Chat now with support
Chat with Support

syslog-ng Premium Edition 6.0.21 - Administration Guide

Preface Chapter 1. Introduction to syslog-ng Chapter 2. The concepts of syslog-ng Chapter 3. Installing syslog-ng Chapter 4. The syslog-ng PE quick-start guide Chapter 5. The syslog-ng PE configuration file Chapter 6. Collecting log messages — sources and source drivers Chapter 7. Sending and storing log messages — destinations and destination drivers Chapter 8. Routing messages: log paths, reliability, and filters Chapter 9. Global options of syslog-ng PE Chapter 10. TLS-encrypted message transfer Chapter 12.  Reliable Log Transfer Protocol™ Chapter 13. Reliability and minimizing the loss of log messages Chapter 14. Manipulating messages Chapter 15. Parsing and segmenting structured messages Chapter 16. Processing message content with a pattern database Chapter 17. Statistics and metrics of syslog-ng Chapter 18. Multithreading and scaling in syslog-ng PE Chapter 19. Troubleshooting syslog-ng Chapter 20. Best practices and examples



syslog-debun — syslog-ng DEBUg buNdle generator


syslog-debun [options]


NOTE: The syslog-debun application is distributed with the syslog-ng PE system logging application, and is usually part of the syslog-ng PE package. The latest version of the syslog-ng PE application is available at the syslog-ng page.

This manual page is only an abstract, for the complete documentation of syslog-ng, see the syslog-ng Documentation page.

The syslog-debun tool collects and saves information about your syslog-ng PE installation, making troubleshooting easier, especially if you ask help about your syslog-ng PE related problem.

General Options


Display the help page.


Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with -d, then the following parameters will be used for debug mode:-Fev

-R <directory>

The directory where syslog-ng Premium Edition installed instead of /opt/syslog-ng.

-W <directory>

Set the working directory, where the debug bundle will be saved. Default value: /tmp

Debug mode options


Start syslog-ng PE in debug mode, using the -Fedv --enable-core options.

Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter.

-D <options>

Start syslog-ng PE in debug mode, using the specified command-line options. To exit debug mode, press Enter. For details on the available options, see syslog-ng(8).

-t <seconds>

Run syslog-ng PE in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.

-w <seconds>

Wait <seconds> seconds before starting debug mode.

System call tracing


Enable syscall tracing (strace -f or truss -f). Note that using -s itself does not enable debug mode, only traces the system calls of an already running syslog-ng PE process. To trace system calls in debug mode, use both the -s and -d options.

Packet capture options

-i <interface>

Capture packets only on the specified interface, for example, eth0.


Capture incoming packets with tcpdump, using the following filter: port 514 or port 601 or port 53

-P <options>

Capture incoming packets with tcpdump, using the specified filter.

-t <seconds>

Run syslog-ng PE in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.



Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.

syslog-debun -l

Similar to syslog-debun, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.

syslog-debun -d

Similar to syslog-debun, but it also stops syslog-ng, then restarts it in debug mode (-Fedv --enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.

syslog-debun -s

Trace the system calls (using strace or truss) of an already running syslog-ng PE process.

syslog-debun -d -s

Restart syslog-ng PE in debug mode, and also trace the system calls (using strace or truss) of the syslog-ng PE process.

syslog-debun -p

Run packet capture (pcap, using tcpdump) with the filter: port 514 or port 601 or port 53 Also waits for pressing Enter, like debug mode.

syslog-debun -p -t 10

Noninteractive debug mode: Similar to syslog-debun -p, but automatically exit from tcpdump mode after 10 seconds.

syslog-debun -P "host"  -D "-Fev --enable-core"

Change the packet-capturing filter from the default to host Also change debugging parameters from the default to -Fev --enable-core. Since a timeout (-t) is not given, waits for pressing Enter.

syslog-debun -p -d -w 5 -t 10

Collect pcap and debug mode output following this scenario:

  • Start packet capture with default parameters (-p)

  • Wait 5 seconds (-w 5)

  • Stop syslog-ng

  • Start syslog-ng in debug mode with default parameters (-d)

  • Wait 10 seconds (-t 10)

  • Stop syslog-ng debuging

  • Start syslog-ng

  • Stop packet capturing



See also



For the detailed documentation of syslog-ng PE see the syslog-ng Documentation page

If you experience any problems or need help with syslog-ng, visit the syslog-ng FAQ or the syslog-ng mailing list.

For news and notifications about of syslog-ng, visit the syslog-ng Blog.


This manual page was written by the One Identity Documentation Team <>.


Copyright© 2000-2018One Identity. Published under the Creative Commons Attribution-Noncommercial-No Derivative Works (by-nc-nd) 3.0 license. For details, see The latest version is always available at the syslog-ng Documentation page.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating