SYSLOG-NG-DEBUN(1) | The syslog-ng-debun manual pag | SYSLOG-NG-DEBUN(1) |
NAME¶
syslog-ng-debun - syslog-ng DEBUg buNdle generator
SYNOPSIS¶
syslog-ng-debun [options]
DESCRIPTION¶
NOTE: The syslog-ng-debun application is distributed with the system logging application, and is usually part of the package. The latest version of the application is available at .
This manual page is only an abstract, for the complete documentation of syslog-ng, see The syslog-ng Administrator Guide[1].
The syslog-ng-debun tool collects and saves information about your installation, making troubleshooting easier, especially if you ask help about your related problem.
GENERAL OPTIONS¶
-r
-h
-l
-R <directory>
-W <directory>
DEBUG MODE OPTIONS¶
-d
Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter.
-D <options>
-t <seconds>
-w <seconds>
SYSTEM CALL TRACING¶
-s
PACKET CAPTURE OPTIONS¶
Capturing packets requires a packet capture tool on the host. The syslog-ng-debun tool attempts to use tcpdump on most platforms, except for Solaris, where it uses snoop.
-i <interface>
-p
-P <options>
-t <seconds>
EXAMPLES¶
syslog-ng-debun -r
Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.
syslog-ng-debun -r -l
Similar to syslog-ng-debun -r, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.
syslog-ng-debun -r -d
Similar to syslog-ng-debun -r, but it also stops syslog-ng, then restarts it in debug mode (-Fedv --enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.
syslog-ng-debun -r -s
Trace the system calls (using strace or truss) of an already running process.
syslog-ng-debun -r -d -s
Restart in debug mode, and also trace the system calls (using strace or truss) of the process.
syslog-ng-debun -r -p
Run packet capture (pcap) with the filter: port 514 or port 601 or port 53 Also waits for pressing Enter, like debug mode.
syslog-ng-debun -r -p -t 10
Noninteractive debug mode: Similar to syslog-ng-debun -r -p, but automatically exit after 10 seconds.
syslog-ng-debun -r -P "host 1.2.3.4" -D "-Fev --enable-core"
Change the packet-capturing filter from the default to host 1.2.3.4. Also change debugging parameters from the default to -Fev --enable-core. Since a timeout (-t) is not given, waits for pressing Enter.
syslog-ng-debun -r -p -d -w 5 -t 10
Collect pcap and debug mode output following this scenario:
FILES¶
/usr/bin/loggen
SEE ALSO¶
Note
For the detailed documentation of see The 4.8 Administrator Guide[2]
If you experience any problems or need help with syslog-ng, visit the syslog-ng mailing list[3].
For news and notifications about of syslog-ng, visit the syslog-ng blogs[4].
AUTHOR¶
This manual page was written by the Balabit Documentation Team <documentation@balabit.com>.
COPYRIGHT¶
NOTES¶
- 1.
- The syslog-ng Administrator Guide
- 2.
- The 4.8 Administrator Guide
- 3.
- syslog-ng mailing list
- 4.
- syslog-ng blogs
01/07/2025 | 4.8 |