
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 12 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Consolas;

        panose-1:2 11 6 9 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri","sans-serif";

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal">Hi all,<o:p></o:p></p>

<p class="MsoNormal">I've come across a problem when using the <span style="font-family:&quot;Courier New&quot;">

rewrite set</span> function with a template function.<o:p></o:p></p>

<p class="MsoNormal">I've created a custom template function <span style="font-family:&quot;Courier New&quot;">

'audit-TPTI-to-Email'</span> and use it in a <span style="font-family:&quot;Courier New&quot;">

rewrite</span>:<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">rewrite r_audit_EMail {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set(&quot;$(audit-TPTI-to-EMail ${MSG})&quot;, value(&quot;MSG&quot;));<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">};<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal">Then call it:<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">filter f_audit_pgm{program(&quot;AUDIT-*&quot; type(&quot;glob&quot;));};<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; source(s_local);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; filter(f_audit_pgm);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_logID_02);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rewrite(r_audit_EMail);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rewrite(r_quote_newlines);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_logID_13);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; flags(final);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">};<o:p></o:p></span></p>

<p class="MsoNormal">Everything work fine.<o:p></o:p></p>

<p class="MsoNormal">Then if I add another call to <span style="font-family:&quot;Courier New&quot;">

rewrite</span> (i.e. add a second email destination):<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">filter f_audit_pgm{program(&quot;AUDIT-*&quot; type(&quot;glob&quot;));};<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; source(s_local);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; filter(f_audit_pgm);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_logID_02);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rewrite(r_audit_EMail);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rewrite(r_quote_newlines);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_logID_13);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rewrite(r_audit_EMail);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rewrite(r_quote_newlines);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_logID_14);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; flags(final);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">};<o:p></o:p></span></p>

<p class="MsoNormal">Syslog-ng crashes with a segfault.<o:p></o:p></p>

<p class="MsoNormal">I've narrowed in down to any template function (just to make sure *<b>I</b>* wasn't screwing something up in my custom function):<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">rewrite r_echo { set(&quot;$(echo $PROGRAM)&quot; value(&quot;PROGRAM&quot;)); };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">destination d_test1{ file(&quot;/var/log/test1.log&quot;); };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">destination d_test2{ file(&quot;/var/log/test2.log&quot;); };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; source(s_local);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rewrite(r_echo);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_test1);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log {<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rewrite(r_echo);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(d_test2);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; };<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">};<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal">The backtrace:<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">Backtrace:<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(plugin_find&#43;0x39)[0x7f3eb76ff019]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(log_template_compile&#43;0x84f)[0x7f3eb7703baf]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(log_rewrite_set_new&#43;0x99)[0x7f3eb76f3349]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so[0x7f3eb76f3371]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line&#43;0x35d)[0x7f3eb76dfecd]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line&#43;0xd2)[0x7f3eb76dfc42]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init&#43;0x56)[0x7f3eb76e0226]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(cfg_init&#43;0xb0)[0x7f3eb76e1530]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/lib/libsyslog-ng-3.3.3.so(main_loop_init&#43;0x11b)[0x7f3eb76f9abb]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/sbin/syslog-ng(main&#43;0x11f)[0x40168f]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/lib/libc.so.6(__libc_start_main&#43;0xe6)[0x7f3eb6240126]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">/usr/local/sbin/syslog-ng[0x401379]<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal">I threw in some debug statements:<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">LogRewrite *<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log_rewrite_set_new(const gchar *new_value)<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">{<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp; fprintf(stderr, &quot;%s('%s'):\n&quot;, __FUNCTION__, new_value);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">Plugin *<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find(GlobalConfig *cfg, gint plugin_type, const gchar *plugin_name)<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">{<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp;&nbsp; fprintf(stderr, &quot;%s(%p, %d, '%s'): '\n&quot;, __FUNCTION__, cfg, plugin_type, plugin_name);<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal">Which showed that the 'cfg' pointer is null when <span style="font-family:&quot;Courier New&quot;">

rewrite</span> is called the second time:<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log_rewrite_set_new('$(echo $PROGRAM)'):<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find(0x60e210, 13, 'echo'): '<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'sys-to-EMail'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'audit-TPTI-to-EMail'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'quar-TPTI-to-EMail'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'quar-TPTI-to-CEF'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'tab-to-bar'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'tab-to-semicolon'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'tab-to-comma'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'to-upper-case'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'to-lower-case'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'ipv4-to-int'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'log-session-seqnum'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'indent-multi-line'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'if'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'grep'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find:&nbsp;&nbsp;&nbsp; plugin-&gt;name = 'echo'<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find(0x60e210, 2, 'file'): '<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">[...]<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">log_rewrite_set_new('$(echo $PROGRAM)'):<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">plugin_find((nil), 13, 'echo'): '<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:9.0pt;font-family:&quot;Courier New&quot;">*** Segmentation fault<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal">Sooo, my questions are: <o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in">Is this expected behavior?<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in">Has this been patched already?<o:p></o:p></p>

<p class="MsoNormal" style="margin-left:.5in">Is there another way I can call a custom function to reformat the message field on a destination-by-destination basis?<o:p></o:p></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal">Thanks,<o:p></o:p></p>

<p class="MsoNormal">Chris<o:p></o:p></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">----------------------------------------<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">Christopher Johnson<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas"><a href="mailto:chris.johnson3@hp.com">chris.johnson3@hp.com</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">HP Software - Security Product Group<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">(916) 785-2817<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">----------------------------------------<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>