The syslog-ng-debun manual page

syslog-ng-debun --- syslog-ng DEBUg buNdle generator

SYNOPSIS

syslog-ng-debun [options]

DESCRIPTION

NOTE: The syslog-ng-debun application is distributed with the syslog-ng OSE system logging application, and is usually part of the syslog-ng OSE package. The latest version of the syslog-ng OSE application is available at the syslog-ng OSE page.

This manual page is only an abstract.

The syslog-ng-debun tool collects and saves information about your syslog-ng OSE installation, making troubleshooting easier, especially if you ask help about your syslog-ng OSE related problem.

GENERAL OPTIONS

-r

<a href="/syslog-ng.github.io/dev-guide/chapter_4/section_2/README#run" class="nav-link content-tooltip">Run</a> syslog-ng-debun. Using this option is required to actually
execute the data collection with syslog-ng-debun. It is needed to
prevent accidentally running syslog-ng-debun.

-h

Display the help page.

-l

Do not collect privacy-sensitive data, for example, process tree,
fstab, and so on. If you use with -d, then the following parameters
will be used for debug mode:-Fev

-R <directory>

The directory where syslog-ng PE is installed instead of
/opt/syslog-ng.

-W <directory>

Set the working directory, where the debug bundle will be saved.
Default value: /tmp. The name of the created file is
syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz

DEBUG MODE OPTIONS

-d

<a href="/syslog-ng.github.io/admin-guide/070_Destinations/270_sql/002_Interaction/README#start" class="nav-link content-tooltip">Start</a> <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#syslog-ng-ose" class="nav-link content-tooltip">syslog-ng OSE</a> in debug mode, using the -Fedv \--enable-core
options.

![](/syslog-ng.github.io/assets/images/caution.png) **CAUTION:**
Using this option under high message load may increase disk I/O
during the debug, and the resulting debug bundle can be huge. To exit debug
mode, press Enter.
{: .notice--warning}

-D <options>

<a href="/syslog-ng.github.io/admin-guide/070_Destinations/270_sql/002_Interaction/README#start" class="nav-link content-tooltip">Start</a> <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#syslog-ng-ose" class="nav-link content-tooltip">syslog-ng OSE</a> in debug mode, using the specified command-line
options. To exit debug mode, press Enter.

-t <seconds>

<a href="/syslog-ng.github.io/dev-guide/chapter_4/section_2/README#run" class="nav-link content-tooltip">Run</a> <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#syslog-ng-ose" class="nav-link content-tooltip">syslog-ng OSE</a> in noninteractive debug mode for \<seconds\>, and
automatically exit debug mode after the specified number of seconds.

-w <seconds>

Wait <seconds> seconds before starting debug mode.

SYSTEM CALL TRACING

-s

Enable syscall tracing (strace -f or truss -f). Note that using `-s`
itself does not enable debug mode, only traces the system calls of
an already running <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#syslog-ng-ose" class="nav-link content-tooltip">syslog-ng OSE</a> process. To trace system calls in
debug mode, use both the `-s` and `-d` options.

PACKET CAPTURE OPTIONS

Capturing packets requires a packet capture tool on the host. The syslog-ng-debun tool attempts to use tcpdump on most platforms, except for Solaris, where it uses snoop.

-i <interface>

Capture packets only on the specified interface, for example, eth0.

-p

Capture incoming packets using the following <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#filter" class="nav-link content-tooltip">filter</a>: <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#port" class="nav-link content-tooltip">port</a> 514 or
<a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#port" class="nav-link content-tooltip">port</a> 601 or <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#port" class="nav-link content-tooltip">port</a> 53

-P <options>

Capture incoming packets using the specified <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#filter" class="nav-link content-tooltip">filter</a>.

-t <seconds>

<a href="/syslog-ng.github.io/dev-guide/chapter_4/section_2/README#run" class="nav-link content-tooltip">Run</a> <a href="/syslog-ng.github.io/admin-guide/200_About/002_Glossary#syslog-ng-ose" class="nav-link content-tooltip">syslog-ng OSE</a> in noninteractive debug mode for \<seconds\>, and
automatically exit debug mode after the specified number of seconds.

EXAMPLES:

syslog-ng-debun -r

Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: syslog, ldd of your syslog-binary, and so on.

syslog-ng-debun -r -l

Similar to syslog-ng-debun -r, but without privacy-sensitive information. For example, the following is NOT collected: fstab, df output, mount info, ip / network interface configuration, DNS resolv info, and process tree.

syslog-ng-debun -r -d

Similar to syslog-ng-debun -r, but it also stops syslog-ng OSE, then restarts it in debug mode (-Fedv --enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.

syslog-ng-debun -r -s

Trace the system calls (using strace or truss) of an already running syslog-ng OSE process.

syslog-ng-debun -r -d -s

Restart syslog-ng OSE in debug mode, and also trace the system calls (using strace or truss) of the syslog-ng OSE process.

syslog-ng-debun -r -p

Run packet capture (pcap) with the filter: port 514 or port 601 or port 53 Also waits for pressing Enter, like debug mode.

syslog-ng-debun -r -p -t 10

Noninteractive debug mode: Similar to syslog-ng-debun -r -p, but automatically exit after 10 seconds.

syslog-ng-debun -r -P "host 1.2.3.4"  -D "-Fev --enable-core"

Change the packet-capturing filter from the default to host 1.2.3.4. Also change debugging parameters from the default to -Fev --enable-core. Since a timeout (-t) is not given, waits for pressing Enter.

syslog-ng-debun -r -p -d -w 5 -t 10

Collect pcap and debug mode output following this scenario:

• Start packet capture with default parameters (-p)

• Wait 5 seconds (-w 5)

• Stop syslog-ng

• Start syslog-ng OSE in debug mode with default parameters (-d)

• Wait 10 seconds (-t 10)

• Stop syslog-ng OSE debuging

• Start syslog-ng OSE

• Stop packet capturing

FILES

/opt/syslog-ng/bin/loggen

NOTE: If you experience any problems or need help with syslog-ng OSE, see the syslog-ng OSE Administration Guide[1], or visit the syslog-ng OSE mailing list[2]. For news and notifications about syslog-ng OSE, visit the syslog-ng OSE blogs[3].

AUTHOR

This manual page was generated from the syslog-ng OSE Administration Guide[1], which was written by several contributors to whom we’d like to extend our sincere thanks.

COPYRIGHT

NOTES

[1] syslog-ng OSE Administration Guide https://syslog-ng.github.io/admin-guide/README

[2] syslog-ng OSE mailing list https://lists.balabit.hu/mailman/listinfo/syslog-ng

[3] syslog-ng OSE blogs https://syslog-ng.com/blog/