<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 26, 2013 at 12:25 PM, Alexandre Biancalana <span dir="ltr"><<a href="mailto:biancalana@gmail.com" target="_blank">biancalana@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div class="im">On Thu, Sep 26, 2013 at 8:00 AM, Gergely Nagy <span dir="ltr"><<a href="mailto:algernon@balabit.hu" target="_blank">algernon@balabit.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I have pushed a fix to 3.4 master[1], it was a stupid copy & paste<br>
mistake.<br>
<br>
[1]: <a href="https://github.com/balabit/syslog-ng-3.4/commit/d24e7add4bdc9143025f6165d4c8ec472dc89586.patch" target="_blank">https://github.com/balabit/syslog-ng-3.4/commit/d24e7add4bdc9143025f6165d4c8ec472dc89586.patch</a><br>
<div><div><br></div></div></blockquote><div><br></div></div><div>Hi Gergely !<br><br></div><div> Thank you for your time and the patch, but it's still happening...<br><br><br># gdb ./syslog-ng/.libs/syslog-ng<div class="im">
<br>GNU gdb 6.1.1 [FreeBSD]<br>
Copyright 2004 Free Software Foundation, Inc.<br>GDB is free software, covered by the GNU General Public License, and you are<br>welcome to change it and/or distribute copies of it under certain conditions.<br>Type "show copying" to see the conditions.<br>
</div>
There is absolutely no warranty for GDB. Type "show warranty" for details.<br>This GDB was configured as "amd64-marcel-freebsd"...<br>(gdb) run -d -f /usr/local/etc/syslog-ng.conf<br>Starting program: /usr/ports/sysutils/syslog-ng/work/syslog-ng-3.4.3/syslog-ng/.libs/syslog-ng -d -f /usr/local/etc/syslog-ng.conf<br>
[New LWP 100524]<br>[New Thread 802407400 (LWP 100524/syslog-ng)]<br>nanosleep() is not accurate enough to introduce minor stalls on the reader side, multi-threaded performance may be affected;<div class="im"><br>Reading path for candidate modules; path='/usr/local/lib/syslog-ng'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afamqp.so', module='afamqp'<br>Registering candidate plugin; module='afamqp', context='destination', name='amqp', preference='0'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='affile.so', module='affile'<br>Registering candidate plugin; module='affile', context='source', name='file', preference='0'<br>
Registering candidate plugin; module='affile', context='source', name='pipe', preference='0'<br>Registering candidate plugin; module='affile', context='destination', name='file', preference='0'<br>
Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0'<br></div><div class="im">Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afmongodb.so', module='afmongodb'<br>
Registering candidate plugin; module='afmongodb', context='destination', name='mongodb', preference='0'<br></div><div class="im">Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afprog.so', module='afprog'<br>
Registering candidate plugin; module='afprog', context='source', name='program', preference='0'<br>Registering candidate plugin; module='afprog', context='destination', name='program', preference='0'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket-notls.so', module='afsocket-notls'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='unix-stream', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-stream', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='unix-dgram', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-dgram', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='tcp', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='tcp6', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp6', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='udp', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='udp6', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp6', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='syslog', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='syslog', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='network', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='network', preference='0'<br></div><div class="im">Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket-tls.so', module='afsocket-tls'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-stream', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-stream', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-dgram', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-dgram', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp6', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp6', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='udp', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='udp', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='udp6', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='udp6', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='syslog', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='syslog', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='network', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='network', preference='100'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket.so', module='afsocket'<br>Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100'<br>Registering candidate plugin; module='afsocket', context='source', name='network', preference='100'<br>
Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100'<br></div><div class="im">Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afuser.so', module='afuser'<br>
Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='basicfuncs.so', module='basicfuncs'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0'<br></div><div class="im">Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='confgen.so', module='confgen'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='csvparser.so', module='csvparser'<br>Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='dbparser.so', module='dbparser'<br>Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0'<br>
</div><div class="im">
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='syslog-ng-crypto.so', module='syslog-ng-crypto'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='syslogformat.so', module='syslogformat'<br>
Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0'<br>Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0'<br>
</div>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='system-source.so', module='system-source'<br>Compiling #unnamed sequence [log] at [/usr/local/etc/syslog-ng.conf:3]<br>
Compiling src_local reference [source] at [/usr/local/etc/syslog-ng.conf:3]<br> Compiling src_local sequence [source] at [/usr/local/etc/syslog-ng.conf:8]<br> Compiling #unnamed junction [log] at [/usr/local/etc/syslog-ng.conf:8]<br>
Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:8]<br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:9]<div class="im"><br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]<br>
</div><div class="im">
Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]<br></div> Compiling d_amqp reference [destination] at [/usr/local/etc/syslog-ng.conf:3]<br> Compiling d_amqp sequence [destination] at [/usr/local/etc/syslog-ng.conf:1]<div class="im">
<br>
Compiling #unnamed junction [log] at [/usr/local/etc/syslog-ng.conf:1]<br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]<br></div>[New Thread 802409000 (LWP 109094/syslog-ng)]<div class="im">
<br>Running application hooks; hook='1'<br>
Running application hooks; hook='3'<br>syslog-ng starting up; version='3.4.3'<br></div>Incoming log entry; line='<6>pid 85554 (syslog-ng), uid 0: exited on signal 6 (core dumped)'<div class="im">
<br>Worker thread started; driver='d_amqp#0'<br>
Connecting to AMQP succeeded; driver='d_amqp#0'<br></div>**<div class="im"><br>ERROR:logmsg.c:1303:log_msg_unref: assertion failed: (LOGMSG_REFCACHE_VALUE_TO_REF(old_value) >= 1)<br><br></div>Program received signal SIGABRT, Aborted.<br>
[Switching to Thread 802409000 (LWP 109094/syslog-ng)]<div class="im"><br>
0x0000000801f9938c in thr_kill () from /lib/libc.so.7<br></div><div class="im">(gdb) bt<br>#0 0x0000000801f9938c in thr_kill () from /lib/libc.so.7<br>#1 0x000000080203b99b in abort () from /lib/libc.so.7<br>#2 0x00000008011223f4 in g_assertion_message () from /usr/local/lib/libglib-2.0.so.0<br>
#3 0x00000008011229c2 in g_assertion_message_expr () from /usr/local/lib/libglib-2.0.so.0<br>#4 0x000000080084cc87 in log_msg_unref (self=Variable "self" is not available.<br>) at logmsg.c:1303<br></div>#5 0x000000080368736d in afamqp_worker_thread (arg=Variable "arg" is not available.<br>
) at afamqp.c:479<br>#6 0x000000080085b6de in worker_thread_func (st=0x8024259a0) at misc.c:580<div class="im"><br>#7 0x0000000801124a65 in g_thread_proxy () from /usr/local/lib/libglib-2.0.so.0<br>#8 0x0000000801d220a4 in pthread_getprio () from /lib/libthr.so.3<br>
#9 0x0000000000000000 in ?? ()<br></div>Error accessing memory address 0x7fffffbfe000: Bad address.<br>(gdb)<br><br><br></div></div></div></div>
</blockquote></div><br></div><div class="gmail_extra">Testing on linux it goes a little further but also crashes:<br><br># gdb syslog-ng/.libs/syslog-ng<br>GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6)<br>Copyright (C) 2010 Free Software Foundation, Inc.<br>
License GPLv3+: GNU GPL version 3 or later <<a href="http://gnu.org/licenses/gpl.html">http://gnu.org/licenses/gpl.html</a>><br>This is free software: you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br>
and "show warranty" for details.<br>This GDB was configured as "x86_64-redhat-linux-gnu".<br>For bug reporting instructions, please see:<br><<a href="http://www.gnu.org/software/gdb/bugs/">http://www.gnu.org/software/gdb/bugs/</a>>...<br>
Reading symbols from /tmp/syslog-ng-3.4/syslog-ng/.libs/syslog-ng...done.<br>(gdb) run -d -f /usr/local/etc/syslog-ng.conf<br>Starting program: /tmp/syslog-ng-3.4/syslog-ng/.libs/syslog-ng -d -f /usr/local/etc/syslog-ng.conf<br>
[Thread debugging using libthread_db enabled]<br>Reading path for candidate modules; path='/usr/local/lib/syslog-ng'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='confgen.so', module='confgen'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='dbparser.so', module='dbparser'<br>Registering candidate plugin; module='dbparser', context='parser', name='db-parser', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afamqp.so', module='afamqp'<br>Registering candidate plugin; module='afamqp', context='destination', name='amqp', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='cryptofuncs.so', module='cryptofuncs'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='uuid', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='hash', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha1', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha256', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='sha512', preference='0'<br>
Registering candidate plugin; module='cryptofuncs', context='template-func', name='md4', preference='0'<br>Registering candidate plugin; module='cryptofuncs', context='template-func', name='md5', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='basicfuncs.so', module='basicfuncs'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='grep', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='if', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='echo', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='length', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='substr', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='strip', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='sanitize', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='+', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='-', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='*', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='/', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='%', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='ipv4-to-int', preference='0'<br>
Registering candidate plugin; module='basicfuncs', context='template-func', name='indent-multi-line', preference='0'<br>Registering candidate plugin; module='basicfuncs', context='template-func', name='context-length', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afuser.so', module='afuser'<br>Registering candidate plugin; module='afuser', context='destination', name='usertty', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket-notls.so', module='afsocket-notls'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='unix-stream', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-stream', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='unix-dgram', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='unix-dgram', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='tcp', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='tcp6', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='tcp6', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='udp', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='udp6', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='udp6', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='syslog', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='syslog', preference='0'<br>Registering candidate plugin; module='afsocket-notls', context='source', name='network', preference='0'<br>
Registering candidate plugin; module='afsocket-notls', context='destination', name='network', preference='0'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket.so', module='afsocket'<br>
Registering candidate plugin; module='afsocket', context='source', name='unix-stream', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='unix-stream', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='unix-dgram', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='unix-dgram', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='tcp', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='tcp', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='tcp6', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='tcp6', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='udp', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='udp', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='udp6', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='udp6', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='syslog', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='syslog', preference='100'<br>
Registering candidate plugin; module='afsocket', context='source', name='network', preference='100'<br>Registering candidate plugin; module='afsocket', context='destination', name='network', preference='100'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='affile.so', module='affile'<br>Registering candidate plugin; module='affile', context='source', name='file', preference='0'<br>
Registering candidate plugin; module='affile', context='source', name='pipe', preference='0'<br>Registering candidate plugin; module='affile', context='destination', name='file', preference='0'<br>
Registering candidate plugin; module='affile', context='destination', name='pipe', preference='0'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='csvparser.so', module='csvparser'<br>
Registering candidate plugin; module='csvparser', context='parser', name='csv-parser', preference='0'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afprog.so', module='afprog'<br>
Registering candidate plugin; module='afprog', context='source', name='program', preference='0'<br>Registering candidate plugin; module='afprog', context='destination', name='program', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='syslog-ng-crypto.so', module='syslog-ng-crypto'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='syslogformat.so', module='syslogformat'<br>
Registering candidate plugin; module='syslogformat', context='format', name='syslog', preference='0'<br>Registering candidate plugin; module='syslogformat', context='parser', name='syslog-parser', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afmongodb.so', module='afmongodb'<br>Registering candidate plugin; module='afmongodb', context='destination', name='mongodb', preference='0'<br>
Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='system-source.so', module='system-source'<br>Reading shared object for a candidate module; path='/usr/local/lib/syslog-ng', fname='afsocket-tls.so', module='afsocket-tls'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-stream', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-stream', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='unix-dgram', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='unix-dgram', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='tcp6', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='tcp6', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='udp', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='udp', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='udp6', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='udp6', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='syslog', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='syslog', preference='100'<br>
Registering candidate plugin; module='afsocket-tls', context='source', name='network', preference='100'<br>Registering candidate plugin; module='afsocket-tls', context='destination', name='network', preference='100'<br>
Compiling #unnamed sequence [log] at [/usr/local/etc/syslog-ng.conf:4]<br> Compiling httpd_error_log reference [source] at [/usr/local/etc/syslog-ng.conf:4]<br> Compiling httpd_error_log sequence [source] at [/usr/local/etc/syslog-ng.conf:1]<br>
Compiling #unnamed junction [log] at [/usr/local/etc/syslog-ng.conf:1]<br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]<br> Compiling pattern_db reference [parser] at [/usr/local/etc/syslog-ng.conf:4]<br>
Compiling pattern_db sequence [parser] at [/usr/local/etc/syslog-ng.conf:1]<br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]<br> Compiling d_amqp reference [destination] at [/usr/local/etc/syslog-ng.conf:4]<br>
Compiling d_amqp sequence [destination] at [/usr/local/etc/syslog-ng.conf:2]<br> Compiling #unnamed junction [log] at [/usr/local/etc/syslog-ng.conf:2]<br> Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:2]<br>
Log pattern database reloaded; file='/home/ale/httpd.xml', version='3', pub_date='2013-09-12'<br>[New Thread 0x7ffff7fe3700 (LWP 3098)]<br>Running application hooks; hook='1'<br>Running application hooks; hook='3'<br>
syslog-ng starting up; version='3.4.3'<br>Worker thread started; driver='d_amqp#0'<br>Connecting to AMQP succeeded; driver='d_amqp#0'<br>Incoming log entry; line='[2013-09-07 21:37:18.103339] [-:error] [pid 29919:tid 139776059467520] [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "<a href="http://www.xxx.com">www.xxx.com</a>"] [uri "/wp/wp-content/themes/musicpro/js/solo-jplayer.min.js"] [unique_id "UiucjcCoALkAAHTfttcAAACM"]<br>
[2013-09-07 21:37:18.131577] [-:error] [pid 29777:tid 139776257115904] [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "<a href="http://www.xxx.com">www.xxx.com</a>"] [uri "/wp/wp-includes/js/comment-reply.js"] [unique_id "UiucjsCoALkAAHRR1KoAAAAA"]'<br>
patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'<br>Advancing patterndb current time because of an incoming message; utc='1380220111'<br>Message parsing complete; result='1'<br>
Incoming log entry; line='[2013-09-07 21:37:18.135037] [-:error] [pid 29777:tid 139776153876224] [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "<a href="http://www.xxx.com">www.xxx.com</a>"] [uri "/wp/wp-content/themes/musicpro/js/tooltipsy.js"] [unique_id "UiucjsCoALkAAHRR1KgAAAAD"]'<br>
patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'<br>Advancing patterndb current time because of an incoming message; utc='1380220111'<br>Message parsing complete; result='1'<br>
Incoming log entry; line='[2013-09-07 21:37:18.136092] [-:error] [pid 29777:tid 139776132896512] [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "<a href="http://www.xxx.com">www.xxx.com</a>"] [uri "/wp/wp-content/themes/musicpro/js/custom.js"] [unique_id "UiucjsCoALkAAHRR1KsAAAAF"]'<br>
patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'<br>Advancing patterndb current time because of an incoming message; utc='1380220111'<br>Message parsing complete; result='1'<br>
Incoming log entry; line='[2013-09-07 21:37:18.138618] [-:error] [pid 29777:tid 139776143386368] [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "<a href="http://www.xxx.com">www.xxx.com</a>"] [uri "/wp/wp-content/themes/musicpro/js/izotope.js"] [unique_id "UiucjsCoALkAAHRR1KkAAAAE"]'<br>
<br>Program received signal SIGSEGV, Segmentation fault.<br>[Switching to Thread 0x7ffff7fe3700 (LWP 3098)]<br>0x00007ffff7b8de6e in msg_set_context () from /usr/local/lib/<a href="http://libsyslog-ng-3.4.3.so">libsyslog-ng-3.4.3.so</a><br>
Missing separate debuginfos, use: debuginfo-install glib2-2.22.5-7.el6.x86_64 glibc-2.12-1.107.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64 libnet-1.1.5-1.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 openssl-1.0.0-27.el6.x86_64 pcre-7.8-6.el6.x86_64 syslog-ng-3.4.3-1.x86_64 zlib-1.2.3-29.el6.x86_64<br>
(gdb) bt<br>#0 0x00007ffff7b8de6e in msg_set_context () from /usr/local/lib/<a href="http://libsyslog-ng-3.4.3.so">libsyslog-ng-3.4.3.so</a><br>#1 0x00007ffff3e3e995 in ?? () from /usr/local/lib/syslog-ng/libafamqp.so<br>
#2 0x00007ffff7b8e63b in ?? () from /usr/local/lib/<a href="http://libsyslog-ng-3.4.3.so">libsyslog-ng-3.4.3.so</a><br>#3 0x00007ffff70a3004 in ?? () from /lib64/libglib-2.0.so.0<br>#4 0x00007ffff67f7851 in start_thread () from /lib64/libpthread.so.0<br>
#5 0x00007ffff654590d in clone () from /lib64/libc.so.6<br>(gdb)<br><br><br></div></div>