[syslog-ng] Problem with PID macro
Balazs Scheidler
bazsi at balabit.hu
Tue Jun 10 12:38:32 CEST 2008
On Tue, 2008-06-10 at 13:24 +0300, Kostyantyn Gushtin wrote:
> There is some problem with $PID macro. We experienced this problem on
> boot, sometimes $PID macro contain normal string, that can't be
> converted to integer, for example : PCI0, LNKA, LNKB, LNKC, LNKD. As I
> understand this parameter was read from brackets [], but it isn't
> correct in that case. I read RFC document
> ( http://tools.ietf.org/html/rfc3164 ) about syslog messages, and I
> think the problem occur when syslog-ng parse whole message, but it
> shouldn't do this, at least for PID.
> I will use the example from RFC document :
> Example 4
>
> <0>1990 Oct 22 10:52:01 TZ-6 scapegoat.dmz.example.org 10.1.2.3
> sched[0]: That's All Folks!
> So as we can see the Log Message is "That's All Folks!" all other text
> belong to Log Header. So in that case "sched" is an proccess name and
> "0" is a PID of that proccess.
> This is our log message :
> Feb 25 18:23:34 test-system kernel: ACPI: PCI Root Bridge [PCI0] (0000:00)
> So here proccess name is "kernel" without PID identifier . As a result
> Log Message is "ACPI: PCI Root Bridge [PCI0] (0000:00)". So in that
> case PCI0 isn't a PID, but some text in Log Message. The problem is
> that we saw "PCI0" in $PID macro which I think must be zero length
> string "" or "0".
There was a bug that caused this, but I fixed that long ago. Can you
also post your syslog-ng version number?
I've checked the changelogs, this PID bug was changed in 2.0.6, but
checking the code seems to indicate that you are right, the $PID macro
seems to like anything that starts with a '['.
Please file a bugreport.
--
Bazsi
More information about the syslog-ng
mailing list