SYSLOG-NG-DEBUN
Section: The syslo-n-debun manual pag (1)
Updated: 07/16/2025
Index
Return to Main Contents
NAME
syslo-n-debun - syslog-ng DEBUg buNdle generator
SYNOPSIS
-
syslog-ng-debun [options]
DESCRIPTION
NOTE: The
syslog-ng-debun
application is distributed with the system logging application, and is usually part of the package. The latest version of the application is available at .
This manual page is only an abstract, for the complete documentation of syslog-ng, see
m[blue]The syslog-ng Administrator Guidem[][1].
The
syslog-ng-debun
tool collects and saves information about your installation, making troubleshooting easier, especially if you ask help about your related problem.
GENERAL OPTIONS
-r
-
Run
syslog-ng-debun. Using this option is required to actually execute the data collection with
syslog-ng-debun. It is needed to prevent accidentally running
syslog-ng-debun.
-h
-
Display the help page.
-l
-
Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with
-d, then the following parameters will be used for debug mode:-Fev
-R <directory>
-
The directory where is installed instead of
/opt/syslog-ng.
-W <directory>
-
Set the working directory, where the debug bundle will be saved. Default value:
/tmp. The name of the created file is
syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz
DEBUG MODE OPTIONS
-d
-
Start in debug mode, using the
-Fedv --enable-core
options.
Warning! Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter.
-D <options>
-
Start in debug mode, using the specified command-line options. To exit debug mode, press Enter. For details on the available options, see
???.
-t <seconds>
-
Run in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.
-w <seconds>
-
Wait <seconds> seconds before starting debug mode.
SYSTEM CALL TRACING
-s
-
Enable syscall tracing (strace -f
or
truss -f). Note that using
-s
itself does not enable debug mode, only traces the system calls of an already running process. To trace system calls in debug mode, use both the
-s
and
-d
options.
PACKET CAPTURE OPTIONS
Capturing packets requires a packet capture tool on the host. The
syslog-ng-debun
tool attempts to use
tcpdump
on most platforms, except for Solaris, where it uses
snoop.
-i <interface>
-
Capture packets only on the specified interface, for example,
eth0.
-p
-
Capture incoming packets using the following filter:
port 514 or port 601 or port 53
-P <options>
-
Capture incoming packets using the specified filter.
-t <seconds>
-
Run in noninteractive debug mode for <seconds>, and automatically exit debug mode after the specified number of seconds.
EXAMPLES
-
syslog-ng-debun -r
Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.
-
syslog-ng-debun -r -l
Similar to
syslog-ng-debun -r, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.
-
syslog-ng-debun -r -d
Similar to
syslog-ng-debun -r, but it also stops syslog-ng, then restarts it in debug mode (-Fedv --enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.
-
syslog-ng-debun -r -s
Trace the system calls (using
strace
or
truss) of an already running process.
-
syslog-ng-debun -r -d -s
Restart in debug mode, and also trace the system calls (using
strace
or
truss) of the process.
-
syslog-ng-debun -r -p
Run packet capture (pcap) with the filter:
port 514 or port 601 or port 53
Also waits for pressing Enter, like debug mode.
-
syslog-ng-debun -r -p -t 10
Noninteractive debug mode: Similar to
syslog-ng-debun -r -p, but automatically exit after 10 seconds.
-
syslog-ng-debun -r -P "host 1.2.3.4" -D "-Fev --enable-core"
Change the packet-capturing filter from the default to
host 1.2.3.4. Also change debugging parameters from the default to
-Fev --enable-core. Since a timeout (-t) is not given, waits for pressing Enter.
-
syslog-ng-debun -r -p -d -w 5 -t 10
Collect pcap and debug mode output following this scenario:
-
*
Start packet capture with default parameters (-p)
-
*
Wait 5 seconds (-w 5)
-
*
Stop syslog-ng
-
*
Start syslog-ng in debug mode with default parameters (-d)
-
*
Wait 10 seconds (-t 10)
-
*
Stop syslog-ng debugging
-
*
Start syslog-ng
-
*
Stop packet capturing
FILES
/usr/local/bin/loggen
SEE ALSO
syslog-ng.conf(5)
-
Note
For the detailed documentation of see
m[blue]The 4.9 Administrator Guidem[][2]
If you experience any problems or need help with syslog-ng, visit the
m[blue]syslog-ng mailing listm[][3].
For news and notifications about of syslog-ng, visit the
m[blue]syslog-ng blogsm[][4].
AUTHOR
This manual page was written by the Balabit Documentation Team <documentation@balabit.com>.
COPYRIGHT
NOTES
- 1.
-
The syslo-ng Administrator Guide
-
https://www.balabit.com/support/documentation/
- 2.
-
The 4.9 Administrator Guide
-
https://www.balabit.com/documents/syslo-n-os-lates-guides/en/syslo-n-os-guid-admin/html/index.html
- 3.
-
syslo-ng mailing list
-
https://lists.balabit.hu/mailman/listinfo/syslo-ng
- 4.
-
syslo-ng blogs
-
https://syslo-ng.org/blogs/
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- GENERAL OPTIONS
-
- DEBUG MODE OPTIONS
-
- SYSTEM CALL TRACING
-
- PACKET CAPTURE OPTIONS
-
- EXAMPLES
-
- FILES
-
- SEE ALSO
-
- AUTHOR
-
- COPYRIGHT
-
- NOTES
-
|
|
- Running on 
-
:
