[syslog-ng]Trying to send log over network
Simeon Johnston
simeonuj@eetc.com
Wed, 21 Feb 2001 10:39:05 -0600
This is a multi-part message in MIME format.
--------------09438475A0686EC866C7E3EF
Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 7bit
Here are the configs.
I have added as an attachment the strace output files using "strace -f -ff -o
localfile syslog-ng".
This is the config for the problem conputers.
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (on);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys { unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/var/log/ng/kern.log"); };
destination d_mesg { file("/var/log/ng/messages"); };
destination d_auth { file("/var/log/ng/secure"); };
destination d_mail { file("/var/log/ng/maillog"); };
destination d_spol { file("/var/log/ng/spooler"); };
destination d_boot { file("/var/log/ng/boot.log"); };
destination d_mlal { file("/var/log/ng/emerg.log"); };
destination d_bg { tcp("192.168.1.19:514"); };
destination d_sshd { file("/var/log/ng/sshd.log"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_tcplog { level(debug); };
filter f_sshd { match("sshd"); };
log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_tcplog); destination(d_bg); };
log { source(s_sys); filter(f_sshd); destination(d_sshd); };
This is the logserver config
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (on);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys { unix-stream ("/dev/log"); internal(); };
source s_tcp { tcp (ip(192.168.1.1) port(10001)); };
destination d_cons { file("/var/log/ng/kernel"); };
destination d_mesg { file("/var/log/ng/messages"); };
destination d_auth { file("/var/log/ng/secure"); };
destination d_mail { file("/var/log/ng/maillog"); };
destination d_spol { file("/var/log/ng/spooler"); };
destination d_boot { file("/var/log/ng/boot.log"); };
destination d_mlal { file("/var/log/ng/emerg.log"); };
destination d_pptp { file("/var/log/ng/pptpd.log"); };
destination d_daemon { file("/var/log/ng/daemon.log"); };
destination d_firewall { file("/var/log/ng/firewall.log"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and not facility(mail,authpriv,kern); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp); };
filter f_pptpd { match("pptpd"); };
filter f_daemon { facility(daemon); };
filter f_boot { facility(local7); };
filter f_firewall { level(debug); };
log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_pptpd); destination(d_pptp); };
log { source(s_sys); filter(f_daemon); destination(d_daemon); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_tcp); filter(f_firewall); destination(d_firewall); };
Thank you for your help.
sim
"Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" wrote:
> 1. No syslog-ng runs as its own daemon. Works much better this way.
> 2. If the answer to 1 was yes it would make a difference. But since it
> isn't then no.
> 3. Could you post a sample of your config file? That might be helpful.
> Also could you post part of your strace results? That would at least give
> us info on where to look for your problem.
>
> Random thoughts...do you have some sort of port monitor that could be
> blocking your default ports? I have seen that before.
>
> Regards.
> Drew
--------------09438475A0686EC866C7E3EF
Content-Type: model/vrml; x-mac-type="3F3F3F3F"; x-mac-creator="3F3F3F3F";
name="strace.syslog-ng"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="strace.syslog-ng"
execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 23 vars */]) = 0
uname({sys="Linux", node="home.electroniceasel.com", ...}) = 0
brk(0) = 0x8059f84
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat64(4, 0xbfffec8c) = -1 ENOSYS (Function not implemented)
fstat(4, {st_mode=S_IFREG|0644, st_size=17563, ...}) = 0
old_mmap(NULL, 17563, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40018000
close(4) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360>\0"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=409599, ...}) = 0
old_mmap(NULL, 89888, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001d000
mprotect(0x40030000, 12064, PROT_NONE) = 0
old_mmap(0x40030000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x12000) = 0x40030000
old_mmap(0x40031000, 7968, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40031000
close(4) = 0
open("/lib/libc.so.6", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0
old_mmap(NULL, 1214792, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40033000
mprotect(0x40153000, 35144, PROT_NONE) = 0
old_mmap(0x40153000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x11f000) = 0x40153000
old_mmap(0x40158000, 14664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40158000
close(4) = 0
open("/lib/libc.so.6", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0
close(4) = 0
munmap(0x40018000, 17563) = 0
getpid() = 25135
brk(0) = 0x8059f84
brk(0x8059fd4) = 0x8059fd4
brk(0x805a000) = 0x805a000
brk(0x805b000) = 0x805b000
open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 4
brk(0x8060000) = 0x8060000
ioctl(4, TCGETS, 0xbffff8c0) = -1 ENOTTY (Inappropriate ioctl for device)
fstat64(4, 0xbffff330) = -1 ENOSYS (Function not implemented)
fstat(4, {st_mode=S_IFREG|0777, st_size=2016, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(4, "# syslog-ng configuration file.\n"..., 8192) = 2016
read(4, "", 4096) = 0
read(4, "", 8192) = 0
ioctl(4, TCGETS, 0xbffff390) = -1 ENOTTY (Inappropriate ioctl for device)
close(4) = 0
munmap(0x40018000, 4096) = 0
fork() = 25136
rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0
pause() = ? ERESTARTNOHAND (To be restarted)
--- SIGTERM (Terminated) ---
--- SIGCHLD (Child exited) ---
rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {0x8049a94, [TERM], SA_RESTART|0x4000000}, 8) = 0
sigreturn() = ? (mask now [])
_exit(0) = ?
--------------09438475A0686EC866C7E3EF
Content-Type: model/vrml; x-mac-type="3F3F3F3F"; x-mac-creator="3F3F3F3F";
name="strace.syslog-ng.25136"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="strace.syslog-ng.25136"
open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 4
getpid() = 25136
write(4, "25136\n", 6) = 6
close(4) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFL) = -1 ENOSYS (Function not implemented)
fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
stat("/dev/log", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0
unlink("/dev/log") = 0
bind(4, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = 0
chown32("/dev/log", 0, 0) = -1 ENOSYS (Function not implemented)
chown("/dev/log", 0, 0) = 0
chmod("/dev/log", 0666) = 0
listen(4, 256) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 5
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
brk(0x8061000) = 0x8061000
gettimeofday({982687040, 137493}, NULL) = 0
getpid() = 25136
open("/etc/resolv.conf", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=78, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(6, "domain electroniceasel.com\nsearc"..., 4096) = 78
read(6, "", 4096) = 0
close(6) = 0
munmap(0x40018000, 4096) = 0
close(5) = 0
write(2, "Error creating AF_INET socket (S"..., 40) = 40
write(2, "Error initializing configuration"..., 43) = 43
getppid() = 25135
kill(25135, SIGTERM) = 0
_exit(2) = ?
--------------09438475A0686EC866C7E3EF--