SYSLOG-NG-DEBUN(1) The syslog-ng-debun manual pag SYSLOG-NG-DEBUN(1)
NAME
syslog-ng-debun - syslog-ng DEBUg buNdle generator
SYNOPSIS
syslog-ng-debun [options]
DESCRIPTION
NOTE: The syslog-ng-debun application is distributed with the system
logging application, and is usually part of the package. The latest
version of the application is available at .
This manual page is only an abstract, for the complete documentation of
syslog-ng, see The syslog-ng Administrator Guide[1].
The syslog-ng-debun tool collects and saves information about your
installation, making troubleshooting easier, especially if you ask help
about your related problem.
GENERAL OPTIONS
-r
Run syslog-ng-debun. Using this option is required to actually
execute the data collection with syslog-ng-debun. It is needed to
prevent accidentally running syslog-ng-debun.
-h
Display the help page.
-l
Do not collect privacy-sensitive data, for example, process tree,
fstab, and so on. If you use with -d, then the following parameters
will be used for debug mode:-Fev
-R <directory>
The directory where is installed instead of /opt/syslog-ng.
-W <directory>
Set the working directory, where the debug bundle will be saved.
Default value: /tmp. The name of the created file is
syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz
DEBUG MODE OPTIONS
-d
Start in debug mode, using the -Fedv --enable-core options.
Warning! Using this option under high message load may increase
disk I/O during the debug, and the resulting debug bundle can be
huge. To exit debug mode, press Enter.
-D <options>
Start in debug mode, using the specified command-line options. To
exit debug mode, press Enter. For details on the available options,
see ???.
-t <seconds>
Run in noninteractive debug mode for <seconds>, and automatically
exit debug mode after the specified number of seconds.
-w <seconds>
Wait <seconds> seconds before starting debug mode.
SYSTEM CALL TRACING
-s
Enable syscall tracing (strace -f or truss -f). Note that using -s
itself does not enable debug mode, only traces the system calls of
an already running process. To trace system calls in debug mode,
use both the -s and -d options.
PACKET CAPTURE OPTIONS
Capturing packets requires a packet capture tool on the host. The
syslog-ng-debun tool attempts to use tcpdump on most platforms, except
for Solaris, where it uses snoop.
-i <interface>
Capture packets only on the specified interface, for example, eth0.
-p
Capture incoming packets using the following filter: port 514 or
port 601 or port 53
-P <options>
Capture incoming packets using the specified filter.
-t <seconds>
Run in noninteractive debug mode for <seconds>, and automatically
exit debug mode after the specified number of seconds.
EXAMPLES
syslog-ng-debun -r
Create a simple debug bundle, collecting information about your
environment, for example, list packages containing the word: syslog,
ldd of your syslog-binary, and so on.
syslog-ng-debun -r -l
Similar to syslog-ng-debun -r, but without privacy-sensitive
information. For example, the following is NOT collected: fstab, df
output, mount info, ip / network interface configuration, DNS resolv
info, and process tree.
syslog-ng-debun -r -d
Similar to syslog-ng-debun -r, but it also stops syslog-ng, then
restarts it in debug mode (-Fedv --enable-core). To stop debug mode,
press Enter. The output of the debug mode collected into a separate
file, and also added to the debug bundle.
syslog-ng-debun -r -s
Trace the system calls (using strace or truss) of an already running
process.
syslog-ng-debun -r -d -s
Restart in debug mode, and also trace the system calls (using strace or
truss) of the process.
syslog-ng-debun -r -p
Run packet capture (pcap) with the filter: port 514 or port 601 or port
53 Also waits for pressing Enter, like debug mode.
syslog-ng-debun -r -p -t 10
Noninteractive debug mode: Similar to syslog-ng-debun -r -p, but
automatically exit after 10 seconds.
syslog-ng-debun -r -P "host 1.2.3.4" -D "-Fev --enable-core"
Change the packet-capturing filter from the default to host 1.2.3.4.
Also change debugging parameters from the default to -Fev
--enable-core. Since a timeout (-t) is not given, waits for pressing
Enter.
syslog-ng-debun -r -p -d -w 5 -t 10
Collect pcap and debug mode output following this scenario:
o Start packet capture with default parameters (-p)
o Wait 5 seconds (-w 5)
o Stop syslog-ng
o Start syslog-ng in debug mode with default parameters (-d)
o Wait 10 seconds (-t 10)
o Stop syslog-ng debuging
o Start syslog-ng
o Stop packet capturing
FILES
/usr/bin/loggen
SEE ALSO
syslog-ng.conf(5)
Note
For the detailed documentation of see The 3.27 Administrator
Guide[2]
If you experience any problems or need help with syslog-ng, visit
the syslog-ng mailing list[3].
For news and notifications about of syslog-ng, visit the syslog-ng
blogs[4].
AUTHOR
This manual page was written by the Balabit Documentation Team
<documentation@balabit.com>.
COPYRIGHT
NOTES
1. The syslog-ng Administrator Guide
https://www.balabit.com/support/documentation/
2. The 3.27 Administrator Guide
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html
3. syslog-ng mailing list
https://lists.balabit.hu/mailman/listinfo/syslog-ng
4. syslog-ng blogs
https://syslog-ng.org/blogs/
3.27 06/16/2020 SYSLOG-NG-DEBUN(1)