Having had success running syslog-ng 1.1.14 locally, I tried just now setting it up to receive messages via UDP, but I can't get it to work. Using the output of 'lsof' as a guide, I can see that the UDP port is opened, but once I send syslog-ng a message from a remote machine, the message "vanishes" and the UDP port is closed, though the program continues to run and accept local messages. -- Scott Dellinger Systems Administrator, JMU Technical Services dellinsd@jmu.edu
On Mon, May 10, 1999 at 09:58:57AM -0400, Scott Dellinger wrote:
Having had success running syslog-ng 1.1.14 locally, I tried just now setting it up to receive messages via UDP, but I can't get it to work. Using the output of 'lsof' as a guide, I can see that the UDP port is opened, but once I send syslog-ng a message from a remote machine, the message "vanishes" and the UDP port is closed, though the program continues to run and accept local messages.
strange... it works for me (tm). Could you send me your configuration file? -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
On Mon, 10 May 1999, Balazs Scheidler wrote:
On Mon, May 10, 1999 at 09:58:57AM -0400, Scott Dellinger wrote:
Having had success running syslog-ng 1.1.14 locally, I tried just now setting it up to receive messages via UDP, but I can't get it to work. strange... it works for me (tm). Could you send me your configuration file?
I can, but it doesn't seem to matter what the source line is set to -- the same behavior happens every time a UDP packet is received for the first time -- so I'm not sure it'd help. I guess I can try gdb this afternoon to see if I can figure out where it's going wrong. An example of a configuration I've used is the example syslog-ng.conf included with the 1.1.14 source with the "source" line changed from source src { unix-stream /dev/log; tcp 0.0.0.0,1999; internal; }; to source src { unis-stream /dev/log; udp 0.0.0.0,514; internal; }; and everything else left the same. -- Scott Dellinger Systems Administrator, JMU Technical Services dellinsd@jmu.edu
Through further experimentation, I have found out more information on my UDP problem. In short: syslog-ng, or more accurately, libol (do_read_line() in read_line.c) requires all messages to end in '\n'. This is fine for messages sent from a Linux box, but not for messages sent from some other systems (HP-UX, and probably others). If I remember correctly, the standard BSD implementation doesn't require a linefeed character, so it's not a good idea to depend on it, and the standard Linux sysklogd not only doesn't require a LF, but actually goes and converts them to spaces. Given the current implementation, the easiest thing to do might be to ensure that messages received via UDP end in a linefeed, appending one if necessary. While not technically the "best" way to fix this, it's certainly the easiest. -- Scott Dellinger Systems Administrator, JMU Technical Services dellinsd@jmu.edu
Through further experimentation, I have found out more information on my UDP problem. In short: syslog-ng, or more accurately, libol (do_read_line() in read_line.c) requires all messages to end in '\n'. This is fine for messages sent from a Linux box, but not for messages sent from some other systems (HP-UX, and probably others). If I remember correctly, the standard BSD implementation doesn't require a linefeed character, so it's not a good idea to depend on it, and the standard Linux sysklogd not only doesn't require a LF, but actually goes and converts them to spaces. Given the current implementation, the easiest thing to do might be to ensure that messages received via UDP end in a linefeed, appending one if necessary. While not technically the "best" way to fix this, it's certainly the easiest.
read_line looks for both \n and \0 to end a line. Maybe HP-UX doesn't add \0 either? I've run into some design problems regarding UDP packets, so I am redesigning some internal parts of syslog-ng. (internally there's currently no way passing a source address along with a log message => I can't find out the source hostname with udp packets) As soon as this is resolved, I'll release a new version. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
The reply to my last message on this from a couple days ago seems to have gotten lost somehow, but I basically remember it. Yes, I see that syslog-ng (or libol; whichever) will handle messages ending in either '\n' or '\0', but those sent by an HP-UX box just *end* -- no linefeed or null character. That's why syslog-ng breaks: it doesn't see the end of the message and expects more to follow. -- Scott Dellinger Systems Administrator, JMU Technical Services dellinsd@jmu.edu
participants (2)
-
Balazs Scheidler
-
Scott Dellinger