[syslog-ng]io.c read() error?
Dave Johnson
syslog-ng@lists.balabit.hu
Wed, 30 Mar 2005 16:36:59 -0600
It looks like NTsyslog for each message is:
1] creates a TCP session,
2] sends the message
3] closes TCP
-----
Offhand I'm not familiar with NT syslog, but see if you can keep a
persistant TCP connection with it. A non-optimal solution would be to
filter those messages out with syslog-ng.
- Dave
On Wed, 30 Mar 2005 11:14:43 -0600, SOLIS, ALEX <asolis@oppd.com> wrote:
>
>
>
>
>
>
>
>
>
> I am using syslog-ng 1.6.5 on a Gentoo Linux system running kernel 2.6.9. I
> have recently modified an open source utility called NTsyslog to send
> Windows NT style event logs via TCP to my syslog-ng server. Everything
> seems to work fine except I receive a io.c read() error for every event sent
> over the network via TCP. Anyone have any ideas of what my problem might
> be? Here are a few bits of info:
>
>
>
>
>
> Logs that I see when TCP syslog communication is attempted:
>
>
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3038
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3038
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3039
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:43:48 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3039
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3066
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3066
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3067
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:49:05 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3067
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3077
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3077
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3078
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:53:59 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3078
>
> Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3092
>
> Mar 30 10:58:53 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:58:53 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3092
>
> Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client connected from
> 192.168.11.19, port 3093
>
> Mar 30 10:59:16 src@lookout syslog-ng[3166]: io.c: do_read: read() failed
> (errno 104), Connection reset by peer
>
> Mar 30 10:59:16 src@lookout syslog-ng[3166]: AF_INET client dropped
> connection from 192.168.11.19, port 3093
>
>
>
>
>
> Afinet.c in syslog-ng 1.6.6 sources where io_read() is called:
>
>
>
>
>
> /* af_inet source connection */
>
> static int
>
> do_init_afinet_source_connection(struct log_handler *c,
>
> struct syslog_config *cfg,
>
> struct persistent_config
> *persistent)
>
> {
>
> CAST(afsocket_source_connection, self, c);
>
> if (self->client_addr) {
>
> CAST(inet_address_info, inet, self->client_addr);
>
>
>
> /* SOCK_STREAM */
>
> notice("AF_INET client connected from %S, port
> %i\n",
>
> inet->ip, inet->port);
>
> io_read(self->client,
>
> make_log_reader(0, NULL,
> cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0,
> cfg->bad_hostname, c),
>
>
> make_afsocket_source_close_callback(self));
>
> }
>
> else {
>
> /* SOCK_DGRAM */
>
> io_read(self->client,
>
> make_log_reader(1, NULL,
> cfg->log_msg_size, 0, cfg->check_hostname ? LF_CHECK_HOSTNAME : 0,
> cfg->bad_hostname, c),
>
>
> make_afsocket_source_close_callback(self));
>
> }
>
>
>
> return ST_OK | ST_GOON;
>
> }
>
>
>
> < -----END of CODE ---- >
>
>
>
>
>
> I have been trying to find what values are passed to io_read() and
> make_log_reader() but I have been unsuccessfull.
>
> Thanks in advance for any replies.
>
>
>
>
>
> Alex S.
>
>
>
>
>
>
>
> <p class=MsoNormal><span style='font-size:8.5pt'>This e-mail contains Omaha
> Public Power District's confidential and proprietary information and is for
> use only by the intended recipient. Unless explicitly stated otherwise,
> this e-mail is not a contract offer, amendment, nor acceptance. If you are
> not the intended recipient you are notified that disclosing, copying,
> distributing or taking any action in reliance on the contents of this
> information is strictly prohibited.</p>
>
>