[syslog-ng]Trying to send log over network

Simeon Johnston simeonuj@eetc.com
Wed, 21 Feb 2001 10:39:05 -0600


This is a multi-part message in MIME format.
--------------09438475A0686EC866C7E3EF
Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 7bit

Here are the configs.

I have added as an attachment the strace output files using "strace -f -ff -o
localfile syslog-ng".

This is the config for the problem conputers.

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source s_sys { unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/var/log/ng/kern.log"); };
destination d_mesg { file("/var/log/ng/messages"); };
destination d_auth { file("/var/log/ng/secure"); };
destination d_mail { file("/var/log/ng/maillog"); };
destination d_spol { file("/var/log/ng/spooler"); };
destination d_boot { file("/var/log/ng/boot.log"); };
destination d_mlal { file("/var/log/ng/emerg.log"); };
destination d_bg { tcp("192.168.1.19:514"); };
destination d_sshd { file("/var/log/ng/sshd.log"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_tcplog      { level(debug); };
filter f_sshd        { match("sshd"); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_tcplog); destination(d_bg); };
log { source(s_sys); filter(f_sshd); destination(d_sshd); };


This is the logserver config

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source s_sys { unix-stream ("/dev/log"); internal(); };
source s_tcp { tcp (ip(192.168.1.1) port(10001)); };

destination d_cons { file("/var/log/ng/kernel"); };
destination d_mesg { file("/var/log/ng/messages"); };
destination d_auth { file("/var/log/ng/secure"); };
destination d_mail { file("/var/log/ng/maillog"); };
destination d_spol { file("/var/log/ng/spooler"); };
destination d_boot { file("/var/log/ng/boot.log"); };
destination d_mlal { file("/var/log/ng/emerg.log"); };
destination d_pptp { file("/var/log/ng/pptpd.log"); };
destination d_daemon { file("/var/log/ng/daemon.log"); };
destination d_firewall { file("/var/log/ng/firewall.log"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not facility(mail,authpriv,kern); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp); };
filter f_pptpd       { match("pptpd"); };
filter f_daemon      { facility(daemon); };
filter f_boot        { facility(local7); };
filter f_firewall    { level(debug); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_pptpd); destination(d_pptp); };
log { source(s_sys); filter(f_daemon); destination(d_daemon); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_tcp); filter(f_firewall); destination(d_firewall); };

Thank you for your help.

sim

"Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" wrote:

> 1. No syslog-ng runs as its own daemon.  Works much better this way.
> 2. If the answer to 1 was yes it would make a difference.  But since it
> isn't then no.
> 3. Could you post a sample of your config file?  That might be helpful.
> Also could you post part of your strace results?  That would at least give
> us info on where to look for your problem.
>
> Random thoughts...do you have some sort of port monitor that could be
> blocking your default ports?  I have seen that before.
>
> Regards.
> Drew

--------------09438475A0686EC866C7E3EF
Content-Type: model/vrml; x-mac-type="3F3F3F3F"; x-mac-creator="3F3F3F3F";
 name="strace.syslog-ng"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="strace.syslog-ng"

execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 23 vars */]) = 0
uname({sys="Linux", node="home.electroniceasel.com", ...}) = 0
brk(0)                                  = 0x8059f84
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 4
fstat64(4, 0xbfffec8c)                  = -1 ENOSYS (Function not implemented)
fstat(4, {st_mode=S_IFREG|0644, st_size=17563, ...}) = 0
old_mmap(NULL, 17563, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40018000
close(4)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360>\0"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=409599, ...}) = 0
old_mmap(NULL, 89888, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001d000
mprotect(0x40030000, 12064, PROT_NONE)  = 0
old_mmap(0x40030000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x12000) = 0x40030000
old_mmap(0x40031000, 7968, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40031000
close(4)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0
old_mmap(NULL, 1214792, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40033000
mprotect(0x40153000, 35144, PROT_NONE)  = 0
old_mmap(0x40153000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x11f000) = 0x40153000
old_mmap(0x40158000, 14664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40158000
close(4)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\300\1"..., 1024) = 1024
fstat(4, {st_mode=S_IFREG|0755, st_size=5155229, ...}) = 0
close(4)                                = 0
munmap(0x40018000, 17563)               = 0
getpid()                                = 25135
brk(0)                                  = 0x8059f84
brk(0x8059fd4)                          = 0x8059fd4
brk(0x805a000)                          = 0x805a000
brk(0x805b000)                          = 0x805b000
open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 4
brk(0x8060000)                          = 0x8060000
ioctl(4, TCGETS, 0xbffff8c0)            = -1 ENOTTY (Inappropriate ioctl for device)
fstat64(4, 0xbffff330)                  = -1 ENOSYS (Function not implemented)
fstat(4, {st_mode=S_IFREG|0777, st_size=2016, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(4, "# syslog-ng configuration file.\n"..., 8192) = 2016
read(4, "", 4096)                       = 0
read(4, "", 8192)                       = 0
ioctl(4, TCGETS, 0xbffff390)            = -1 ENOTTY (Inappropriate ioctl for device)
close(4)                                = 0
munmap(0x40018000, 4096)                = 0
fork()                                  = 25136
rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0
pause() = ? ERESTARTNOHAND (To be restarted)
--- SIGTERM (Terminated) ---
--- SIGCHLD (Child exited) ---
rt_sigaction(SIGTERM, {0x8049a94, [TERM], SA_RESTART|0x4000000}, {0x8049a94, [TERM], SA_RESTART|0x4000000}, 8) = 0
sigreturn()                             = ? (mask now [])
_exit(0)                                = ?

--------------09438475A0686EC866C7E3EF
Content-Type: model/vrml; x-mac-type="3F3F3F3F"; x-mac-creator="3F3F3F3F";
 name="strace.syslog-ng.25136"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="strace.syslog-ng.25136"

open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 4
getpid()                                = 25136
write(4, "25136\n", 6)                  = 6
close(4)                                = 0
socket(PF_UNIX, SOCK_STREAM, 0)         = 4
fcntl64(4, F_GETFL)                     = -1 ENOSYS (Function not implemented)
fcntl(4, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
stat("/dev/log", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0
unlink("/dev/log")                      = 0
bind(4, {sin_family=AF_UNIX, path="                                                                                                    /dev/log"}, 110) = 0
chown32("/dev/log", 0, 0)               = -1 ENOSYS (Function not implemented)
chown("/dev/log", 0, 0)                 = 0
chmod("/dev/log", 0666)                 = 0
listen(4, 256)                          = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 5
fcntl(5, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
brk(0x8061000)                          = 0x8061000
gettimeofday({982687040, 137493}, NULL) = 0
getpid()                                = 25136
open("/etc/resolv.conf", O_RDONLY)      = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=78, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(6, "domain electroniceasel.com\nsearc"..., 4096) = 78
read(6, "", 4096)                       = 0
close(6)                                = 0
munmap(0x40018000, 4096)                = 0
close(5)                                = 0
write(2, "Error creating AF_INET socket (S"..., 40) = 40
write(2, "Error initializing configuration"..., 43) = 43
getppid()                               = 25135
kill(25135, SIGTERM)                    = 0
_exit(2)                                = ?

--------------09438475A0686EC866C7E3EF--