[syslog-ng]Re: syslog-ng
seberino@spawar.navy.mil
seberino@spawar.navy.mil
Wed, 12 Feb 2003 14:56:54 -0800
Roberto
Thanks. Are you saying if you start syslog-ng before
networking and iptables that syslog-ng
won't start??? So basically you must start it AFTER
filtered network up or else apply your patch? Is that right?
chris
On Wed, Feb 12, 2003 at 10:10:39AM +0100, Roberto Nibali wrote:
> Hello Seberino,
>
> > I saw your name on the syslog-ng mailing list
>
> I saw your name on a lot of mailinglists lately, IIRC :)
>
> > and was hoping I could humbly ask you a newbie question about it
>
> I'm only on the list since January this year but I've been working with
> syslog-ng for about 2 years now, so I might be able to help you.
>
> > if you don't mind. I read manual and could not find
> > this question answered...
>
> The manual is rather sparse with words and assumes that the reader is already
> very familiar with other daemons and Unix processing.
>
> > Can I just start syslog-ng daemon from /etc/rc.d/rc.local
> > (in Linux) like this...
>
> I'm not so sure what Linux distribution you use but I can hardly imagine that
> you start daemons from ../rc.local. There must be a /etc/rc.d/init.d/syslog-ng
> and then some softlinks from your runlevel dir to /etc/rc.d/init.d/syslog-ng
>
> > /usr/local/sbin/syslog-ng &
>
> There is no need to send it in the background since it is a daemon. It will
> fork() and then the calling process will _exit().
>
> > i.e. 1. Do I need any switches on command line?
>
> I do not know your node's requirements and I also do not know your architectural
> approach to logging so it's kind of difficult to make accurate suggestions. What
> you could do is invoke syslog-ng with --help as option and read through those:
>
> # ./syslog-ng --help
> Usage: syslog-ng [options]
> Accept and manage system log messages
>
> Options:
> -s, --syntax-only Only read and parse config file
> -d, --debug Turn on debugging messages
> -v, --verbose Be a bit more verbose
> -F, --foreground Don't fork into background
> -f <fname>, --cfgfile=<fname> Set config file name,
> default=/etc/syslog-ng/syslog-ng.conf
> -V, --version Display version number (syslog-ng 1.5.26)
> -p <fname>, --pidfile=<fname> Set pid file name,
> default=/var/run/syslog-ng.pid
> -C <dir>, --chroot=<dir> Chroot to directory
> -u <user>, --user=<user> Switch to user
> -g <group>, --group=<group> Switch to group
> #
>
> Feel free to submit any of those to your syslog-ng start command line :)
>
> > 2. Is there any danger in not starting logging
> > sooner in boot process??
>
> From you email I cannot see exactly at which point you start the syslog-ng but
> I recommend you to start it early enough or you might loose some important
> messages. There is a problem with starting it early and having strict packet
> filter rules and interface link state down. It's a feature in syslog-ng that it
> will not restart in that case. I've done a simplistic but very useful (for our
> purposes) patch:
>
> --- syslog-ng-1.5.26-template/src/afinet.c Wed Feb 5 16:04:56 2003
> +++ syslog-ng-1.5.26-template-tA/src/afinet.c Thu Feb 6 13:52:33 2003
> @@ -491,7 +491,11 @@
> return ST_OK | ST_GOON;
> }
> else {
> +#if 0
> if (errno == ECONNREFUSED) {
> +#else
> + if ( 1 ) {
> +#endif
> io_callout(self->cfg->backend,
> self->cfg->time_reopen,
> make_driver_reinit(&self->super.super.super, self->cfg));
>
> So if you get your question answered may I humbly ask you to send this to Nate
> Campi <mailto:nate@campin.net> for a possible inclusion into the FAQ? He might
> add it or might not, depending on how generous he is towards newbie questions :)
>
> HTH and best regards,
> Roberto Nibali, ratz
> --
> echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
--
_______________________________________
Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2872
San Diego, CA 92152-6147
U.S.A.
Phone: (619) 553-9973
Fax:
Email: seberino@spawar.navy.mil
_______________________________________