Fwd: Re: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to central log server

Tob_Sch at gmx.de Tob_Sch at gmx.de
Tue Mar 7 13:21:58 CET 2006


Hi,

after removing your filter in the syslog-ng.conf:

log { source(src); filter(f_sshd); destination(mylogserver); };

=>

log { source(src); destination(mylogserver); };


syslog-ng is writing something, but still there are no logs on the central
server (see below).
Seems, that the filter function of syslog-ng under AIX is different to other
OS.




_poll(0x2FF22950, 2, 424000)    (sleeping...)
_poll(0x2FF22950, 2, 424000)                    = 1
kread(3, " M a r     7   1 3 : 1 0".., 2048)    = 187
_poll(0x2FF22950, 2, 100)                       = 1
kfcntl(5, F_GETFL, 0x2FF21880)                  = 6
kioctl(5, -2147195266, 0x2FF21778, 0x00000000)  = 0
kioctl(5, -2147195267, 0x2FF21778, 0x00000000)  = 0
kfcntl(5, F_SETFL, 0x00000006)                  = 0
recv(5, 0x2FF21820, 1, 2)                       Err#11 EAGAIN
kwrite(5, " < 1 3 > M a r     7   1".., 203)    = 203
_poll(0x2FF22950, 2, 100)                       = 0
_poll(0x2FF22950, 2, 246000)    (sleeping...)








Greetings, Tobias




--- Weitergeleitete Nachricht ---
Von: Tob_Sch at gmx.de
An: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Betreff: Re: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to
central	log server
Datum: Tue, 7 Mar 2006 12:55:03 +0100 (MET)

Hi,

I'm able to reproduce your problem on our AIX 5.3 server.

The syslog-ng is reading from the pipe, but isn't transferring the logs to
the central server (see "truss" output below), although there is a constant
connection between the aix server and the central log server (see "lsof"
output below).
No more informations are coming from debug mode.

That seems to be very strange for me.


root at aix1:/root : truss -p  442538
_poll(0x00000000, 0, 0)         (sleeping...)
_poll(0x00000000, 0, 0)                         = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 187
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 483000)                    = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 99
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 481000)                    = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 114
_poll(0x2FF22940, 2, 100)                       = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 130
_poll(0x2FF22940, 2, 100)                       = 1
kread(3, " M a r     7   1 2 : 3 4".., 2048)    = 251
_poll(0x2FF22940, 2, 100)                       = 0
_poll(0x2FF22940, 2, 481000)    (sleeping...)



root at aix1:/root : lsof | grep 442538
syslog-ng 442538    root  cwd   VDIR              10,11                256 
23236 /syslog-ng (/dev/sysloglv)
syslog-ng 442538    root    0u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    1u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    2u  VCHR               27,1            0t30393  
5026 /dev/pts/1
syslog-ng 442538    root    3u  FIFO               10,6                  0  
 394 /var (/dev/hd9var)
syslog-ng 442538    root    4u  IPv4 0xf1000d0003ee4b90                0t0  
 TCP aix1:46136->central:5514 (ESTABLISHED)


Greetings, Tobias

> --- Ursprüngliche Nachricht ---
> Von: "Jochen Kirn" <jochen.kirn at gmail.com>
> An: syslog-ng at lists.balabit.hu
> Betreff: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to
> central	log server
> Datum: Mon, 6 Mar 2006 15:24:08 +0100
> 
> Hi all,
> 
> logmessages are being written to the AIX default syslog daemon which
> forwards certain messages to syslog ng via a named pipe
> "/var/adm/syslog.pipe"
> 
> The log messages are being written to the destination "localfile" but not
> to
> the remote syslog ng logging server. Any idea what's going wrong here ?
> the exact same "syslog-ng.conf" works with a HP-UX or Solaris based Syslog
> NG Installation without any problem.
> 
> 
> Setup:
> 
> Syslog NG: 1.6.9 with libol 0.3.17
> System: AIX 5.1 ML8  and AIX 5.3 ML 3
> 
> central logging server is a linux based syslog NG 1.6.9 which can
> successfully receive log messages from other (non aix) hosts.
> 
> syslog-ng.conf:
> 
> ##############
> # Log sources
> #
> source src {
> pipe ("/var/adm/syslog.pipe");
> };
> 
> ##############
> # filters
> #
> filter f_sshd   {program("sshd"); };
> 
> ##############
> # Log destinations
> destination mylogserver{ tcp("logserver" port(514)); };
> destination localfile{ file("/var/tmp/messages"
> template("$YEAR.$MONTH.$DAY
> $HOUR:$MIN:$SEC $HOST $MSG\n") template-escape(yes
> )); };
> 
> ##############
> # Perform the logging
> log { source(src); filter(f_sshd); destination(mylogserver); };
> 
> log { source(src); filter(f_sshd); destination(localfile); };
> 
> 
> regards
> Jochen
> 

-- 
Echte DSL-Flatrate dauerhaft für 0,- Euro*!
"Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl

-- 
"Feel free" mit GMX FreeMail!
Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net


More information about the syslog-ng mailing list