Web lists-archives.com

Re: Logs from logger don't appear in EventLog




On 2019-06-01 00:14, Pavel Timofeev wrote:
> ср, 29 мая 2019 г. в 16:40, Pavel Timofeev:
>> вт, 28 мая 2019 г., 19:41 Pavel Timofeev:
>>> I see here and there that if any kind of syslog daemon is not
>>> installed in Cygwin all messages sent to syslog will appear in
>>> EventLog.
>>> I couldn't find a documentation piece about how (and when) logging
>>> work in Cygwin, only some emails in maillists.
>>> Ok, here is my problem. I install cygwin on Windows 2008 R2 x64. Then
>>> I install only two services in Cygwin: cron and sshd. No syslog daemon
>>> at all. I want to see all syslog messages in EventLog.
>>> And I see messages from sshd and cron in EventLog, but when I run
>>> logger utility I can't see them in EventLog:
>>>      /usr/bin/logger BLABLA
>>> Am I missing something that matters? I need your help and expertise!
>> Sorry, cygwin version 3.0.7, fresh installation with latest available packages
> Just installed cygwin 3.0.7 on my home Windows 10.
> No luck, no any messages from logger in any EventLog.

Works fine for me with syslog-ng syslogd:
$ ls -lF /dev/log
srw-rw-rw- 1 SYSTEM SYSTEM 0 May 29 22:37 /dev/log=
$ logger test
$ tail -1 /var/log/syslog | cygcheck-hrsv.sed
Jun  1 07:04:52 $HOSTNAME $USER: test

As logger sends messages to /dev/log which may be a regular file, not a UNIX
domain socket, or syslog UDP socket on port 514, in syslog format, rather than
calling openlog/closelog/syslog(3), the messages may not go to the fallback
Windows Event Log.

You should ensure that /dev/log does not exist as a regular file, as that could
affect logging:
$ ls -lF /dev/log
If not a socket (= flag), check the contents for your logging tests.
Then delete /dev/log, and retest.

You may need to run something like:
https://www.codeproject.com/Articles/18086/Syslog-daemon-for-Windows-Eventlog
to put syslog messages into the Windows Event Log.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple