ok so i loged in as root sudo would not work for ti to find the path I am rusty and not sure on the setting of the EVTLOG_CFLAGS and such under root i get the config but in my make now i get errors on the make<br><br>make all-recursive<br>
Making all in lib<br>make all-am<br>/bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -D_REENTRANT -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include -I/opt/local/include -I/usr/local/include/eventlog -DHAVE_SOCKADDR_SA_LEN -DLIBNET_BSDISH_OS -DLIBNET_BSD_BYTE_SWAP -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 -Wall -MT misc.lo -MD -MP -MF .deps/misc.Tpo -c -o misc.lo misc.c<br>
mv -f .deps/misc.Tpo .deps/misc.Plo<br>mv: rename .deps/misc.Tpo to .deps/misc.Plo: No such file or directory<br>make[3]: *** [misc.lo] Error 1<br>make[2]: *** [all] Error 2<br>make[1]: *** [all-recursive] Error 1<br>make: *** [all] Error 2<br>
<br><br><div class="gmail_quote">On Sat, Jun 4, 2011 at 7:36 AM, <span dir="ltr"><<a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Send syslog-ng mailing list submissions to<br>
<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:syslog-ng-owner@lists.balabit.hu">syslog-ng-owner@lists.balabit.hu</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of syslog-ng digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: [PATCH 6/7] [system source]: Bail out on unknown<br>
systems, and use a clean environment. (Balazs Scheidler)<br>
2. Re: 3.3b1: "EOF occurred while idle" (Balazs Scheidler)<br>
3. Re: [Fw: keep_hostname (yes); and source file] (Balazs Scheidler)<br>
4. [Bug 122] [3.2.4]: mixed linking broken for<br>
libsyslog-ng.so.* (<a href="mailto:bugzilla@bugzilla.balabit.com">bugzilla@bugzilla.balabit.com</a>)<br>
5. Re: syslog-ng Digest, Vol 73, Issue 37 (Balazs Scheidler)<br>
6. Re: Fwd: Re: Question (Balazs Scheidler)<br>
7. Re: issues with syslog-ng install of new version or running<br>
older version on mac osX 10.6.7 (Balazs Scheidler)<br>
8. Re: Syslog-ng error while using TSL (Balazs Scheidler)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sat, 04 Jun 2011 12:54:54 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] [PATCH 6/7] [system source]: Bail out on<br>
unknown systems, and use a clean environment.<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307184894.15963.195.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Fri, 2011-06-03 at 10:14 +0200, Pal Tamas wrote:<br>
> On Thu, Jun 02, 2011 at 08:49:05PM +0200, Balazs Scheidler wrote:<br>
> > On Mon, 2011-05-23 at 11:56 +0200, Gergely Nagy wrote:<br>
> > > From: Tamas Pal <<a href="mailto:folti@balabit.hu">folti@balabit.hu</a>><br>
> > ><br>
> > > Force using OS's own uname implementation, over whatewer found in<br>
> > > PATH. Die with error on an unsupported system or uname error.<br>
> > ><br>
> > > Signed-off-by: Tamas Pal <<a href="mailto:folti@balabit.hu">folti@balabit.hu</a>><br>
> > > ---<br>
> > > scl/system/generate-system-source.sh | 13 +++++++++++++<br>
> > > 1 files changed, 13 insertions(+), 0 deletions(-)<br>
> > ><br>
> > > diff --git a/scl/system/generate-system-source.sh b/scl/system/generate-system-source.sh<br>
> > > index d89fd33..6f5af70 100755<br>
> > > --- a/scl/system/generate-system-source.sh<br>
> > > +++ b/scl/system/generate-system-source.sh<br>
> > > @@ -23,6 +23,14 @@<br>
> > > #<br>
> > > #############################################################################<br>
> > ><br>
> > > +# DO NOT REMOVE!!!<br>
> > > +# We have to force the script to use the OS's own utilities, instead of some<br>
> > > +# random stuff found in path. This is needed when PATH points to a uname binary<br>
> > > +# with some missing dependencies, due to LD_LIBRARY_PATH/LIBPATH settings. In those case, it's possible, that uname doesn't work...<br>
> > > +PATH=/bin:/usr/bin:$PATH<br>
> > > +LIBPATH=<br>
> > > +LD_LIBRARY_PATH=<br>
> > > +export PATH LIBPATH LD_LIBRARY_PATH<br>
> > ><br>
> > > os=${UNAME_S:-`uname -s`}<br>
> > > osversion=${UNAME_R:-`uname -r`}<br>
> ><br>
> > Hmm... I really don't get this, what if the admin really want to change<br>
> > the uname binary? Can you explain when this is needed?<br>
> It was an AIX specific bug. On the test system, there are another uname<br>
> from GNU binutils under /opt/freeware/bin which depends on their own<br>
> libintl library located in /opt/freeware/lib. Due to AIX's own shared<br>
> library handling(see below: [1]), this conflicted with our libintl implementation,<br>
> rendering the uname binary inoperable.<br>
><br>
> Because the script didn't handle the case when uname returns nothing or<br>
> unsupported OS info, it returned neither system log sources nor warning<br>
> to the user(other than catching the dynamic linker's error message on<br>
> console).<br>
><br>
> Other systems have more sane dynamic linkers and shared library handling<br>
> policies, so it wouldn't cause the same problem, unless the system in<br>
> question really messed up, but we can't do much about that. If your<br>
> system's uname is broken (located in /bin or in case of UNIXes,<br>
> /usr/bin - where /bin is a symlink to /usr/bin), then you have bigger<br>
> problems than syslog-ng not working.<br>
><br>
> Other possible future problems, if the system have some AppArmor or<br>
> SELinux like security suite installed, which would prevent executing<br>
> binaries in non-standard paths, unless configured otherwise. This can<br>
> be a problem for SCL's own scripts too.<br>
><br>
> [1]: AIX shared library handling:<br>
><br>
> On AIX the .so files themselves are packaged into .a archives and the<br>
> dynamic linker's default behaviour is to look for them in there. In this<br>
> case, the GNU uname depended on libintl.so.1 in a file libintl.a. Due to<br>
> the limitations of the dynamic linker, it only looks into the first<br>
> <libname>.a file found on path, if that one doesn't contain the needed<br>
> .so it fails. In that case, the first libintl.a it found (due to<br>
> inheriting LIBPATH from syslog-ng) was our own in /opt/syslog-ng/lib<br>
> containing only a libintl.so.8.<br>
><br>
> ><br>
> > > + *)<br>
> > > + # need to notify the user that something gone terribly wrong...<br>
> > > + echo "$0: FATAL: unsupported OS ($os) or uname(1) error. Please call BalaBit's support" >&2<br>
> > > + exit 1<br>
> > > + ;;<br>
> ><br>
> > hmm... most syslog-ng users would probably not have a support policy in<br>
> > place, so the error message should not advise that.<br>
> Umm yes, I only the PE version in mind when I write that message.<br>
> ><br>
> > If you have information on the first question, I'll integrate the patch<br>
> > with a slight change in the message, so no need for an updated patch.<br>
<br>
A better solution would be to remove the syslog-ng specific portion of<br>
LD_LIBRARY_PATH env variable before executing user-supplied programs<br>
(confgen, program source & destination). The issue is that it's not easy<br>
to identify these points, and sometimes the exec() call itself is buried<br>
under several layers (popen for instance). This issue only happens if<br>
the env wrapper is enabled (--enable-env-wrapper), which is needed to<br>
run syslog-ng in /opt/syslog-ng and is used by both the PE and OSE<br>
binaries that we build.<br>
<br>
Hmm... I think I'll just apply the patch, fixing the error message.<br>
<br>
Thanks guys.<br>
<br>
Here's the patch I've committed:<br>
<br>
commit b7d46bc094215fa80f93e0dc46a3caa83e8a24b8<br>
Author: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Date: Sat Jun 4 12:54:07 2011 +0200<br>
<br>
Bail out on unknown systems, and use a clean environment.<br>
<br>
Force using OS's own uname implementation, over whatewer found in<br>
PATH. Die with error on an unsupported system or uname error.<br>
<br>
Signed-off-by: Tamas Pal <<a href="mailto:folti@balabit.hu">folti@balabit.hu</a>><br>
Signed-off-by: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
<br>
<br>
<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sat, 04 Jun 2011 13:06:23 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] 3.3b1: "EOF occurred while idle"<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307185583.15963.197.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Sun, 2011-05-29 at 22:02 +0100, Nix wrote:<br>
> On 29 May 2011, <a href="mailto:nix@esperi.org.uk">nix@esperi.org.uk</a> outgrape:<br>
><br>
> > (It also just coredumped, but this led to an autoreboot and the log was<br>
> > not preserved across the reboot :( )<br>
><br>
> I have several hundred coredumps on another system, all with the same<br>
> backtrace:<br>
><br>
> #0 0x00007f3ad7c71aca in affile_dd_open_writer () from /usr/lib/syslog-ng/libaffile.so<br>
> #1 0x00007f3ad7c73d16 in affile_dd_queue () from /usr/lib/syslog-ng/libaffile.so<br>
> #2 0x00007f3ad9725850 in log_dest_group_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #3 0x00007f3ad972b8b5 in log_multiplexer_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #4 0x00007f3ad972b924 in log_multiplexer_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #5 0x00007f3ad972b8b5 in log_multiplexer_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #6 0x00007f3ad973fc87 in log_source_group_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #7 0x00007f3ad9734d37 in log_source_queue () from /usr/lib/libsyslog-ng.so.0<br>
> #8 0x00007f3ad973310e in log_reader_work_perform () from /usr/lib/libsyslog-ng.so.0<br>
> #9 0x00007f3ad9733231 in log_reader_io_process_input () from /usr/lib/libsyslog-ng.so.0<br>
> #10 0x00007f3ad9752e04 in iv_main () from /usr/lib/libsyslog-ng.so.0<br>
> #11 0x00007f3ad973a40b in main_loop_run () from /usr/lib/libsyslog-ng.so.0<br>
> #12 0x00000000004016e9 in main ()<br>
><br>
> I have reverted to 3.0.x (which I was previously running) for now.<br>
><br>
<br>
Hmm... sorry to have caused disruptions. The problem with this<br>
backtrace, is that it lacks a lot of information, debug symbols would be<br>
needed to properly analyze it. Can you help in that regard?<br>
<br>
Thanks.<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Sat, 04 Jun 2011 13:11:36 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] [Fw: keep_hostname (yes); and source file]<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307185896.15963.200.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Fri, 2011-05-27 at 18:44 -0400, Steven Blatchford wrote:<br>
> There seems to be no hostname associated with file() so it uses the first<br>
> word of the message. The first word of the log message is 'DEBUG'. On<br>
> the central log server I added 'DEBUG' to the filter host and it worked.<br>
><br>
> Is there a way to set the hostname when the source uses file() ?<br>
<br>
That happens because syslog-ng tries to parse the file as if it was in<br>
syslog format. You can disable parsing with<br>
<br>
flags(no-parse).<br>
<br>
With that the content of each line will become part of $MSG and<br>
syslog-ng will prepend a syslog header when sending it to the server.<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Sat, 4 Jun 2011 13:14:49 +0200 (CEST)<br>
From: <a href="mailto:bugzilla@bugzilla.balabit.com">bugzilla@bugzilla.balabit.com</a><br>
Subject: [syslog-ng] [Bug 122] [3.2.4]: mixed linking broken for<br>
libsyslog-ng.so.*<br>
To: <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
Message-ID: <<a href="mailto:20110604111449.B269211E081@lists.balabit.hu">20110604111449.B269211E081@lists.balabit.hu</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
<a href="https://bugzilla.balabit.com/show_bug.cgi?id=122" target="_blank">https://bugzilla.balabit.com/show_bug.cgi?id=122</a><br>
<br>
<br>
<br>
<br>
<br>
--- Comment #5 from Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>> 2011-06-04 13:14:49 ---<br>
Can you attach the patch here, so that I could add it to the syslog-ng configure script if it makes sense?<br>
<br>
Although I'm quite reluctant to add LDFLAGS/CFLAGS filtering, I'd say that if the compiling user supplies those arguments, then she knows what she's doing, so<br>
IMHO the best place to filter those arguments is the packaging files (be them .spec files or debian/ directories or anything else).<br>
<br>
Anyway, it'd make the decision easier if you could attach the patch.<br>
<br>
<br>
--<br>
Configure bugmail: <a href="https://bugzilla.balabit.com/userprefs.cgi?tab=email" target="_blank">https://bugzilla.balabit.com/userprefs.cgi?tab=email</a><br>
------- You are receiving this mail because: -------<br>
You are watching all bug changes.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Sat, 04 Jun 2011 13:15:33 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] syslog-ng Digest, Vol 73, Issue 37<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307186133.15963.201.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Wed, 2011-06-01 at 10:09 +1100, Scott Rochford wrote:<br>
> Hi Frank,<br>
><br>
> Someone must have used a so-called "smart" editor to edit this file,<br>
> since it seems to have used fancy quotes on the console line.<br>
><br>
> #destination console_all { file("/dev/tty12"); };<br>
> destination console_all { file(?/dev/console?); };<br>
> #destination loghost { udp("loghost" port(999)); };<br>
><br>
> Notice how they are different from those on the line above? Word<br>
> processors often replace quotes with matching pairs like that<br>
> automatically; only plain text editors should be used to edit config<br>
> files like this.<br>
><br>
> Check for this kind of thing with a hex dumper or 'cat -vet':<br>
><br>
> $ cat frank<br>
> #destination console_all { file("/dev/tty12"); };<br>
> destination console_all { file("/dev/console"); };<br>
> #destination loghost { udp("loghost" port(999)); };<br>
><br>
> $ cat -vet frank<br>
> #destination console_all { file("/dev/tty12"); };$<br>
> destination console_all { file(M-bM-^@M-^\/dev/consoleM-bM-^@M-^]); };<br>
> $<br>
> #destination loghost { udp("loghost" port(999)); };$<br>
<br>
I can confirm that if this is the case, it'll certainly confuse<br>
syslog-ng.<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Sat, 04 Jun 2011 13:20:52 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] Fwd: Re: Question<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Cc: Costa Farber <<a href="mailto:costaf@wix.com">costaf@wix.com</a>><br>
Message-ID: <1307186452.15963.203.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
Hi,<br>
<br>
Thanks for bringing this up. The description was certainly familiar and<br>
that was the reason. 3.3 OSE is the first affected branch, older code<br>
didn't use the hand-coded number parsing functions.<br>
<br>
This is the commit-id of the new patch:<br>
<br>
commit 4df06a3c8d7c37b06db41be4695522c73ec925a5<br>
Author: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Date: Sun Apr 10 10:28:31 2011 +0200<br>
<br>
Fixed BSD timestamp parsing when the day is padded with spaces in front (fixes: D-03717)<br>
<br>
Although the bugreport contained info that it'd be 'no-hostname' related, in<br>
reality it isn't. The unit tests couldn't cover this case as the<br>
timestamp that can typically contain such fields do not contain year information.<br>
<br>
This patch fills this whole in the unit test and also fixes the<br>
problem itself. It was caused by one of the performance improvement<br>
patches, but doesn't affect PE 4.0 or older OSE versions.<br>
<br>
Signed-off-by: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
<br>
<br>
On Thu, 2011-06-02 at 12:41 +0200, Gergely Nagy wrote:<br>
> Copying this to the syslog-ng@ list aswell, as this might be interesting<br>
> to others aswell, and the patch should be picked up for 3.3 too.<br>
><br>
> > On 2011-06-01 17:20, Costa Farber wrote:<br>
> >> Hello.<br>
> >><br>
> >> I use syslog-ng 3.3 beta. It was working up today perfect. Today I<br>
> >> got the following result:<br>
> >> my config<br>
> >> */source s_network {<br>
> >> udp();<br>
> >> tcp();<br>
> >> };<br>
> >> destination d_local_prospero {<br>
> >> file("/var/log/messages_prospero"<br>
> >> template("$ISODATE#$HOST#$MSGONLY\n") );<br>
> >> };<br>
> >> log {<br>
> >> source(s_network);<br>
> >> destination(d_local_prospero);<br>
> >> };/*<br>
> >><br>
> >> source message is<br>
> >> /*Jun 1 17:50:11 ubnct lighttpd-1.5[24730]: DEBUG<br>
> >> wix.c:send_wixfs_file:345 will send file:<br>
> >> /var/www/<a href="http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600" target="_blank">static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600</a><br>
> >> <<a href="http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600" target="_blank">http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600</a>>*/<br>
> >><br>
> >> result is<br>
> >> /*2011-06-01T17:50:03+03:00#ubnct# 1 17:50:11 ubnct<br>
> >> lighttpd-1.5[24730]: DEBUG wix.c:send_wixfs_file:345 will send file:<br>
> >> /var/www/<a href="http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600" target="_blank">static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600</a><br>
> >> <<a href="http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600" target="_blank">http://static.wix.com/media/3d/44/3d4433_34a5623f12940907668b5ee9b72d23a3.jpg_600</a>>*/<br>
> >><br>
> >> It seems like parser has a bug and can not pars one digit day (it<br>
> >> has 2 spaces between month and day).<br>
> >> I need help to clear is it bug or any ather problem.<br>
><br>
> This is a known problem, but for some reason the fix did not make it<br>
> into 3.3 yet.<br>
><br>
> Attached is a patch that fixes the problem.<br>
><br>
> differences between files attachment<br>
> (0001-Fixed-BSD-timestamp-parsing-when-the-day-is-padded-w.patch)<br>
> From 72733f3b3fd0d29a58dc1f3601e0c2a4b3577747 Mon Sep 17 00:00:00 2001<br>
> From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
> Date: Sun, 10 Apr 2011 10:28:31 +0200<br>
> Subject: [PATCH] Fixed BSD timestamp parsing when the day is padded with spaces in front (fixes: D-03717)<br>
><br>
> Although the bugreport contained info that it'd be 'no-hostname' related, in<br>
> reality it isn't. The unit tests couldn't cover this case as the<br>
> timestamp that can typically contain such fields do not contain year information.<br>
><br>
> This patch fills this whole in the unit test and also fixes the<br>
> problem itself. It was caused by one of the performance improvement<br>
> patches, but doesn't affect PE 4.0 or older OSE versions.<br>
><br>
> Signed-off-by: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
> ---<br>
> lib/str-format.c | 3 +-<br>
> tests/unit/test_msgparse.c | 54 ++++++++++++++++++++++++++++++++++++++++++++<br>
> 2 files changed, 56 insertions(+), 1 deletions(-)<br>
><br>
> diff --git a/lib/str-format.c b/lib/str-format.c<br>
> index 27a292a..a033b43 100644<br>
> --- a/lib/str-format.c<br>
> +++ b/lib/str-format.c<br>
> @@ -1,6 +1,7 @@<br>
> #include "str-format.h"<br>
><br>
> #include <string.h><br>
> +#include <ctype.h><br>
><br>
> static gchar digits[] = "0123456789abcdef";<br>
><br>
> @@ -82,7 +83,7 @@ scan_uint32(const gchar **buf, gint *left, gint field_width, guint32 *num)<br>
> {<br>
> if ((**buf) >= '0' && (**buf) <= '9')<br>
> result = result * 10 + ((**buf) - '0');<br>
> - else<br>
> + else if (!isspace(**buf))<br>
> return FALSE;<br>
> (*buf)++;<br>
> (*left)--;<br>
> diff --git a/tests/unit/test_msgparse.c b/tests/unit/test_msgparse.c<br>
> index 3a60175..069cc37 100644<br>
> --- a/tests/unit/test_msgparse.c<br>
> +++ b/tests/unit/test_msgparse.c<br>
> @@ -59,6 +59,33 @@ check_value(gchar *msg, LogMessage *logmsg, NVHandle handle, const gchar *expect<br>
> TEST_ASSERT(strcmp(p, expected) == 0, "%s", p, expected);<br>
> }<br>
><br>
> +/* This function determines the year that syslog-ng would find out<br>
> + * given the timestamp has no year information. Then returns the UTC<br>
> + * representation of "January 1st 00:00:00" of that year. This is to<br>
> + * be used for testcases that lack year information. ts_month is the 0<br>
> + * based month in the timestamp being parsed.<br>
> + */<br>
> +time_t<br>
> +get_bsd_year_utc(int ts_month)<br>
> +{<br>
> + struct tm *tm;<br>
> + time_t t;<br>
> +<br>
> + time(&t);<br>
> + tm = localtime(&t);<br>
> +<br>
> + if (tm->tm_mon > ts_month + 1)<br>
> + tm->tm_year++;<br>
> +<br>
> + tm->tm_hour = 0;<br>
> + tm->tm_min = 0;<br>
> + tm->tm_sec = 0;<br>
> + tm->tm_mday = 1;<br>
> + tm->tm_mon = 0;<br>
> + tm->tm_isdst = -1;<br>
> + return mktime(tm);<br>
> +}<br>
> +<br>
> int<br>
> testcase(gchar *msg,<br>
> gint parse_flags,<br>
> @@ -182,6 +209,33 @@ main(int argc G_GNUC_UNUSED, char *argv[] G_GNUC_UNUSED)<br>
> NULL, "2499", NULL, NULL<br>
> );<br>
><br>
> + testcase("<15>Jan 1 01:00:00 bzorp openvpn[2499]: PTHREAD support initialized", LP_EXPECT_HOSTNAME, NULL,<br>
> + 15, // pri<br>
> + get_bsd_year_utc(0) + 3600, 0, 3600, // timestamp (sec/usec/zone)<br>
> + "bzorp", // host<br>
> + "openvpn", // openvpn<br>
> + "PTHREAD support initialized", // msg<br>
> + NULL, "2499", NULL, NULL<br>
> + );<br>
> +<br>
> + testcase("<15>Jan 10 01:00:00 bzorp openvpn[2499]: PTHREAD support initialized", LP_EXPECT_HOSTNAME, NULL,<br>
> + 15, // pri<br>
> + get_bsd_year_utc(0) + 3600 + 9 * 24 * 3600, 0, 3600, // timestamp (sec/usec/zone)<br>
> + "bzorp", // host<br>
> + "openvpn", // openvpn<br>
> + "PTHREAD support initialized", // msg<br>
> + NULL, "2499", NULL, NULL<br>
> + );<br>
> +<br>
> + testcase("<13>Jan 1 14:40:51 alma korte: message", 0, NULL,<br>
> + 13,<br>
> + get_bsd_year_utc(0) + 60 * 60 * 14 + 40 * 60 + 51, 0, 3600,<br>
> + "",<br>
> + "alma",<br>
> + "korte: message",<br>
> + NULL, NULL, NULL, NULL<br>
> + );<br>
> +<br>
> testcase("<7>2006-11-10T10:43:21.156+02:00 bzorp openvpn[2499]: PTHREAD support initialized", LP_EXPECT_HOSTNAME, NULL,<br>
> 7, // pri<br>
> 1163148201, 156000, 7200, // timestamp (sec/usec/zone)<br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Sat, 04 Jun 2011 13:26:45 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] issues with syslog-ng install of new version<br>
or running older version on mac osX 10.6.7<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307186805.15963.208.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Fri, 2011-06-03 at 12:37 -0400, Frank Scalzo wrote:<br>
> I have tried the dmz installed it still not logging<br>
><br>
> i am tryng to upgrade to version 3.2.4 from 3.0.8 to see if that might<br>
> fix my issue<br>
><br>
> I have installed eventlog 2.12 but when i try to do my config it still<br>
> says i have event log 2.0.9<br>
<br>
the configure script detects eventlog using the pkg-config command,<br>
something like:<br>
<br>
pkg-config --cflags eventlog<br>
<br>
pkg-config uses so named .pc files to find out where things are located,<br>
and uses PKG_CONFIG_PATH as a list of directories where it looks for .pc<br>
files. By default it uses /usr/lib/pkg-config<br>
<br>
If you have multiple eventlog versions (because the OS supplied you one,<br>
and then you installed one from source), they are probably located at<br>
different locations. The system supplied one usually lives under /usr,<br>
the locally installed one in /usr/local<br>
<br>
So it all depends on your PKG_CONFIG_PATH if it does find the new<br>
version, or not.<br>
<br>
You can either explicitly set PKG_CONFIG_PATH to contain the directory<br>
with the new eventlog .pc, or you could also use the "low-level"<br>
environment variables to substitute .pc files completely. Quoting the<br>
configure help about environment variables:<br>
<br>
EVTLOG_CFLAGS<br>
C compiler flags for EVTLOG, overriding pkg-config<br>
EVTLOG_LIBS linker flags for EVTLOG, overriding pkg-config<br>
<br>
<br>
><br>
> just to see if i could bypass it I changed the the min eventlog to<br>
> the version it says i have in the configure file<br>
><br>
> do a config no problem but now fail on the make with<br>
><br>
> mv:rename .deps/misc.tpo .deps/misc.plo no such file or dir<br>
> make [3]: *** [misc.lo] error 1<br>
> make [2]: *** [all] error 2<br>
> make [1]: *** [all-recursive] error 1<br>
> make: *** [all] error 2<br>
> all done in SU<br>
><br>
> if i could get the other version to log I would be good and until i<br>
> prove it works for us i can not tell them i want the pe version<br>
<br>
Compiling syslog-ng can be tricky at times, but it's quite<br>
straightforward if you know the standard build tools on Linux. (so<br>
nothing tricky, syslog-ng has a lot of external dependencies).<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 8<br>
Date: Sat, 04 Jun 2011 13:35:16 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] Syslog-ng error while using TSL<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1307187316.15963.211.camel@bzorp><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Thu, 2011-05-26 at 22:25 +0530, Pramod Pillai wrote:<br>
> Hi Bazsi<br>
><br>
> We are still unable to resolve the issue .<br>
> I see this error.<br>
> CN=Generic_Int_CA_1', error='unable to get local issuer certificate', depth='0'<br>
> SSL error while writing stream; tls_error='SSL<br>
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'<br>
><br>
> I am attaching the config file and the certificates which might be<br>
> helpful to debug the issue.<br>
<br>
The question is what the directory<br>
<br>
ca_dir("/certificates/ca.d")<br>
<br>
contains. It should be populated with symlinks pointing to the X.509<br>
certificates. The symlink name must be the hash of the X.509 subject<br>
name, to be produced by<br>
<br>
openssl x509 -hash -in xxxx<br>
<br>
There's also an openssl utility to perform this symlink stuff, named<br>
c_rehash. Here's a manual page for that:<br>
<br>
<a href="http://www.tin.org/bin/man.cgi?section=1&topic=c_rehash" target="_blank">http://www.tin.org/bin/man.cgi?section=1&topic=c_rehash</a><br>
<br>
I'm quite certain that TLS and X.509 key validation works well, and the<br>
error message really seems to indicate a local setup problem.<br>
<br>
><br>
> Regards<br>
> Pramod<br>
><br>
> On Sun, May 22, 2011 at 4:44 PM, Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>> wrote:<br>
> > On Wed, 2011-05-04 at 18:11 +0530, Pramod Pillai wrote:<br>
> >> Hi<br>
> >><br>
> >> I have not yet resolved the issue -:(<br>
> >> Few questions<br>
> >> This is the error from the client side<br>
> >> error='self signed certificate in certificate chain', depth='2'<br>
> >><br>
> >> Our certificates are not self signed . But why is it showing as self<br>
> >> signed in the log.<br>
> ><br>
> > everything is self-signed at the end. an official CA is a self-signed<br>
> > certificate, they just happen to be trusted for one reason or another.<br>
> ><br>
> > this probably means that the CA certificate is not trusted by syslog-ng,<br>
> > probably because syslog-ng has to be told which CA you trust.<br>
> ><br>
> > There's a chapter in the documentation on how to set that up, here:<br>
> ><br>
> > <a href="http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/chapter-encrypted-transport-tls.html" target="_blank">http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/chapter-encrypted-transport-tls.html</a><br>
> ><br>
> >> Is syslog-ng internally configured as self-signed certificate. If<br>
> >> Yes where is it stored. Or how to modify it.<br>
> >><br>
> >> Is it possible to configure the depth ?<br>
> ><br>
> > IIRC no, there's currently no way to configure that, syslog-ng will just<br>
> > accept any certificate depth.<br>
> ><br>
> > --<br>
> > Bazsi<br>
> ><br>
> ><br>
> > ______________________________________________________________________________<br>
> > Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> > Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> > FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
> ><br>
> ><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
<br>
<br>
End of syslog-ng Digest, Vol 74, Issue 7<br>
****************************************<br>
</blockquote></div><br>