[syslog-ng] Problems with syslog-ng use over a redireted port inside an SSH s ession

Edwards, David david.edwards@eds.com
Mon, 10 Jul 2000 20:43:41 +0930


Hi,

> -----Original Message-----
> From: Balazs Scheidler [mailto:bazsi@balabit.hu]
> Subject: Re: [syslog-ng] Problems with syslog-ng use over a redireted
> port inside an SSH s ession
> 
> > > > I'm using syslog-ng over redirected ports inside an SSH 
> > > > channel and whenever I HUP syslog-ng, the SSH channel 
> > > > closes
> > > 
> > > Maybe you should try to handle the SIGPIPE signal in your 
> perl script?
> > > though SIGPIPE should occur only on output, reading from a 
> > > broken socket
> > > should result in an EPIPE to be returned.

>From what I can tell, the channel drops when the child
process writing to it exits.  I can trap the SIGPIPE and the
channel stays up but as soon as the child closes the socket
and exits, the channel drops. I think the script needs 
a re-think :-)

> syslog-ng closes TCP connections when a SIGHUP is received, 
> but you can
> change this behaviour with the keep-alive option.
> 
> destination all { tcp("loghost" port(1514) keep-alive(yes)); };

Thanks, this works a treat!  RTFM eh..

I've used it in the source rules however.
  tcp(ip("127.0.0.12") port(51400) keep-alive(yes));

The script _sends_ logs to a remote syslog-ng loghost which
listens on a localhost port redirected over the ssh
channel.

I'm sure the problem is in the script now so I'll leave 
you folks alone.  Looks like it's back to the drawing
board again.

Thanks for the help!

ciao
dave
----
Dave Edwards
mailto:david.edwards@eds.com
Ph: +61 8 83015720 
EDS Network Support
Glenside,  South Australia
----
PGP Fingerprint: B9C0 AB83 F18B CE88 C167  67B9 6AB2 C630 3DC9 ACC2