Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged. But I am not getting any messages in serial port or ssh. I am sending the configurations and the debug log in attachment. Can you help me to understand what is happening? Thanks in advance, Alex
Hi Alex! I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2' Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos If you don't see a tty with ssh login, that can explain it. About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port? Regards, Gabor ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Friday, October 23, 2020 17:46 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged. But I am not getting any messages in serial port or ssh. I am sending the configurations and the debug log in attachment. Can you help me to understand what is happening? Thanks in advance, Alex
Hi Gabor, I am running a Debian buster in a VBox guest. Can you check which terminals are the user 'thanos' logged in? *root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATthanos ttyS0 - Mon20 8:27 0.05s 0.04s -bashthanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bashthanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv]thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]* Here are the serial configurations: *root@debian10st:/home/thanos# stty -F /dev/ttyS0 -aspeed 9600 baud; rows 24; columns 80; line = 0;intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard = <undef>; min = 1; time = 0;-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extprocroot@debian10st:/home/thanos# stty -F /dev/pts/0 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard = <undef>; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* *root@debian10st:/home/thanos# stty -F /dev/pts/1 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* *root@debian10st:/home/thanos# stty -F /dev/pts/2 -aspeed 38400 baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc* Thanks, Alex On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port?
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, October 23, 2020 17:46 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thanks for the info! It looks good, messages should be seen on ssh and on serial console too. Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please? ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Tuesday, October 27, 2020 10:20 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Gabor, I am running a Debian buster in a VBox guest. Can you check which terminals are the user 'thanos' logged in? root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv] thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv] Here are the serial configurations: root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a speed 9600 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/0 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/1 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/2 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc Thanks, Alex On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com<mailto:Gabor.Nagy@oneidentity.com>> wrote: Hi Alex! I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2' Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos If you don't see a tty with ssh login, that can explain it. About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port? Regards, Gabor ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Friday, October 23, 2020 17:46 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged. But I am not getting any messages in serial port or ssh. I am sending the configurations and the debug log in attachment. Can you help me to understand what is happening? Thanks in advance, Alex ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uLzSrjVRpdHdUeYGd5oKCyalC9zt9EPR8%2F7rc%2BrmG8Y%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=x0ploVfgWoWXdwd14XpF46Rtb1VZJ7KNNZL5RjBE%2BIY%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243562552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=D%2FTy0bCNhsysvG7HWYtJGquzYyjWCCFC5lPaUVhXtdM%3D&reserved=0>
Hi Gabor, Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem. Furthermore, I tried strace and saw the following: *[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0[pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96[pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)* Do you know why? I am launching syslog-ng as root. (full strace in attachment) Regards, Alex *thanos@debian10st:~$ echo test > /dev/ttyS0testroot@debian10st:/home/thanos# who am ithanos pts/1 2020-10-26 20:21 (10.0.2.2)root@debian10st:/home/thanos# echo "test1" > /dev/pts/1test1root@debian10st:/home/thanos#thanos@debian10st:~$ who am ithanos pts/0 2020-10-26 20:21 (10.0.2.2)thanos@debian10st:~$ echo "test0" > /dev/pts/0test0thanos@debian10st:~$root@debian10st:/home/thanos# who am ithanos pts/2 2020-10-26 20:26 (10.0.2.2)root@debian10st:/home/thanos# echo "test2" > /dev/pts/2test2* On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Thanks for the info!
It looks good, messages should be seen on ssh and on serial console too. Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please? ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Tuesday, October 27, 2020 10:20 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Gabor,
I am running a Debian buster in a VBox guest.
Can you check which terminals are the user 'thanos' logged in?
*root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv] thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]*
Here are the serial configurations:
*root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a speed 9600 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/0 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/1 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/2 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
Thanks, Alex
On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port?
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, October 23, 2020 17:46 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uLzSrjVRpdHdUeYGd5oKCyalC9zt9EPR8%2F7rc%2BrmG8Y%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=x0ploVfgWoWXdwd14XpF46Rtb1VZJ7KNNZL5RjBE%2BIY%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243562552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=D%2FTy0bCNhsysvG7HWYtJGquzYyjWCCFC5lPaUVhXtdM%3D&reserved=0>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Gabor, Do you have some news regarding this issue? Another update from my side, is that if I login as root in serial console, I am able to get the notifications: *[pid 4155] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = 18</dev/ttyS0<char 4:64>>[pid 4155] write(18</dev/ttyS0<char 4:64>>, "2020 Nov 2 16:14:35 debian10st Entry local0.crit 2020-11-02T16:14:35,489343700+00:00\n", 86) = 86[pid 4155] close(18</dev/ttyS0<char 4:64>>) = 0* *root@debian10st:/home/thanos# w thanos 16:19:50 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATthanos pts/0 10.0.2.2 26Oct20 6:14 0.07s 1.85s sshd: thanos [priv]thanos pts/1 10.0.2.2 26Oct20 6:37 0.12s 1.87s sshd: thanos [priv]thanos pts/2 10.0.2.2 26Oct20 0.00s 0.05s 1.93s sshd: thanos [priv]root@debian10st:/home/thanos# w root 16:20:15 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATroot ttyS0 - 16:14 13.00s 0.01s 0.01s -bash* Any help appreciated. Thanks, Alex On Wed, Oct 28, 2020 at 5:24 PM Alexandre Santos < alexandre.rosas.santos@gmail.com> wrote:
Hi Gabor,
Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.
Furthermore, I tried strace and saw the following:
*[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0[pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96[pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)*
Do you know why? I am launching syslog-ng as root. (full strace in attachment)
Regards, Alex
*thanos@debian10st:~$ echo test > /dev/ttyS0testroot@debian10st:/home/thanos# who am ithanos pts/1 2020-10-26 20:21 (10.0.2.2)root@debian10st:/home/thanos# echo "test1" > /dev/pts/1test1root@debian10st:/home/thanos#thanos@debian10st:~$ who am ithanos pts/0 2020-10-26 20:21 (10.0.2.2)thanos@debian10st:~$ echo "test0" > /dev/pts/0test0thanos@debian10st:~$root@debian10st:/home/thanos# who am ithanos pts/2 2020-10-26 20:26 (10.0.2.2)root@debian10st:/home/thanos# echo "test2" > /dev/pts/2test2*
On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Thanks for the info!
It looks good, messages should be seen on ssh and on serial console too. Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please? ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Tuesday, October 27, 2020 10:20 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Gabor,
I am running a Debian buster in a VBox guest.
Can you check which terminals are the user 'thanos' logged in?
*root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv] thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]*
Here are the serial configurations:
*root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a speed 9600 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/0 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/1 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/2 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
Thanks, Alex
On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port?
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, October 23, 2020 17:46 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uLzSrjVRpdHdUeYGd5oKCyalC9zt9EPR8%2F7rc%2BrmG8Y%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243552549%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=x0ploVfgWoWXdwd14XpF46Rtb1VZJ7KNNZL5RjBE%2BIY%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C2dfa988e5c4d440b226008d87a598751%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637393872243562552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=D%2FTy0bCNhsysvG7HWYtJGquzYyjWCCFC5lPaUVhXtdM%3D&reserved=0>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Alex! When syslog-ng is running as root and you see permission access problems, it's most likely due to Linux capabilities [1]. Even running as root, syslog-ng is dropping most of it's capabilities, unless they are configured with the --caps command line option. The easiest solution is if you don't need Linux capabilities is to use the "--no-caps" command line option of syslog-ng (put it into syslog-ng's service file for permanent setup). If you would like to use Linux capabilities and tune syslog-ng to use the necessary capabilities I recommend one of our blog posts as a starting point: https://www.syslog-ng.com/community/b/blog/posts/working-around-linux-capabi... I'll add some error messages to usertty() driver to detect future issues. [1] https://man7.org/linux/man-pages/man7/capabilities.7.html Regards, Gabor ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Monday, November 2, 2020 17:21 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Gabor, Do you have some news regarding this issue? Another update from my side, is that if I login as root in serial console, I am able to get the notifications: [pid 4155] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = 18</dev/ttyS0<char 4:64>> [pid 4155] write(18</dev/ttyS0<char 4:64>>, "2020 Nov 2 16:14:35 debian10st Entry local0.crit 2020-11-02T16:14:35,489343700+00:00\n", 86) = 86 [pid 4155] close(18</dev/ttyS0<char 4:64>>) = 0 root@debian10st:/home/thanos# w thanos 16:19:50 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos pts/0 10.0.2.2 26Oct20 6:14 0.07s 1.85s sshd: thanos [priv] thanos pts/1 10.0.2.2 26Oct20 6:37 0.12s 1.87s sshd: thanos [priv] thanos pts/2 10.0.2.2 26Oct20 0.00s 0.05s 1.93s sshd: thanos [priv] root@debian10st:/home/thanos# w root 16:20:15 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root ttyS0 - 16:14 13.00s 0.01s 0.01s -bash Any help appreciated. Thanks, Alex On Wed, Oct 28, 2020 at 5:24 PM Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> wrote: Hi Gabor, Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem. Furthermore, I tried strace and saw the following: [pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0 [pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96 [pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied) Do you know why? I am launching syslog-ng as root. (full strace in attachment) Regards, Alex thanos@debian10st:~$ echo test > /dev/ttyS0 test root@debian10st:/home/thanos# who am i thanos pts/1 2020-10-26 20:21 (10.0.2.2) root@debian10st:/home/thanos# echo "test1" > /dev/pts/1 test1 root@debian10st:/home/thanos# thanos@debian10st:~$ who am i thanos pts/0 2020-10-26 20:21 (10.0.2.2) thanos@debian10st:~$ echo "test0" > /dev/pts/0 test0 thanos@debian10st:~$ root@debian10st:/home/thanos# who am i thanos pts/2 2020-10-26 20:26 (10.0.2.2) root@debian10st:/home/thanos# echo "test2" > /dev/pts/2 test2 On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com<mailto:Gabor.Nagy@oneidentity.com>> wrote: Thanks for the info! It looks good, messages should be seen on ssh and on serial console too. Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please? ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Tuesday, October 27, 2020 10:20 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: Re: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Gabor, I am running a Debian buster in a VBox guest. Can you check which terminals are the user 'thanos' logged in? root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv] thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv] Here are the serial configurations: root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a speed 9600 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/0 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/1 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/2 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc Thanks, Alex On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com<mailto:Gabor.Nagy@oneidentity.com>> wrote: Hi Alex! I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2' Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos If you don't see a tty with ssh login, that can explain it. About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port? Regards, Gabor ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Friday, October 23, 2020 17:46 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: [syslog-ng] Using usertty CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged. But I am not getting any messages in serial port or ssh. I am sending the configurations and the debug log in attachment. Can you help me to understand what is happening? Thanks in advance, Alex ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064749117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=7vP5RvwprdjTsnpxn%2FGKZSnLKEKNMkZSWLRNm0VcmWM%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064759123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Xm7GImjSLVZjF%2FxVZnfekoEcneSZtZbGLVUMgQjCXbg%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064769102%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=mYy8R5ApHZkNnPpzWBej0b5puajc1UXSZRAmKGtai3Y%3D&reserved=0> ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=IJAXC5HyXCssCt0wEokwSAAtyGlr95rEivm4n2oecWc%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=EmG04zdddhO3YGOAs3wy5C3cQaDjZnImfMX3oIpJXuU%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064789099%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=OuBE9WCW2aBFClFyvG%2FuyfmrJTCuJRcLps6xNvnLkmQ%3D&reserved=0>
Hi Gabor, Thanks for the hint. It was really due to Linux capabilities. When running by default syslog-ng has the following capabilities: *root@debian10st:/home/thanos# ps -ewfH | grep syslogmessage+ 410 1 0 Oct27 ? 00:00:28 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-onlyroot 5185 2168 0 16:07 pts/0 00:00:00 grep syslogroot 5178 4138 0 16:06 pts/1 00:00:00 /usr/sbin/syslog-ng -Fvde --cfgfile=/home/thanos/syslog-ng.2.conf root@debian10st:/home/thanos# getpcaps 5178Capabilities for `5178': = cap_syslog+ep cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_net_bind_service,cap_net_broadcast,cap_net_raw+p* By changing capability of discretionary access control to also be effective, I was able to broadcast the log messages using usertty(*) *usr/sbin/syslog-ng -Fvde --cfgfile=/home/thanos/syslog-ng.2.conf --caps "cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_search,cap_chown,cap_fowner=p cap_dac_override,cap_syslog=ep"* *root@debian10st:/home/thanos# getpcaps $(pgrep syslog-ng)Capabilities for `5471': = cap_dac_override,cap_syslog+ep cap_chown,cap_dac_read_search,cap_fowner,cap_net_bind_service,cap_net_broadcast,cap_net_raw+p* Cheers, Alex On Wed, Nov 4, 2020 at 9:25 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
When syslog-ng is running as root and you see permission access problems, it's most likely due to Linux capabilities [1]. Even running as root, syslog-ng is dropping most of it's capabilities, unless they are configured with the --caps command line option.
The easiest solution is if you don't need Linux capabilities is to use the "--no-caps" command line option of syslog-ng (put it into syslog-ng's service file for permanent setup). If you would like to use Linux capabilities and tune syslog-ng to use the necessary capabilities I recommend one of our blog posts as a starting point:
https://www.syslog-ng.com/community/b/blog/posts/working-around-linux-capabi...
I'll add some error messages to usertty() driver to detect future issues.
[1] https://man7.org/linux/man-pages/man7/capabilities.7.html
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Monday, November 2, 2020 17:21 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Gabor,
Do you have some news regarding this issue? Another update from my side, is that if I login as root in serial console, I am able to get the notifications:
*[pid 4155] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = 18</dev/ttyS0<char 4:64>> [pid 4155] write(18</dev/ttyS0<char 4:64>>, "2020 Nov 2 16:14:35 debian10st Entry local0.crit 2020-11-02T16:14:35,489343700+00:00\n", 86) = 86 [pid 4155] close(18</dev/ttyS0<char 4:64>>) = 0*
*root@debian10st:/home/thanos# w thanos 16:19:50 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos pts/0 10.0.2.2 26Oct20 6:14 0.07s 1.85s sshd: thanos [priv] thanos pts/1 10.0.2.2 26Oct20 6:37 0.12s 1.87s sshd: thanos [priv] thanos pts/2 10.0.2.2 26Oct20 0.00s 0.05s 1.93s sshd: thanos [priv] root@debian10st:/home/thanos# w root 16:20:15 up 6 days, 24 min, 4 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root ttyS0 - 16:14 13.00s 0.01s 0.01s -bash * Any help appreciated. Thanks, Alex
On Wed, Oct 28, 2020 at 5:24 PM Alexandre Santos < alexandre.rosas.santos@gmail.com> wrote:
Hi Gabor,
Thanks for your help, testing with echo "test" is working fine (check bellow), but with usertty, I still have the same problem.
Furthermore, I tried strace and saw the following:
*[pid 2177] rt_sigaction(SIGALRM, {sa_handler=0x7fa889b23e10, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa889541840}, NULL, 8) = 0 [pid 2177] write(2</dev/pts/1<char 136:1>>, "[2020-10-28T17:15:36.178232] Posting message to user terminal; user='thanos', line='/dev/ttyS0'\n", 96) = 96 [pid 2177] openat(AT_FDCWD, "/dev/ttyS0", O_WRONLY|O_NOCTTY|O_APPEND|O_NONBLOCK) = -1 EACCES (Permission denied)*
Do you know why? I am launching syslog-ng as root. (full strace in attachment)
Regards, Alex
*thanos@debian10st:~$ echo test > /dev/ttyS0 test root@debian10st:/home/thanos# who am i thanos pts/1 2020-10-26 20:21 (10.0.2.2) root@debian10st:/home/thanos# echo "test1" > /dev/pts/1 test1 root@debian10st:/home/thanos# thanos@debian10st:~$ who am i thanos pts/0 2020-10-26 20:21 (10.0.2.2) thanos@debian10st:~$ echo "test0"
/dev/pts/0 test0 thanos@debian10st:~$ root@debian10st:/home/thanos# who am i thanos pts/2 2020-10-26 20:26 (10.0.2.2) root@debian10st:/home/thanos# echo "test2" > /dev/pts/2 test2*
On Wed, Oct 28, 2020 at 3:33 PM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Thanks for the info!
It looks good, messages should be seen on ssh and on serial console too. Can you try out if you can write in the /dev/ttyS0 file (and/or the ssh login console, in your example /dev/pts/1) with a simple "echo test" command and see if it appears on the console, please? ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Tuesday, October 27, 2020 10:20 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Gabor,
I am running a Debian buster in a VBox guest.
Can you check which terminals are the user 'thanos' logged in?
*root@debian10st:/home/thanos# w thanos 09:15:47 up 22:00, 4 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT thanos ttyS0 - Mon20 8:27 0.05s 0.04s -bash thanos pts/0 10.0.2.2 Mon20 12:54m 0.03s 0.03s -bash thanos pts/1 10.0.2.2 Mon20 12:50m 0.12s 0.18s sshd: thanos [priv] thanos pts/2 10.0.2.2 Mon20 1.00s 0.04s 0.20s sshd: thanos [priv]*
Here are the serial configurations:
*root@debian10st:/home/thanos# stty -F /dev/ttyS0 -a speed 9600 baud; rows 24; columns 80; line = 0; intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon -iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc root@debian10st:/home/thanos# stty -F /dev/pts/0 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>; discard = <undef>; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/1 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
*root@debian10st:/home/thanos# stty -F /dev/pts/2 -a speed 38400 baud; rows 50; columns 184; line = 0; intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0; -parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8 opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc *
Thanks, Alex
On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) < Gabor.Nagy@oneidentity.com> wrote:
Hi Alex!
I've checked your attachments and I see that the messages are sent to pseudo-terminals and the serial port too: [2020-10-23T16:40:20.647481] Posting message to user terminal; user='thanos', line='/dev/ttyS0' [2020-10-23T16:40:20.647518] Posting message to user terminal; user='thanos', line='/dev/pts/0' [2020-10-23T16:40:20.647530] Posting message to user terminal; user='thanos', line='/dev/pts/1' [2020-10-23T16:40:20.647541] Posting message to user terminal; user='thanos', line='/dev/pts/2'
Can you check which terminals are the user 'thanos' logged in? E.g. use the following command on the command line: $w thanos
If you don't see a tty with ssh login, that can explain it.
About the serial port, maybe it's misconfigured. Syslog-ng uses simple open/write calls on the device files , e.g. /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a simple "echo test" command, please? Can you tell us a bit more about your host and how did you set up the serial port?
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, October 23, 2020 17:46 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Using usertty
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi, I am trying to use usertty(*) to send log all messages with severity equal or higher than critical to every user logged.
But I am not getting any messages in serial port or ssh.
I am sending the configurations and the debug log in attachment.
Can you help me to understand what is happening?
Thanks in advance, Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064749117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=7vP5RvwprdjTsnpxn%2FGKZSnLKEKNMkZSWLRNm0VcmWM%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064759123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Xm7GImjSLVZjF%2FxVZnfekoEcneSZtZbGLVUMgQjCXbg%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064769102%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=mYy8R5ApHZkNnPpzWBej0b5puajc1UXSZRAmKGtai3Y%3D&reserved=0>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=IJAXC5HyXCssCt0wEokwSAAtyGlr95rEivm4n2oecWc%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064779100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=EmG04zdddhO3YGOAs3wy5C3cQaDjZnImfMX3oIpJXuU%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C9553d7729d9649f9de9f08d87f4b6286%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637399309064789099%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=OuBE9WCW2aBFClFyvG%2FuyfmrJTCuJRcLps6xNvnLkmQ%3D&reserved=0>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Alexandre Santos
-
Gabor Nagy (gnagy)