Man page - syslog-ng-debun(1)

Packages contains this manual

Package:  syslog-ng-core
apt-get install syslog-ng-core

Manuals in package:
• pdbtool(1)
• syslog-ng-ctl(1)
• loggen(1)
• persist-tool(1)
• dqtool(1)
• syslog-ng(8)
• syslog-ng.conf(5)
• syslog-ng-debun(1)
• update-patterndb(1)
Documentations in package:
• syslog-ng-core

Manual

SYSLOG-NG-DEBUN

NAME
SYNOPSIS
DESCRIPTION
GENERAL OPTIONS
DEBUG MODE OPTIONS
SYSTEM CALL TRACING
PACKET CAPTURE OPTIONS
EXAMPLES
FILES
SEE ALSO
AUTHOR
COPYRIGHT
NOTES

---

NAME

syslog-ng-debun - syslog-ng DEBUg buNdle generator

SYNOPSIS

syslog-ng-debun [options]

DESCRIPTION

NOTE: The syslog-ng-debun application is distributed with the system logging application, and is usually part of the package. The latest version of the application is available at .

This manual page is only an abstract, for the complete documentation of syslog-ng, see The syslog-ng Administrator Guide [1] .

The syslog-ng-debun tool collects and saves information about your installation, making troubleshooting easier, especially if you ask help about your related problem.

GENERAL OPTIONS

-r

Run syslog-ng-debun . Using this option is required to actually execute the data collection with syslog-ng-debun . It is needed to prevent accidentally running syslog-ng-debun .

-h

Display the help page.

-l

Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with -d , then the following parameters will be used for debug mode: -Fev

-R <directory>

The directory where is installed instead of /opt/syslog-ng.

-W <directory>

Set the working directory, where the debug bundle will be saved. Default value: /tmp. The name of the created file is syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz

DEBUG MODE OPTIONS

-d

Start in debug mode, using the -Fedv --enable-core options.

Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter.

-D <options>

Start in debug mode, using the specified command-line options. To exit debug mode, press Enter. For details on the available options, see ???.

-t <seconds>

Run in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.

-w <seconds>

Wait <seconds> seconds before starting debug mode.

SYSTEM CALL TRACING

-s

Enable syscall tracing ( strace -f or truss -f ). Note that using -s itself does not enable debug mode, only traces the system calls of an already running process. To trace system calls in debug mode, use both the -s and -d options.

PACKET CAPTURE OPTIONS

Capturing packets requires a packet capture tool on the host. The syslog-ng-debun tool attempts to use tcpdump on most platforms, except for Solaris, where it uses snoop .

-i <interface>

Capture packets only on the specified interface, for example, eth0 .

-p

Capture incoming packets using the following filter: port 514 or port 601 or port 53

-P <options>

Capture incoming packets using the specified filter.

-t <seconds>

Run in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.

EXAMPLES

syslog-ng-debun -r

Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.

syslog-ng-debun -r -l

Similar to syslog-ng-debun -r , but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.

syslog-ng-debun -r -d

Similar to syslog-ng-debun -r , but it also stops syslog-ng, then restarts it in debug mode ( -Fedv --enable-core ). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.

syslog-ng-debun -r -s

Trace the system calls (using strace or truss ) of an already running process.

syslog-ng-debun -r -d -s

Restart in debug mode, and also trace the system calls (using strace or truss ) of the process.

syslog-ng-debun -r -p

Run packet capture (pcap) with the filter: port 514 or port 601 or port 53 Also waits for pressing Enter, like debug mode.

syslog-ng-debun -r -p -t 10

Noninteractive debug mode: Similar to syslog-ng-debun -r -p , but automatically exit after 10 seconds.

syslog-ng-debun -r -P "host 1.2.3.4" -D "-Fev --enable-core"

Change the packet-capturing filter from the default to host 1.2.3.4 . Also change debugging parameters from the default to -Fev --enable-core . Since a timeout ( -t ) is not given, waits for pressing Enter.

syslog-ng-debun -r -p -d -w 5 -t 10

Collect pcap and debug mode output following this scenario:

• Start packet capture with default parameters ( -p )

• Wait 5 seconds ( -w 5 )

• Stop syslog-ng

• Start syslog-ng in debug mode with default parameters ( -d )

• Wait 10 seconds ( -t 10 )

• Stop syslog-ng debugging

• Start syslog-ng

• Stop packet capturing

FILES

/usr/bin/loggen

SEE ALSO

syslog-ng.conf (5)

Note

For the detailed documentation of see The 4.8 Administrator Guide [2]

If you experience any problems or need help with syslog-ng, visit the syslog-ng mailing list [3] .

For news and notifications about of syslog-ng, visit the syslog-ng blogs [4] .

AUTHOR

This manual page was written by the Balabit Documentation Team <documentation@balabit.com>.

COPYRIGHT

NOTES

1.

The syslog-ng Administrator Guide

https://www.balabit.com/support/documentation/

2.

The 4.8 Administrator Guide

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html

3.

syslog-ng mailing list

https://lists.balabit.hu/mailman/listinfo/syslog-ng

4.

syslog-ng blogs

https://syslog-ng.org/blogs/

---