[syslog-ng] syslog-ng Digest, Vol 168, Issue 11
Aguilu, Miguel
miguel.aguilu at atos.net
Tue Apr 9 23:10:58 UTC 2019
If it is a simple typo I do not see it.
But I did remove all sources with the exception of the upd on all filters. So, it is writing the udp traffic to the log. But getting errors:
- You are using the pipe() driver, underlying file is not a FIFO, it should be used by file(); filename='/opt/log/nco'
- Apr 9 19:18:01 eorcrp-dsc-ncsl1-new-ms syslog-ng[15695]: Error opening file for writing; filename='/opt/log/nco', error='Invalid argument (22)'
Regard
Essentially I can write to a log but not a pipe even when create the file as a pipe or let syslog-ng create it - eventually after the creation will start companying it can't write to it.
Not sure if I am missing something the pipe configuration (don’t think so) or there is a bug in this version 3.19/3.14/3.1.
Yes I am on my 3rd version to see if a see anything different. But so far, I am seeing the same behavior
Any thought
Thanks
Miguel
Office - 321.939.7483
Cell - 321.261.1385
PCell – 321.693.5726
miguel.aguilu at atos.net
Upcoming PTO: TBD
On 4/9/19, 2:54 PM, "syslog-ng on behalf of syslog-ng-request at lists.balabit.hu" <syslog-ng-bounces at lists.balabit.hu on behalf of syslog-ng-request at lists.balabit.hu> wrote:
Send syslog-ng mailing list submissions to
syslog-ng at lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cmiguel.aguilu%40atos.net%7C1bf0f75d1a93479d1bb208d6bd1cc141%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C636904328530710257&sdata=SNyd0RVTPga2NVP2KxAcwazr69WZ53RIy3TGJcfduGI%3D&reserved=0
or, via email, send a message with subject or body 'help' to
syslog-ng-request at lists.balabit.hu
You can reach the person managing the list at
syslog-ng-owner at lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: Syslog-ng 3.16 unable to write to pipe (Evan Rempel)
2. Missing http module 3.18.1 CentOS
(Faine, Mark R. (MSFC-IS40)[NICS])
----------------------------------------------------------------------
Message: 1
Date: Tue, 9 Apr 2019 07:57:41 -0700
From: Evan Rempel <erempel at uvic.ca>
To: syslog-ng at lists.balabit.hu
Subject: Re: [syslog-ng] Syslog-ng 3.16 unable to write to pipe
Message-ID: <cf965cf4-ada3-42c7-f875-d7325a4887ec at uvic.ca>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
You keep referring to /opt/log but your configuration is for /var/log/nco.pipe
destination netcool { pipe("/var/log/nco.pipe"); };
Is this a simple typo?
On 4/9/19 6:38 AM, Aguilu, Miguel wrote:
>
> We are in the middle of a project to Migrate from 3.0 to 3.16 (latest in redhat distro)
>
> The standard 3.14 config works fine writing to some standard logs in /var/log
>
> But we need to write special files to /opt/log/
>
> * In this directory will be a file type pipe to be read by a syslog probe (parse messages into alerts). Using the following configuration NG returns unable to write.
>
> source s_dgram
>
> { unix-dgram("/dev/log"); };
>
> source s_kernel
>
> { file("/proc/kmsg" program_override("kernel: ")); };
>
> source s_udp
>
> { udp(); };
>
> destination netcool { pipe("/var/log/nco.pipe"); };
>
> log { source(s_dgram);
>
> source(s_kernel);
>
> source(s_udp); filter(f_NOfwflow);
>
> filter(f_NOdata_cent);
>
> filter(f_NOtacacs);
>
> filter(f_netcool); destination(netcool); };
>
> * Even if I remove the filter I get the same error.
> * Also removed all of the sources with the exception of the upd and got the same error.
> * Changed the file type to file and getting:
> o OLLERR occurred while idle; fd='66'
> o Apr 9 13:17:45 wbucrp-isdmz1a-lb err syslog-ng[2475]: Connection broken; time_reopen='60'
> o Apr 9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: POLLERR occurred while idle; fd='66'
> o Apr 9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: Connection broken; time_reopen='60'
> o Apr 9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: I/O error occurred while writing; fd='38', error='Connection refused (111)'
> o Apr 9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: Connection broken; time_reopen='60'
> o Apr 9 13:17:51 wapcrp-isdmz0a-lb notice syslog-ng[3713]: Suspending write operation because of an I/O error; fd='38', time_reopen='60'
> * The permissions in /opt/log are 777 and owned by root which is the user syslog-ng is running under.
> * Also change the path to where the config was updating file (/varr/log) and attemted to create the pipe and no luck
>
> Here are my global options:
>
> * options {
> * flush_lines (0);
> * # time_reopen (10);
> * log_fifo_size (1000);
> * chain_hostnames (on);
> * use_dns (yes); ## changed test
> * use_fqdn (yes);
> * keep_hostname (yes);
> * owner("root");
> * group("root");
> * create_dirs(yes); #Test
> * dir_perm(0755);
> * perm(0644);
> * };
>
> ANY Ideas?
>
> Thanks
>
> Miguel
>
--
Evan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.balabit.hu%2Fpipermail%2Fsyslog-ng%2Fattachments%2F20190409%2Fe1cbff88%2Fattachment-0001.html&data=02%7C01%7Cmiguel.aguilu%40atos.net%7C1bf0f75d1a93479d1bb208d6bd1cc141%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C636904328530710257&sdata=kC6moockTJth3fBqeySRWwFyBAKvctSZqLBhIR%2BGTH4%3D&reserved=0>
------------------------------
Message: 2
Date: Tue, 9 Apr 2019 18:53:44 +0000
From: "Faine, Mark R. (MSFC-IS40)[NICS]" <mark.faine at nasa.gov>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] Missing http module 3.18.1 CentOS
Message-ID:
<BN6PR09MB14584A6B3A85C39D8AFB049BE92D0 at BN6PR09MB1458.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Forgive me if this is common knowledge or an easy fix but I just installed syslog-ng 3.18.1 on CentOS 7.6.1810 and I'm seeing the following message on startup and when doing syntax checks. It seems to be working otherwise.
[2019-04-09T18:44:57.702909] Plugin module not found in 'module-path'; module-path='//usr/lib64/syslog-ng', module='http'
Thanks,
-Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.balabit.hu%2Fpipermail%2Fsyslog-ng%2Fattachments%2F20190409%2F07dbb19f%2Fattachment.html&data=02%7C01%7Cmiguel.aguilu%40atos.net%7C1bf0f75d1a93479d1bb208d6bd1cc141%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C636904328530710257&sdata=1uB1sPZQyW79fpsEgQ0sh13ndK4MeHiZW1zrAOfMWcQ%3D&reserved=0>
------------------------------
Subject: Digest Footer
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cmiguel.aguilu%40atos.net%7C1bf0f75d1a93479d1bb208d6bd1cc141%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C636904328530710257&sdata=SNyd0RVTPga2NVP2KxAcwazr69WZ53RIy3TGJcfduGI%3D&reserved=0
------------------------------
End of syslog-ng Digest, Vol 168, Issue 11
******************************************
More information about the syslog-ng
mailing list