Re: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to central log server

[Tob_Sch at gmx.de]

Hi,

I'm able to reproduce your problem on our AIX 5.3 server.

The syslog-ng is reading from the pipe, but isn't transferring the logs to
the central server (see "truss" output below), although there is a constant
connection between the aix server and the central log server (see "lsof"
output below).
No more informations are coming from debug mode.

That seems to be very strange for me.


root at aix1:/root : truss -p  442538
_poll(0x00000000, 0, 0)         (sleeping...)
_poll(0x00000000, 0, 0)                         = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 187
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 483000)                    = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 99
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 481000)                    = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 114
_poll(0x2FF22940, 2, 100)                       = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 130
_poll(0x2FF22940, 2, 100)                       = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 251
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 481000)    (sleeping...)



root at aix1:/root : lsof | grep 442538
syslog-ng 442538    root  cwd   VDIR              10,11                256 
23236 /syslog-ng (/dev/sysloglv)
syslog-ng 442538    root    0u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    1u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    2u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    3u  FIFO               10,6                  0  
 394 /var (/dev/hd9var)
syslog-ng 442538    root    4u  IPv4 0xf1000d0003ee4b90                0t0  
 TCP aix1:46136->central:5514 (ESTABLISHED)


Greetings, Tobias

> --- Ursprüngliche Nachricht ---
> Von: "Jochen Kirn" <jochen.kirn at gmail.com>
> An: syslog-ng at lists.balabit.hu
> Betreff: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to
> central	log server
> Datum: Mon, 6 Mar 2006 15:24:08 +0100
> 
> Hi all,
> 
> logmessages are being written to the AIX default syslog daemon which
> forwards certain messages to syslog ng via a named pipe
> "/var/adm/syslog.pipe"
> 
> The log messages are being written to the destination "localfile" but not
> to
> the remote syslog ng logging server. Any idea what's going wrong here ?
> the exact same "syslog-ng.conf" works with a HP-UX or Solaris based Syslog
> NG Installation without any problem.
> 
> 
> Setup:
> 
> Syslog NG: 1.6.9 with libol 0.3.17
> System: AIX 5.1 ML8  and AIX 5.3 ML 3
> 
> central logging server is a linux based syslog NG 1.6.9 which can
> successfully receive log messages from other (non aix) hosts.
> 
> syslog-ng.conf:
> 
> ##############
> # Log sources
> #
> source src {
> pipe ("/var/adm/syslog.pipe");
> };
> 
> ##############
> # filters
> #
> filter f_sshd   {program("sshd"); };
> 
> ##############
> # Log destinations
> destination mylogserver{ tcp("logserver" port(514)); };
> destination localfile{ file("/var/tmp/messages"
> template("$YEAR.$MONTH.$DAY
> $HOUR:$MIN:$SEC $HOST $MSG\n") template-escape(yes
> )); };
> 
> ##############
> # Perform the logging
> log { source(src); filter(f_sshd); destination(mylogserver); };
> 
> log { source(src); filter(f_sshd); destination(localfile); };
> 
> 
> regards
> Jochen
> 

-- 
Echte DSL-Flatrate dauerhaft für 0,- Euro*!
"Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl