SYSLOG-NG-DEBUN(1) The syslog-ng-debun manual pag SYSLOG-NG-DEBUN(1) NAME syslog-ng-debun - syslog-ng DEBUg buNdle generator SYNOPSIS syslog-ng-debun [options] DESCRIPTION NOTE: The syslog-ng-debun application is distributed with the system logging application, and is usually part of the package. The latest version of the application is available at . This manual page is only an abstract, for the complete documentation of syslog-ng, see The syslog-ng Administrator Guide[1]. The syslog-ng-debun tool collects and saves information about your installation, making troubleshooting easier, especially if you ask help about your related problem. GENERAL OPTIONS -r Run syslog-ng-debun. Using this option is required to actually execute the data collection with syslog-ng-debun. It is needed to prevent accidentally running syslog-ng-debun. -h Display the help page. -l Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with -d, then the following parameters will be used for debug mode:-Fev -R The directory where is installed instead of /opt/syslog-ng. -W Set the working directory, where the debug bundle will be saved. Default value: /tmp. The name of the created file is syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz DEBUG MODE OPTIONS -d Start in debug mode, using the -Fedv --enable-core options. Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter. -D Start in debug mode, using the specified command-line options. To exit debug mode, press Enter. For details on the available options, see ???. -t Run in noninteractive debug mode for , and automatically exit debug mode after the specified number of seconds. -w Wait seconds before starting debug mode. SYSTEM CALL TRACING -s Enable syscall tracing (strace -f or truss -f). Note that using -s itself does not enable debug mode, only traces the system calls of an already running process. To trace system calls in debug mode, use both the -s and -d options. PACKET CAPTURE OPTIONS Capturing packets requires a packet capture tool on the host. The syslog-ng-debun tool attempts to use tcpdump on most platforms, except for Solaris, where it uses snoop. -i Capture packets only on the specified interface, for example, eth0. -p Capture incoming packets using the following filter: port 514 or port 601 or port 53 -P Capture incoming packets using the specified filter. -t Run in noninteractive debug mode for , and automatically exit debug mode after the specified number of seconds. EXAMPLES syslog-ng-debun -r Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on. syslog-ng-debun -r -l Similar to syslog-ng-debun -r, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree. syslog-ng-debun -r -d Similar to syslog-ng-debun -r, but it also stops syslog-ng, then restarts it in debug mode (-Fedv --enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle. syslog-ng-debun -r -s Trace the system calls (using strace or truss) of an already running process. syslog-ng-debun -r -d -s Restart in debug mode, and also trace the system calls (using strace or truss) of the process. syslog-ng-debun -r -p Run packet capture (pcap) with the filter: port 514 or port 601 or port 53 Also waits for pressing Enter, like debug mode. syslog-ng-debun -r -p -t 10 Noninteractive debug mode: Similar to syslog-ng-debun -r -p, but automatically exit after 10 seconds. syslog-ng-debun -r -P "host 1.2.3.4" -D "-Fev --enable-core" Change the packet-capturing filter from the default to host 1.2.3.4. Also change debugging parameters from the default to -Fev --enable-core. Since a timeout (-t) is not given, waits for pressing Enter. syslog-ng-debun -r -p -d -w 5 -t 10 Collect pcap and debug mode output following this scenario: o Start packet capture with default parameters (-p) o Wait 5 seconds (-w 5) o Stop syslog-ng o Start syslog-ng in debug mode with default parameters (-d) o Wait 10 seconds (-t 10) o Stop syslog-ng debugging o Start syslog-ng o Stop packet capturing FILES /usr/local/bin/loggen SEE ALSO syslog-ng.conf(5) Note For the detailed documentation of see The 4.6 Administrator Guide[2] If you experience any problems or need help with syslog-ng, visit the syslog-ng mailing list[3]. For news and notifications about of syslog-ng, visit the syslog-ng blogs[4]. AUTHOR This manual page was written by the Balabit Documentation Team . COPYRIGHT NOTES 1. The syslog-ng Administrator Guide https://www.balabit.com/support/documentation/ 2. The 4.6 Administrator Guide https://www.balabit.com/documents/syslog-ng-ose-latest- guides/en/syslog-ng-ose-guide-admin/html/index.html 3. syslog-ng mailing list https://lists.balabit.hu/mailman/listinfo/syslog-ng 4. syslog-ng blogs https://syslog-ng.org/blogs/ 4.6 01/25/2024 SYSLOG-NG-DEBUN(1)