[syslog-ng] Using usertty

Alexandre Santos alexandre.rosas.santos at gmail.com
Tue Oct 27 09:20:05 UTC 2020


Hi Gabor,

I am running a Debian buster in a VBox guest.

Can you check which terminals are the user 'thanos' logged in?






*root at debian10st:/home/thanos# w thanos 09:15:47 up 22:00,  4 users,  load
average: 0.00, 0.02, 0.00USER     TTY      FROM             LOGIN@   IDLE
JCPU   PCPU WHATthanos   ttyS0    -                Mon20    8:27   0.05s
 0.04s -bashthanos   pts/0    10.0.2.2         Mon20   12:54m  0.03s  0.03s
-bashthanos   pts/1    10.0.2.2         Mon20   12:50m  0.12s  0.18s sshd:
thanos [priv]thanos   pts/2    10.0.2.2         Mon20    1.00s  0.04s
 0.20s sshd: thanos [priv]*

Here are the serial configurations:

















*root at debian10st:/home/thanos# stty -F /dev/ttyS0 -aspeed 9600 baud; rows
24; columns 80; line = 0;intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof =
^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S;
susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard = <undef>; min
= 1; time = 0;-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal
-crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl
ixon ixoff -iuclc -ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr
-onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon -iexten -echo
echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho
-extprocroot at debian10st:/home/thanos# stty -F /dev/pts/0 -aspeed 38400
baud; rows 50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill
= ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q;
stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = <undef>;discard =
<undef>; min = 1; time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread
-clocal -crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr
-igncr -icrnl ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl
onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig -icanon
iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl
echoke -flusho -extproc*









*root at debian10st:/home/thanos# stty -F /dev/pts/1 -aspeed 38400 baud; rows
50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof
= ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop =
^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1;
time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal
-crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl
ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr
-onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe
echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho
-extproc*









*root at debian10st:/home/thanos# stty -F /dev/pts/2 -aspeed 38400 baud; rows
50; columns 184; line = 0;intr = ^C; quit = ^\; erase = ^H; kill = ^U; eof
= ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop =
^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;discard = ^O; min = 1;
time = 0;-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal
-crtscts-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl
ixon -ixoff -iuclc ixany -imaxbel iutf8opost -olcuc -ocrnl onlcr -onocr
-onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0isig icanon iexten echo echoe
echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho
-extproc*

Thanks,
Alex

On Mon, Oct 26, 2020 at 10:59 AM Gabor Nagy (gnagy) <
Gabor.Nagy at oneidentity.com> wrote:

> Hi Alex!
>
> I've checked your attachments and I see that the messages are sent to
> pseudo-terminals and the serial port too:
> [2020-10-23T16:40:20.647481] Posting message to user terminal;
> user='thanos', line='/dev/ttyS0'
> [2020-10-23T16:40:20.647518] Posting message to user terminal;
> user='thanos', line='/dev/pts/0'
> [2020-10-23T16:40:20.647530] Posting message to user terminal;
> user='thanos', line='/dev/pts/1'
> [2020-10-23T16:40:20.647541] Posting message to user terminal;
> user='thanos', line='/dev/pts/2'
>
> Can you check which terminals are the user 'thanos' logged in?
> E.g. use the following command on the command line:
> $w thanos
>
> If you don't see a tty with ssh login, that can explain it.
>
> About the serial port, maybe it's misconfigured.
> Syslog-ng uses simple open/write calls on the device files , e.g.
> /dev/ttyS0. Can you try out if you can write in the /dev/ttyS0 file with a
> simple "echo test" command, please?
> Can you tell us a bit more about your host and how did you set up the
> serial port?
>
> Regards,
> Gabor
> ------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> Alexandre Santos <alexandre.rosas.santos at gmail.com>
> *Sent:* Friday, October 23, 2020 17:46
> *To:* Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> *Subject:* [syslog-ng] Using usertty
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> Hi,
> I am trying to use usertty(*) to send log all messages with severity equal
> or higher than critical to every user logged.
>
> But I am not getting any messages in serial port or ssh.
>
> I am sending the configurations and the debug log in attachment.
>
> Can you help me to understand what is happening?
>
> Thanks in advance,
> Alex
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20201027/2e13253b/attachment.html>


More information about the syslog-ng mailing list