[syslog-ng]Problem with HP-UX 11.0

Brad Arlt arlt@cpsc.ucalgary.ca
Thu, 16 May 2002 12:53:33 -0600 

On Thu, May 16, 2002 at 02:16:58PM -0400, dcntrnoc@cmp.com wrote:
> Hi all,
> 
> I have been running syslog-ng on a handful of Solaris boxes for some time
> now with no problems, and am attempting to get it running on HP-UX.
> I have compiled (with gcc) and installed syslog-ng 1.5.16 and libol 0.3.2 on
> a system running HP-UX 11.00.  I am using the following source statement
> in my config file:
> 
> source s_sys { pipe("/dev/log");  internal();  };

Err... Ah, are you sure that opening a pipe from /dev/log will yeild
what you want?  /dev/log is usually a Unix domain socket, which might
put more in the stream asside from ASCII.  I'd turn off any syslog
daemons you have and just cat /dev/log | od

If your output looks strikingly similar to the output you have seen in
your remote log files, you will know that this is the problem.

I don't have any (nor have I ever used) an HP-UX box, but I'd guess you want

source s_sys { unix-dgram("/dev/log");};

or 

source s_sys { unix-stream("/dev/log");};

This might not be the issue, but its really easy to try, so why not
rule it out.

> The filters are based on facility.  It seems that the only readable output
> in the destination files come from either the internal source
> (ex. May  7 17:47:24 myhost syslog-ng[5675]: SIGHUP received, restarting
> syslog-ng), or
> from a message I sent via logger.  The rest of the output looks like this:

[snip]
> 
> Any ideas?  I don't know quite what to make of this.

As I said above, /dev/log is likely a Unix domain socket.  The other
things you see might be keep alive messages, header information or
other such things (if you are familar with INET domain sockets (TCP)
Unix domain sockets can have similar properties and mechanisms).  All
of which will be binary, not ASCII.
----------------------------------------------------------------------------
   __o		Bradley Arlt				Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca			University Of Calgary
(_)/(_) 	http://pages.cpsc.ucalgary.ca/~arlt/	Computer Science