headers
Luong Xuan Thang | 1 Sep 2006 09:55
Picon
Favicon

Re: Installation options

Hi
I want to souvernia money image of vietnamese. It cost one thounsand vietnam dong
Regards

Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail.
_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
Anshul Saxena | 1 Sep 2006 17:03
Picon

syslog.err

Hi,
I am trying to send syslog-ng error messages over stunnel

My client side's stunnel.conf file is :

client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
#verify = 1
[5140]
        accept = 127.0.0.1:514
        connect = 10.105.1.25:5140





My server side's stunnel.conf file is  :
chroot = /chroot/stunnel
setuid = stunnel
setgid = stunnel
pid = /stunnel.pid
debug = mail.notice
client = no
#cert = /etc/stunnel/stunnel.pem
cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem

#verify = 1
verify = 3
service = syslog-ng


#Service-level configuration
[syslog-ng]
accept = 5140
connect = 127.0.0.1:514


But at runtime , I am getting the following error message at client :

 <syslog.err> syslog-ng[32460]: I/O error occurred while writing; fd='7', error='Broken pipe (32)'


I don't understand what the number 32460 means here. If it is the port number running syslog-ng then why is it not 514 as marked in the accept parameter of the client ?

Kindly let me know where to look for the bug

Regards

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
G.W. Haywood | 2 Sep 2006 00:04
Picon
Favicon

Messages concatenated on one line in log file.

Hi folks,

Using 2.0rc1 I find lines like this in /var/log/messages:

Sep  1 22:18:32 mail3 	by lists.balabit.hu (Postfix) with ESMTP id 83E8A4C117
Sep  1 22:18:32 mail3 	for <ged <at> jubileegroup.co.uk>; Fri,  1 Sep 2006 23:18:17 +0200 (CEST)')<31>Sep  1
22:18:32 milter-regex[20073]: 212.92.18.33: cb_header('MIME-Version', '1.0')
Sep  1 22:18:32 mail3 	<syslog-ng.lists.balabit.hu>')<31>Sep  1 22:18:32 milter-regex[20073]:
212.92.18.33: cb_header('X-List-Administrivia', 'yes')

Sorry if the three lines above wrap for you.  I haven't attempted to
break them.  They are imported using an editor, not copy-n-paste, so
that non-printing characters are reproduced correctly in the mail.
Each line above has a tab character after the string "mail3 ", which
is the hostname followed by a single space.

There are two problems.  First, these lines shouldn't be written to
this log at all.  Second, some of the lines are being concatenated
onto a single line instead of being written to two lines.  Instead of
three lines above, there should have been five lines.  The <facility,
priority> info is visible at the points where the lines are joined.

The lines that you see here are produced by a sendmail milter called
'milter-regex' which is supposed to be logging with facility 'daemon'
and according to the syslog-ng configuration messages from this milter
should not appear in the 'messages' file at all.  Most of them don't
(milter-regex is producing a _lot_ of output), but mail message header
continuation lines do.  A log message following a header continuation
line is concatenated to it, and the filter doesn't seem to notice it.
The lines that incorrectly appear in 'messages' do not appear in the
correct file, which is 'mail.milter-regex' in the config below.

Any ideas?

--

73,
Ged.

===========================================================================
# Relevant extracts from configuration:
===========================================================================
options {long_hostnames(off);sync(0);perm(0640);stats(3600);mark_freq(0);};
source src { internal(); unix-dgram("/dev/log"); };
...
# output from milter-regex is facility daemon
filter f_mailmrx     { facility(daemon); };
# facility daemon should not go to 'messages'
filter f_messages    { not facility(news, mail, daemon) and not ...  };
# most facility daemon messages are correctly written to 'mail.milter-regex'
destination mailmrx  { file("/var/log/mail.milter-regex"); };
# but some make it to 'messages'
destination messages { file("/var/log/messages");          };
...
log { source(src); filter(f_mailmrx);    destination(mailmrx);   };
log { source(src); filter(f_messages);   destination(messages);  };
...
_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 2 comments |
headers
Evan Rempel | 2 Sep 2006 01:28
Picon
Picon
Favicon

Re: Messages concatenated on one line in log file.

Is syslong-ng running on the host that produced these messages.
I have a number of hosts running standard syslog, that send thier 
messages to a sylog-ng server, a standard syslog server, and log to 
local files (don't ask why we do all three :-)

The source server that is running standard syslog software seems to 
generate the concatenated messages because the end up in the local 
files, in the standard syslog server, and in the syslong-ng server.

As soon as I replace the standard syslog software on the source server 
with syslog-ng (I am running 1.6 series) this problem goes away.

Evan.

G.W. Haywood wrote:
> Hi folks,
> 
> Using 2.0rc1 I find lines like this in /var/log/messages:
> 
> Sep  1 22:18:32 mail3 	by lists.balabit.hu (Postfix) with ESMTP id 83E8A4C117
> Sep  1 22:18:32 mail3 	for <ged <at> jubileegroup.co.uk>; Fri,  1 Sep 2006 23:18:17 +0200 (CEST)')<31>Sep  1
22:18:32 milter-regex[20073]: 212.92.18.33: cb_header('MIME-Version', '1.0')
> Sep  1 22:18:32 mail3 	<syslog-ng.lists.balabit.hu>')<31>Sep  1 22:18:32 milter-regex[20073]:
212.92.18.33: cb_header('X-List-Administrivia', 'yes')
> 
> Sorry if the three lines above wrap for you.  I haven't attempted to
> break them.  They are imported using an editor, not copy-n-paste, so
> that non-printing characters are reproduced correctly in the mail.
> Each line above has a tab character after the string "mail3 ", which
> is the hostname followed by a single space.
> 
> There are two problems.  First, these lines shouldn't be written to
> this log at all.  Second, some of the lines are being concatenated
> onto a single line instead of being written to two lines.  Instead of
> three lines above, there should have been five lines.  The <facility,
> priority> info is visible at the points where the lines are joined.
> 
> The lines that you see here are produced by a sendmail milter called
> 'milter-regex' which is supposed to be logging with facility 'daemon'
> and according to the syslog-ng configuration messages from this milter
> should not appear in the 'messages' file at all.  Most of them don't
> (milter-regex is producing a _lot_ of output), but mail message header
> continuation lines do.  A log message following a header continuation
> line is concatenated to it, and the filter doesn't seem to notice it.
> The lines that incorrectly appear in 'messages' do not appear in the
> correct file, which is 'mail.milter-regex' in the config below.
> 
> Any ideas?
> 
> --
> 
> 73,
> Ged.
> 
> ===========================================================================
> # Relevant extracts from configuration:
> ===========================================================================
> options {long_hostnames(off);sync(0);perm(0640);stats(3600);mark_freq(0);};
> source src { internal(); unix-dgram("/dev/log"); };
> ...
> # output from milter-regex is facility daemon
> filter f_mailmrx     { facility(daemon); };
> # facility daemon should not go to 'messages'
> filter f_messages    { not facility(news, mail, daemon) and not ...  };
> # most facility daemon messages are correctly written to 'mail.milter-regex'
> destination mailmrx  { file("/var/log/mail.milter-regex"); };
> # but some make it to 'messages'
> destination messages { file("/var/log/messages");          };
> ...
> log { source(src); filter(f_mailmrx);    destination(mailmrx);   };
> log { source(src); filter(f_messages);   destination(messages);  };
> ...
> _______________________________________________
> syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
G.W. Haywood | 2 Sep 2006 12:27
Picon
Favicon

Re: Messages concatenated on one line in log file.

Hi there,

On Sat, 2 Sep 2006 Evan Rempel wrote:

> Is syslong-ng running on the host that produced these messages.

Yes.  Sorry, I should have said.

> (don't ask why we do all three :-)

OK.  I understand.  :)

> As soon as I replace the standard syslog software on the source server
> with syslog-ng (I am running 1.6 series) this problem goes away.

My logs are all on the local machines, I don't do any remote logging
(yet:).  Thanks for the tip, though, it might help shed some light on
the issue eventually.

--

73,
Ged.
_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
Balazs Scheidler | 4 Sep 2006 12:18
Picon

Re: Messages concatenated on one line in log file.

On Fri, 2006-09-01 at 23:04 +0100, G.W. Haywood wrote:
> Hi folks,
> 
> Using 2.0rc1 I find lines like this in /var/log/messages:
> 
> Sep  1 22:18:32 mail3 	by lists.balabit.hu (Postfix) with ESMTP id 83E8A4C117
> Sep  1 22:18:32 mail3 	for <ged <at> jubileegroup.co.uk>; Fri,  1 Sep 2006 23:18:17 +0200 (CEST)')<31>Sep  1
22:18:32 milter-regex[20073]: 212.92.18.33: cb_header('MIME-Version', '1.0')
> Sep  1 22:18:32 mail3 	<syslog-ng.lists.balabit.hu>')<31>Sep  1 22:18:32 milter-regex[20073]:
212.92.18.33: cb_header('X-List-Administrivia', 'yes')
> 
> Sorry if the three lines above wrap for you.  I haven't attempted to
> break them.  They are imported using an editor, not copy-n-paste, so
> that non-printing characters are reproduced correctly in the mail.
> Each line above has a tab character after the string "mail3 ", which
> is the hostname followed by a single space.
> 
> There are two problems.  First, these lines shouldn't be written to
> this log at all.  Second, some of the lines are being concatenated
> onto a single line instead of being written to two lines.  Instead of
> three lines above, there should have been five lines.  The <facility,
> priority> info is visible at the points where the lines are joined.
> 
> The lines that you see here are produced by a sendmail milter called
> 'milter-regex' which is supposed to be logging with facility 'daemon'
> and according to the syslog-ng configuration messages from this milter
> should not appear in the 'messages' file at all.  Most of them don't
> (milter-regex is producing a _lot_ of output), but mail message header
> continuation lines do.  A log message following a header continuation
> line is concatenated to it, and the filter doesn't seem to notice it.
> The lines that incorrectly appear in 'messages' do not appear in the
> correct file, which is 'mail.milter-regex' in the config below.
> 
> Any ideas?

Can you check if this patch fixes the problem (syslog-ng 1.6 and 2.0 had
a different behaviour regarding messages received on a datagram
transport, this change should move them to unison). This patch only
helps if you indeed using datagram transport (unix-dgram or udp()),
otherwise it will not change a thing:

--- orig/src/logreader.c
+++ mod/src/logreader.c
 <at>  <at>  -193,7 +193,7  <at>  <at>  log_reader_handle_line(LogReader *self,
  * log_reader_iterate_buf:
  *  <at> self: LogReader instance
  *  <at> saddr: socket address to be assigned to new messages (consumed!)
- *  <at> flush:
+ *  <at> flush: whether to flush the input buffer
  *  <at> msg_counter: the number of messages processed in the current poll iteration
  *
  **/
 <at>  <at>  -224,14 +224,13  <at>  <at>  log_reader_iterate_buf(LogReader *self,
   if (self->flags & LR_LOCAL)
     parse_flags |= LF_LOCAL;

-  if (!eol &&
-      ((self->ofs == self->options->msg_size) ||
-       ((self->flags & LR_PKTTERM) && self->ofs) ||
-       self->options->padding ||
-       flush))
+  if ((self->flags & LR_PKTTERM) ||
+      (!eol && (self->ofs == self->options->msg_size)) ||
+      self->options->padding ||
+      flush)
     {
       /* our buffer is full, or
-       * we are set to packet terminating mode and there's no terminating new line, or
+       * we are set to packet terminating mode, or
        * we are in padded mode HP-UX
        */
       length = (self->options->padding

--

-- 
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
news gonzo news gonzo | 4 Sep 2006 16:51
Picon
Favicon

Compilation problems under RH AS3

Hello, 
I have some problem to install syslog-ng 2rc1. 
The install/compilation of glib and eventlog worked
fine.
Besides, the ./configure of syslog is also OK. But
after the make I have this error :
gcc: cannot specify -o with -c or -S and multiple
compilations

So what can I do for fixing this ?

Regards.

	
 p3.vert.ukl.yahoo.com uncompressed/chunked Mon Sep  4 14:33:45 GMT 2006 
	
		
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 4 comments |
headers
Balazs Scheidler | 5 Sep 2006 09:20
Picon

Re: Compilation problems under RH AS3

On Mon, 2006-09-04 at 16:51 +0200, news gonzo news gonzo wrote:
> Hello, 
> I have some problem to install syslog-ng 2rc1. 
> The install/compilation of glib and eventlog worked
> fine.
> Besides, the ./configure of syslog is also OK. But
> after the make I have this error :
> gcc: cannot specify -o with -c or -S and multiple
> compilations
> 
> 
> So what can I do for fixing this ?
> 
> Regards.

You might be using an old set of autoconf tools, but if you'd paste the
compilation output we might be more helpful.

--

-- 
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 3 comments |
headers
news gonzo news gonzo | 5 Sep 2006 10:43
Picon
Favicon

RE : Re: Compilation problems under RH AS3

Thx for your help
First of all, I needed to export eventlog var like
this:
export EVTLOG_LIBS=/usr/local/lib
export EVTLOG_CFLAGS=/usr/local/lib

because of this errors :
checking for EVTLOG... Package eventlog was not found
in the pkg-config search path.
Perhaps you should add the directory containing
`eventlog.pc'
to the PKG_CONFIG_PATH environment variable
No package 'eventlog' found
configure: error: Package requirements (eventlog) were
not met:

Consider adjusting the PKG_CONFIG_PATH environment
variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables
EVTLOG_CFLAGS
and EVTLOG_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

then the ./configure works
here is the result of make :

make  all-recursive
make[1]: Entering directory
`/root/syslog-ng/syslog-ng-2.0rc1'
Making all in src
make[2]: Entering directory
`/root/syslog-ng/syslog-ng-2.0rc1/src'
if gcc -DHAVE_CONFIG_H -I. -I. -I..  
-I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  
/usr/local/lib -D_GNU_SOURCE  -g -O2 -Wall -g -MT
misc.o -MD -MP -MF ".deps/misc.Tpo" \
  -c -o misc.o `test -f 'misc.c' || echo './'`misc.c;
\
then mv -f ".deps/misc.Tpo" ".deps/misc.Po"; \
else rm -f ".deps/misc.Tpo"; exit 1; \
fi
gcc: cannot specify -o with -c or -S and multiple
compilations
make[2]: *** [misc.o] Error 1
make[2]: Leaving directory
`/root/syslog-ng/syslog-ng-2.0rc1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/root/syslog-ng/syslog-ng-2.0rc1'
make: *** [all] Error 2

Besides I installed glib with the rpm from redhat
network.

I hope you have enought informations

Regards.
--- Balazs Scheidler <bazsi <at> balabit.hu> a écrit :

> On Mon, 2006-09-04 at 16:51 +0200, news gonzo news
> gonzo wrote:
> > Hello, 
> > I have some problem to install syslog-ng 2rc1. 
> > The install/compilation of glib and eventlog
> worked
> > fine.
> > Besides, the ./configure of syslog is also OK. But
> > after the make I have this error :
> > gcc: cannot specify -o with -c or -S and multiple
> > compilations
> > 
> > 
> > So what can I do for fixing this ?
> > 
> > Regards.
> 
> You might be using an old set of autoconf tools, but
> if you'd paste the
> compilation output we might be more helpful.
> 
> -- 
> Bazsi
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
> 
> 

	

	
		
___________________________________________________________________________ 
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. 
http://fr.answers.yahoo.com 

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 2 comments |
headers
Balazs Scheidler | 5 Sep 2006 17:08
Picon

Re: RE : Re: Compilation problems under RH AS3

On Tue, 2006-09-05 at 10:43 +0200, news gonzo news gonzo wrote:
> Thx for your help
> First of all, I needed to export eventlog var like
> this:
> export EVTLOG_LIBS=/usr/local/lib
> export EVTLOG_CFLAGS=/usr/local/lib
> 
> because of this errors :
> checking for EVTLOG... Package eventlog was not found
> in the pkg-config search path.
> Perhaps you should add the directory containing
> `eventlog.pc'
> to the PKG_CONFIG_PATH environment variable
> No package 'eventlog' found
> configure: error: Package requirements (eventlog) were
> not met:
> 
> Consider adjusting the PKG_CONFIG_PATH environment
> variable if you
> installed software in a non-standard prefix.
> 
> Alternatively, you may set the environment variables
> EVTLOG_CFLAGS
> and EVTLOG_LIBS to avoid the need to call pkg-config.
> See the pkg-config man page for more details.
> 
> 
> then the ./configure works
> here is the result of make :
> 
> make  all-recursive
> make[1]: Entering directory
> `/root/syslog-ng/syslog-ng-2.0rc1'
> Making all in src
> make[2]: Entering directory
> `/root/syslog-ng/syslog-ng-2.0rc1/src'
> if gcc -DHAVE_CONFIG_H -I. -I. -I..  
> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  
> /usr/local/lib -D_GNU_SOURCE  -g -O2 -Wall -g -MT
> misc.o -MD -MP -MF ".deps/misc.Tpo" \
>   -c -o misc.o `test -f 'misc.c' || echo './'`misc.c;
> \
> then mv -f ".deps/misc.Tpo" ".deps/misc.Po"; \
> else rm -f ".deps/misc.Tpo"; exit 1; \
> fi
> gcc: cannot specify -o with -c or -S and multiple
> compilations
> make[2]: *** [misc.o] Error 1
> make[2]: Leaving directory
> `/root/syslog-ng/syslog-ng-2.0rc1/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory
> `/root/syslog-ng/syslog-ng-2.0rc1'
> make: *** [all] Error 2
> 
> Besides I installed glib with the rpm from redhat
> network.
> 
> I hope you have enought informations

Hm. it would be better if you could use pkg-config instead of specifying
EVTLOG_{CFLAGS,LIBS} directly

Are you regenerating the configure/libtool/automake files or are you
using the distributed copies?

The reason of the error probably is that "-o misc.o " is present twice
on the command line.

This is how the compilation looks like on my host:

if gcc -DHAVE_CONFIG_H -I. -I/home/bazsi/zwa/work/syslog-ng-2.0/syslog-ng/src \
	-I..   -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   \
	-I/home/bazsi/zwa/install/syslog-ng-2.0/include/eventlog   \
	-D_GNU_SOURCE  -Wall -g -MT misc.o -MD -MP -MF ".deps/misc.Tpo" \
          -c -o misc.o `test -f '/home/bazsi/zwa/work/syslog-ng-2.0/syslog-ng/src/misc.c' || echo
'/home/bazsi/zwa/work/syslog-ng-2.0/syslog-ng/src/'`/home/bazsi/zwa/work/syslog-ng-2.0/syslog-ng/src/misc.c; \
        then mv -f ".deps/misc.Tpo" ".deps/misc.Po"; \
        else rm -f ".deps/misc.Tpo"; exit 1; \
        fi

As you see there's only one "-o misc.o" part on the command line, not twice as in yours.

--

-- 
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng <at> lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 1 comment |

Gmane