syslog-ng and solaris doors again
Hi, I have digged into low level solaris. I found the followings: * I receive NULL's in the server procs parameters, because they are sent as NULLs. (I've put a breakpoint in _door_call, and after familiarizing myself with SPARC assembly, I could find the passed door_arg_t structure, and the fields are indeed NULLs. * Seeing the truss output of the logger program I found that the message is also sent to the sun STREAMS device /dev/log So as it seems the native syslogd receives the message using STREAMS instead of the door. The reason for this is unknown, maybe if the message is successfully sent using STREAMS, it is not sent via the DOOR. I have began implementing the STREAMS driver. (to be exact, I have already hacked it together, currently trying to compile it) -- Bazsi
I have began implementing the STREAMS driver. (to be exact, I have already hacked it together, currently trying to compile it)
I have released version 1.1.25, which includes this STREAMS driver. But I couldnot test this, since it really requires root privileges. It compiles fine. To use it you'll need a sun-stream entry in your source specification: source sun { sun-streams /dev/log; sun-door /etc/.syslog_door; internal; }; You can find the new version at the usual places: http://www.balabit.hu/downloads/syslog-ng/source -- Bazsi
source sun { sun-streams /dev/log; sun-door /etc/.syslog_door; internal; };
Q. Do you need to indicate both? This is to cover Suns' incomplete coding job? SIGHUP works. Compiled... messages are not getting through. Still have to toss it into the debugger to see if messages are being passed -- or what the bottom error message is trying to say. This is from the command line saying that something else is happening that might be causing a problem. coquille{root}32: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf syslog-ng version 1.1.25 starting do_stream_read: getmsg() failed Error 0 SIGHUP received, restarting syslog-ng new configuration initialized do_stream_read: getmsg() failed Error 0 Rob
On Wed, Jun 16, 1999 at 03:21:04PM -0400, Rob Cermak wrote:
source sun { sun-streams /dev/log; sun-door /etc/.syslog_door; internal; };
Q. Do you need to indicate both? This is to cover Suns' incomplete coding job?
hmm... I don't know. native syslogds open both, so I assume it must have a reason. I can exactly remember that the door stuff worked this way. For some strange reason the syslog client NULLs out the argument, but don't ask me why. The worst of all it is not documented anywhere, and the only solution would be to disassemble the syslog.o member of /lib/libc.a. I tried but I am not experienced at SPARC assembly.
SIGHUP works.
Compiled... messages are not getting through. Still have to toss it into the debugger to see if messages are being passed -- or what the bottom error message is trying to say.
This is from the command line saying that something else is happening that might be causing a problem.
coquille{root}32: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf syslog-ng version 1.1.25 starting do_stream_read: getmsg() failed Error 0 SIGHUP received, restarting syslog-ng new configuration initialized do_stream_read: getmsg() failed Error 0
hmmm... this most probably means that the received log message doesn't fit the supplied buffer. Could you provide an truss output on this one? -- Bazsi
More info. SIGHUP logs internal messages now to the specified syslog :) Jun 16 15:22:08 src@coquille syslog-ng[1703]: syslog-ng version 1.1.25 starting Jun 16 15:22:08 src@coquille syslog-ng[1703]: do_stream_read: getmsg() failed Error 0 Jun 16 15:22:23 src@coquille syslog-ng[1703]: SIGHUP received, restarting syslog-ng This might be enough to test to see if I can get the 'internal' messages transported to a Linux box syslog. Rob
Follow-up: It looks like the file descriptor for the streams is never initialized. The routine do_init_afstreams_source is never called. (gdb) break do_init_afstreams_source Breakpoint 1 at 0x1cbd8: file afstreams.c, line 126. (gdb) run -d -f /etc/syslog-ng.conf Starting program: /h0/cermak/src/syslog-ng-1.1.25/src/./syslog-ng -d -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.25 starting [New LWP 5 ] Program received signal SIGHUP, Hangup. 0xef637368 in poll () (gdb) cont Continuing. SIGHUP received, restarting syslog-ng new configuration initialized [New LWP 6 ] ^C Program received signal SIGINT, Interrupt. 0xef637368 in poll () (gdb) quit On Wed, 16 Jun 1999, Rob Cermak wrote:
More info.
SIGHUP logs internal messages now to the specified syslog :)
Jun 16 15:22:08 src@coquille syslog-ng[1703]: syslog-ng version 1.1.25 starting Jun 16 15:22:08 src@coquille syslog-ng[1703]: do_stream_read: getmsg() failed Error 0 Jun 16 15:22:23 src@coquille syslog-ng[1703]: SIGHUP received, restarting syslog-ng
This might be enough to test to see if I can get the 'internal' messages transported to a Linux box syslog.
Rob
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng
It looks like the file descriptor for the streams is never initialized. The routine do_init_afstreams_source is never called.
(gdb) break do_init_afstreams_source Breakpoint 1 at 0x1cbd8: file afstreams.c, line 126. (gdb) run -d -f /etc/syslog-ng.conf Starting program: /h0/cermak/src/syslog-ng-1.1.25/src/./syslog-ng -d -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.25 starting [New LWP 5 ]
Program received signal SIGHUP, Hangup. 0xef637368 in poll () (gdb) cont Continuing. SIGHUP received, restarting syslog-ng new configuration initialized [New LWP 6 ] ^C Program received signal SIGINT, Interrupt. 0xef637368 in poll () (gdb) quit
It must have been called, because otherwise you would not see those getmsg() failed messages. Are you sure the sun-streams driver is listed in your source statement? -- Bazsi
On Thu, 17 Jun 1999, Balazs Scheidler wrote:
It looks like the file descriptor for the streams is never initialized. The routine do_init_afstreams_source is never called.
(gdb) break do_init_afstreams_source Breakpoint 1 at 0x1cbd8: file afstreams.c, line 126. (gdb) run -d -f /etc/syslog-ng.conf Starting program: /h0/cermak/src/syslog-ng-1.1.25/src/./syslog-ng -d -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.25 starting [New LWP 5 ]
Program received signal SIGHUP, Hangup. 0xef637368 in poll () (gdb) cont Continuing. SIGHUP received, restarting syslog-ng new configuration initialized [New LWP 6 ] ^C Program received signal SIGINT, Interrupt. 0xef637368 in poll () (gdb) quit
It must have been called, because otherwise you would not see those getmsg() failed messages. Are you sure the sun-streams driver is listed in your source statement?
Yup. Get the same result in the syslog. Here is the config: options { sync(1); }; # Setup source pipes #source src { sun-door /etc/.syslog_door; internal; }; source src { sun-streams /dev/log; sun-door /etc/.syslog_door; internal; }; # Setup destination pipes destination everything { file /var/log/sys sync(2); }; #destination everything { udp 128.6.86.2,514; }; # Connect log pipes from source to destination log { source src; destination everything; }; In the log file: Jun 21 11:59:02 src@coquille syslog-ng[2787]: syslog-ng version 1.1.25 starting Jun 21 11:59:02 src@coquille syslog-ng[2787]: do_stream_read: getmsg() failed Error 0 Jun 21 11:59:15 src@coquille syslog-ng[2787]: SIGHUP received, restarting syslog-ng Rob
participants (2)
-
Balazs Scheidler
-
Rob Cermak