16989: open("/dev/log", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3 16989: ioctl(3, I_STR, 0xFFBEF8C8) = 0 16989: stat("/etc/.syslog_door", 0xFFBEF840) = 0 16989: umount2("/etc/.syslog_door", 0x00000000) = 0 16989: door_create(0x0001DCD0, 0x00000000, 0x00000000) = 5 16989: getpid() = 16989 [1] 16989: ioctl(5, I_CANPUT, 0x00000000) Err#89 ENOSYS 16989: door_info(5, 0xFFBEF7A8) = 0 16989: mount("", "/etc/.syslog_door", 0x00000804, "namefs", 0xFFBEF7A4, 4) = 0 16989: getpid() = 16989 [1] 16989: time() = 1078752370 16989: open("/var/log/testlog", O_WRONLY|O_APPEND|O_NONBLOCK|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 6 16989: chown("/var/log/testlog", 0, 0) = 0 16989: chmod("/var/log/testlog", 0600) = 0
here the file has been created and open for appending, but nothing has been written to it.
Hmm.. I am reading the source but I can't see how it would create a file beforehand. I also tried strace-ing my syslog-ng process and it really does not create the file: open("syslog-ng.conf", O_RDONLY) = 3 ioctl(3, TCGETS, 0xbffff6d0) = -1 ENOTTY (Inappropriate ioctl for device) fstat64(3, {st_mode=S_IFREG|0644, st_size=232, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000 read(3, "options { gc_idle_threshold(3000"..., 8192) = 232 read(3, "", 4096) = 0 read(3, "", 8192) = 0 ioctl(3, TCGETS, 0xbffff1a0) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 munmap(0x40018000, 4096) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 write(2, "binding fd 3, inetaddr: 0.0.0.0,"..., 44) = 44 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 bind(3, {sa_family=AF_INET, sin_port=htons(2000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 write(2, "io.c: listening on fd 3\n", 24) = 24 listen(3, 256) = 0 write(2, "syslog-ng version 1.6.2 starting"..., 33) = 33 rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGHUP, {0x8049d0c, [HUP], SA_RESTART}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, {0x8049d30, [TERM], SA_RESTART}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGCHLD, {0x8049d54, [CHLD], SA_RESTART}, {SIG_DFL}, 8) = 0 time(NULL) = 1078763989 time(NULL) = 1078763989 poll([{fd=3, events=POLLIN}], 1, 100) = 0 Here's my config file: options { gc_idle_threshold(3000); gc_busy_threshold(30000); check_hostname(yes); use_dns(no); }; source src { tcp(port(2000)); internal(); }; destination d_spoof { file("varangy"); }; log { source(src); destination(d_spoof); }; now stracing when sending a message (continuing the previous strace dump): poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 600000) = 1 accept(3, {sa_family=AF_INET, sin_port=htons(33337), sin_addr=inet_addr("127.0.0.1")}, [16]) = 4 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 write(2, "AF_INET client connected from 12"..., 52) = 52 write(2, "io.c: Preparing fd 4 for reading"..., 33) = 33 time(NULL) = 1078764110 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 2, 100) = 0 poll([{fd=4, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}], 2, 583000) = 1 read(4, "abcdef\r\n", 2048) = 8 time(NULL) = 1078764112 time(NULL) = 1078764112 open("/etc/localtime", O_RDONLY) = 5 fstat64(5, {st_mode=S_IFREG|0644, st_size=866, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000 read(5, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"..., 4096) = 866close(5) = 0 munmap(0x40018000, 4096) = 0 open("varangy", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 5 chown32(0x8061458, 0, 0) = -1 EPERM (Operation not permitted) chmod("varangy", 0600) = 0 fcntl64(5, F_GETFL) = 0x8c01 (flags O_WRONLY|O_NONBLOCK|O_APPEND|O_LARGEFILE) fcntl64(5, F_SETFL, O_WRONLY|O_NONBLOCK|O_APPEND|O_LARGEFILE) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 Reading the source I still cannot see how it would create the file during initialization. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
That's really strange. Here is some additional info: root@dev-ims1 # /sbin/syslog-ng -V syslog-ng 1.6.2 root@dev-ims1 # uname -a SunOS dev-ims1 5.8 Generic_108528-23 sun4u sparc SUNW,Ultra-60 root@dev-ims1 # gcc --version gcc (GCC) 3.2.1 Copyright (C) 2002 Free Software Foundation, Inc. compilation: ./configure --enable-sun-streams --enable-sun-door --with-libol=/usr/local/bin; make; make install Complete truss output is available here: http://www.marvin.cz/ng . It shows start of syslog-ng under truss utility, some restarts (kill -HUP) and activity after 'logger' command. If I can deliver more info, just tell me what you need. I really like syslog-ng, but there are some problems that cause us trouble... and I really want them to go away. Balazs Scheidler wrote:
2004-03-08, h keltezéssel 15:41-kor Pavel Urban ezt írta:
I cannot confirm this. Here is an output from truss utility (only relevant part): <snip>
Reading the source I still cannot see how it would create the file during initialization.
-- *********************************************************************** Pavel Urban (pavel.urban@hq.iol.cz) IOL system disaster Internet OnLine, www.iol.cz *********************************************************************** Vegetables should not operate electronic equipment. Computer Stupidities, http://rinkworks.com/stupid/ ***********************************************************************
participants (2)
-
Balazs Scheidler
-
Pavel Urban