Name
syslog-debun — syslog-ng DEBUg buNdle generator
Synopsis
syslog-debun
[options]
Description
NOTE: The syslog-debun application is distributed with the syslog-ng PE system logging application, and is usually part of the syslog-ng PE package. The latest version of the syslog-ng PE application is available at the syslog-ng page.
This manual page is only an abstract, for the complete documentation of syslog-ng, see the syslog-ng Documentation page.
The syslog-debun tool collects and saves information about your syslog-ng PE installation, making troubleshooting easier, especially if you ask help about your syslog-ng PE related problem.
General Options
- -h
-
Display the help page.
- -l
-
Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with
-d
, then the following parameters will be used for debug mode:-Fev
- -R <directory>
-
The directory where syslog-ng Premium Edition installed instead of
/opt/syslog-ng
. - -W <directory>
-
Set the working directory, where the debug bundle will be saved. Default value:
/tmp
Debug mode options
- -d
-
Start syslog-ng PE in debug mode, using the
-Fedv --enable-core
options.Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter.
- -D <options>
-
Start syslog-ng PE in debug mode, using the specified command-line options. To exit debug mode, press Enter. For details on the available options, see syslog-ng(8).
- -t <seconds>
-
Run syslog-ng PE in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.
- -w <seconds>
-
Wait <seconds> seconds before starting debug mode.
System call tracing
- -s
-
Enable syscall tracing (strace -f or truss -f). Note that using
-s
itself does not enable debug mode, only traces the system calls of an already running syslog-ng PE process. To trace system calls in debug mode, use both the-s
and-d
options.
Packet capture options
- -i <interface>
-
Capture packets only on the specified interface, for example,
eth0
. - -p
-
Capture incoming packets with tcpdump, using the following filter:
port 514 or port 601 or port 53
- -P <options>
-
Capture incoming packets with tcpdump, using the specified filter.
- -t <seconds>
-
Run syslog-ng PE in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.
Examples
syslog-debun
Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.
syslog-debun -l
Similar to syslog-debun, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.
syslog-debun -d
Similar to syslog-debun, but it also stops syslog-ng, then restarts it in debug mode (-Fedv --enable-core
). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.
syslog-debun -s
Trace the system calls (using strace or truss) of an already running syslog-ng PE process.
syslog-debun -d -s
Restart syslog-ng PE in debug mode, and also trace the system calls (using strace or truss) of the syslog-ng PE process.
syslog-debun -p
Run packet capture (pcap, using tcpdump) with the filter: port 514 or port 601 or port 53
Also waits for pressing Enter, like debug mode.
syslog-debun -p -t 10
Noninteractive debug mode: Similar to syslog-debun -p, but automatically exit from tcpdump mode after 10 seconds.
syslog-debun -P "host 1.2.3.4" -D "-Fev --enable-core"
Change the packet-capturing filter from the default to host 1.2.3.4
. Also change debugging parameters from the default to -Fev --enable-core
. Since a timeout (-t
) is not given, waits for pressing Enter.
syslog-debun -p -d -w 5 -t 10
Collect pcap and debug mode output following this scenario:
-
Start packet capture with default parameters (
-p
) -
Wait 5 seconds (
-w 5
) -
Stop syslog-ng
-
Start syslog-ng in debug mode with default parameters (
-d
) -
Wait 10 seconds (
-t 10
) -
Stop syslog-ng debuging
-
Start syslog-ng
-
Stop packet capturing
See also
|
NOTE:
For the detailed documentation of syslog-ng PE see the syslog-ng Documentation page If you experience any problems or need help with syslog-ng, visit the syslog-ng FAQ or the syslog-ng mailing list. For news and notifications about of syslog-ng, visit the syslog-ng Blog. |
Author
This manual page was written by the One Identity Documentation Team <documentation@balabit.com>.
Copyright
Copyright© 2000-2018One Identity. Published under the Creative Commons Attribution-Noncommercial-No Derivative Works (by-nc-nd) 3.0 license. For details, see https://creativecommons.org//. The latest version is always available at the syslog-ng Documentation page.