# The syslog-debun manual page

## Name

`syslog-debun` — `syslog-ng` DEBUg buNdle generator

## Synopsis

`syslog-debun [options]`

## Description

Note The `syslog-debun` application is distributed with the AxoSyslog system logging application, and is usually part of the AxoSyslog package. 

The `syslog-debun` tool collects and saves information about your AxoSyslog installation, making troubleshooting easier, especially if you ask help about your AxoSyslog related problem.

## General Options

  * `-r`

Run `syslog-ng-debun`. Using this option is required to actually execute the data collection with `syslog-ng-debun`. It is needed to prevent accidentally running `syslog-ng-debun`.

  * `-h`

Display the help page.

  * `-l`

Do not collect privacy-sensitive data, for example, process tree, fstab, and so on. If you use with `-d`, then the following parameters will be used for debug mode:`-Fev`

  * `-R <directory>`

The directory where AxoSyslog is installed instead of `/opt/syslog-ng`.

  * `-W <directory>`

Set the working directory, where the debug bundle will be saved. Default value: `/tmp`. The name of the created file is `syslog.debun.${host}.${date}.${3-random-characters-or-pid}.tgz`




## Debug mode options

  * `-d`

Start AxoSyslog in debug mode, using the `-Fedv --enable-core` options.

Warning Using this option under high message load may increase disk I/O during the debug, and the resulting debug bundle can be huge. To exit debug mode, press Enter. 

  * `-D <options>`

Start AxoSyslog in debug mode, using the specified command-line options. To exit debug mode, press Enter.

    * `-t <seconds>`

Run AxoSyslog in non-interactive debug mode for `<seconds>`, and automatically exit debug mode after the specified number of seconds.

  * `-w <seconds>`

Wait `<seconds>` seconds before starting debug mode.




## System call tracing

  * `-s`

Enable syscall tracing (`strace -f` or `truss -f`). Note that using `-s` itself does not enable debug mode, only traces the system calls of an already running AxoSyslog process. To trace system calls in debug mode, use both the `-s` and `-d` options.




## Packet capture options

Capturing packets requires a packet capture tool on the host. The `syslog-debun` tool attempts to use `tcpdump` on most platforms, except for Solaris, where it uses `snoop`.

  * `-i <interface>`

Capture packets only on the specified interface, for example, `eth0`.

  * `-p`

Capture incoming packets using the following filter: `port 514 or port 601 or port 53`

  * `-P <options>`

Capture incoming packets using the specified filter.

  * `-t <seconds>`

Run AxoSyslog in non-interactive debug mode for `<seconds>`, and automatically exit debug mode after the specified number of seconds.




## Examples
```
    syslog-ng-debun -r
    
```

Create a simple debug bundle, collecting information about your environment, for example, list packages containing the word: `syslog`, `ldd` of your syslog-binary, and so on.
```
 
    syslog-ng-debun -r -l
    
```

Similar to `syslog-ng-debun -r`, but without privacy-sensitive information. For example, the following is NOT collected: `fstab`, df output, mount info, ip / network interface configuration, DNS resolve info, and process tree.
```
 
    syslog-ng-debun -r -d
    
```

Similar to `syslog-ng-debun -r`, but it also stops AxoSyslog, then restarts it in debug mode (`-Fedv --enable-core`). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle.
```
 
    syslog-ng-debun -r -s
    
```

Trace the system calls (using `strace` or `truss`) of an already running AxoSyslog process.
```
 
    syslog-ng-debun -r -d -s
    
```

Restart AxoSyslog in debug mode, and also trace the system calls (using `strace` or `truss`) of the AxoSyslog process.
```
 
    syslog-ng-debun -r -p
    
```

Run packet capture (`pcap`) with the filter: `port 514 or port 601 or port 53` Also waits for pressing Enter, like debug mode.
```
 
    syslog-ng-debun -r -p -t 10
    
```

Noninteractive debug mode: Similar to `syslog-ng-debun -r -p`, but automatically exit after 10 seconds.
```
 
    syslog-ng-debun -r -P "host 1.2.3.4"  -D "-Fev --enable-core"
    
```

Change the packet-capturing filter from the default to `host 1.2.3.4`. Also change debugging parameters from the default to `-Fev --enable-core`. Since a timeout (`-t`) is not given, waits for pressing Enter.
```
 
    syslog-ng-debun -r -p -d -w 5 -t 10
    
```

Collect `pcap` and debug mode output following this scenario:

  * Start packet capture with default parameters (`-p`)
  * Wait 5 seconds (`-w 5`)
  * Stop AxoSyslog
  * Start AxoSyslog in debug mode with default parameters (`-d`)
  * Wait 10 seconds (`-t 10`)
  * Stop AxoSyslog debugging
  * Start AxoSyslog
  * Stop packet capturing



## Files

`/opt/syslog-ng/bin/loggen`

## See also

[syslog-ng.conf.5](<https://axoflow.com/docs/axosyslog-core/app-man-syslog-ng/syslog-ng.conf.5/>)

## Getting help

  * The up-to-date documentation of AxoSyslog is available on the [AxoSyslog documentation site](<https://axoflow.com/docs/axosyslog-core/>).
  * For news and notifications about AxoSyslog, visit the [Axoflow blog](<https://axoflow.com/blog/>).
  * If you want to contact the developers directly to help with problems or report issues, contact us on [Discord](<https://discord.gg/583Z4wjem2>) or [GitHub](<https://github.com/axoflow/axosyslog/issues/>).



This manual page is maintained by [Axoflow](<https://axoflow.com/>)

Last modified December 13, 2023: [Formatting fixes (580eb084)](<https://github.com/axoflow/axosyslog-core-docs/commit/580eb0841c6d6f6c2bf366ef4ea9fb4d8558357c>)