[syslog-ng]'debug' priority?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Mon, 08 Mar 2004 17:43:40 +0100
2004-03-08, h keltezéssel 15:41-kor Pavel Urban ezt írta:
> I cannot confirm this. Here is an output from truss utility (only
> relevant part):
>
> 16989: open("/etc/syslog-ng.conf", O_RDONLY) = 3
> 16989: ioctl(3, TCGETA, 0xFFBEF8D4) Err#25 ENOTTY
> 16989: fstat64(3, 0xFFBEF2D0) = 0
> 16989: ioctl(3, TCGETA, 0xFFBEF25C) Err#25 ENOTTY
> 16989: read(3, " # s y s l o g - n g ".., 8192) = 2859
> 16989: read(3, 0x00049E24, 8192) = 0
> 16989: ioctl(3, TCGETA, 0xFFBEF334) Err#25 ENOTTY
> 16989: llseek(3, 0, SEEK_CUR) = 2859
> 16989: close(3) = 0
> 16989: time() = 1078752370
> 16989: time() = 1078752370
> 16989: time() = 1078752370
> 16989: poll(0x00000000, 0, 0) = 0
> 16989: door_revoke(5) = 0
> 16989: close(5) Err#9 EBADF
> 16989: time() = 1078752370
> 16989: time() = 1078752370
> 16989: poll(0x00000000, 0, 0) = 0
> 16989: open("/dev/log", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 3
> 16989: ioctl(3, I_STR, 0xFFBEF8C8) = 0
> 16989: stat("/etc/.syslog_door", 0xFFBEF840) = 0
> 16989: umount2("/etc/.syslog_door", 0x00000000) = 0
> 16989: door_create(0x0001DCD0, 0x00000000, 0x00000000) = 5
> 16989: getpid() = 16989 [1]
> 16989: ioctl(5, I_CANPUT, 0x00000000) Err#89 ENOSYS
> 16989: door_info(5, 0xFFBEF7A8) = 0
> 16989: mount("", "/etc/.syslog_door", 0x00000804, "namefs", 0xFFBEF7A4,
> 4) = 0
> 16989: getpid() = 16989 [1]
> 16989: time() = 1078752370
> 16989: open("/var/log/testlog",
> O_WRONLY|O_APPEND|O_NONBLOCK|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 6
> 16989: chown("/var/log/testlog", 0, 0) = 0
> 16989: chmod("/var/log/testlog", 0600) = 0
> here the file has been created and open for appending, but nothing has
> been written to it.
>
Hmm.. I am reading the source but I can't see how it would create a file
beforehand. I also tried strace-ing my syslog-ng process and it really
does not create the file:
open("syslog-ng.conf", O_RDONLY) = 3
ioctl(3, TCGETS, 0xbffff6d0) = -1 ENOTTY (Inappropriate ioctl for device)
fstat64(3, {st_mode=S_IFREG|0644, st_size=232, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(3, "options { gc_idle_threshold(3000"..., 8192) = 232
read(3, "", 4096) = 0
read(3, "", 8192) = 0
ioctl(3, TCGETS, 0xbffff1a0) = -1 ENOTTY (Inappropriate ioctl for device)
close(3) = 0
munmap(0x40018000, 4096) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
write(2, "binding fd 3, inetaddr: 0.0.0.0,"..., 44) = 44
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(2000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
write(2, "io.c: listening on fd 3\n", 24) = 24
listen(3, 256) = 0
write(2, "syslog-ng version 1.6.2 starting"..., 33) = 33
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x8049d0c, [HUP], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x8049d30, [TERM], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGCHLD, {0x8049d54, [CHLD], SA_RESTART}, {SIG_DFL}, 8) = 0
time(NULL) = 1078763989
time(NULL) = 1078763989
poll([{fd=3, events=POLLIN}], 1, 100) = 0
Here's my config file:
options { gc_idle_threshold(3000); gc_busy_threshold(30000); check_hostname(yes); use_dns(no); };
source src { tcp(port(2000)); internal(); };
destination d_spoof { file("varangy"); };
log { source(src); destination(d_spoof); };
now stracing when sending a message (continuing the previous strace
dump):
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 600000) = 1
accept(3, {sa_family=AF_INET, sin_port=htons(33337), sin_addr=inet_addr("127.0.0.1")}, [16]) = 4
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
write(2, "AF_INET client connected from 12"..., 52) = 52
write(2, "io.c: Preparing fd 4 for reading"..., 33) = 33
time(NULL) = 1078764110
poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 2, 100) = 0
poll([{fd=4, events=POLLIN, revents=POLLIN}, {fd=3, events=POLLIN}], 2, 583000)
= 1
read(4, "abcdef\r\n", 2048) = 8
time(NULL) = 1078764112
time(NULL) = 1078764112
open("/etc/localtime", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=866, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(5, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"..., 4096) = 866close(5) = 0
munmap(0x40018000, 4096) = 0
open("varangy", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY|O_LARGEFILE, 0600) = 5
chown32(0x8061458, 0, 0) = -1 EPERM (Operation not permitted)
chmod("varangy", 0600) = 0
fcntl64(5, F_GETFL) = 0x8c01 (flags O_WRONLY|O_NONBLOCK|O_APPEND|O_LARGEFILE)
fcntl64(5, F_SETFL, O_WRONLY|O_NONBLOCK|O_APPEND|O_LARGEFILE) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
Reading the source I still cannot see how it would create the file
during initialization.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1