Hi all, I've come across a problem when using the rewrite set function with a template function. I've created a custom template function 'audit-TPTI-to-Email' and use it in a rewrite: rewrite r_audit_EMail { set("$(audit-TPTI-to-EMail ${MSG})", value("MSG")); }; Then call it: filter f_audit_pgm{program("AUDIT-*" type("glob"));}; log { source(s_local); filter(f_audit_pgm); log { destination(d_logID_02); }; log { rewrite(r_audit_EMail); rewrite(r_quote_newlines); destination(d_logID_13); }; flags(final); }; Everything work fine. Then if I add another call to rewrite (i.e. add a second email destination): filter f_audit_pgm{program("AUDIT-*" type("glob"));}; log { source(s_local); filter(f_audit_pgm); log { destination(d_logID_02); }; log { rewrite(r_audit_EMail); rewrite(r_quote_newlines); destination(d_logID_13); }; log { rewrite(r_audit_EMail); rewrite(r_quote_newlines); destination(d_logID_14); }; flags(final); }; Syslog-ng crashes with a segfault. I've narrowed in down to any template function (just to make sure *I* wasn't screwing something up in my custom function): rewrite r_echo { set("$(echo $PROGRAM)" value("PROGRAM")); }; destination d_test1{ file("/var/log/test1.log"); }; destination d_test2{ file("/var/log/test2.log"); }; log { source(s_local); log { rewrite(r_echo); destination(d_test1); }; log { rewrite(r_echo); destination(d_test2); }; }; The backtrace: Backtrace: /usr/local/lib/libsyslog-ng-3.3.3.so(plugin_find+0x39)[0x7f3eb76ff019] /usr/local/lib/libsyslog-ng-3.3.3.so(log_template_compile+0x84f)[0x7f3eb7703baf] /usr/local/lib/libsyslog-ng-3.3.3.so(log_rewrite_set_new+0x99)[0x7f3eb76f3349] /usr/local/lib/libsyslog-ng-3.3.3.so[0x7f3eb76f3371] /usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line+0x35d)[0x7f3eb76dfecd] /usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line+0xd2)[0x7f3eb76dfc42] /usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init+0x56)[0x7f3eb76e0226] /usr/local/lib/libsyslog-ng-3.3.3.so(cfg_init+0xb0)[0x7f3eb76e1530] /usr/local/lib/libsyslog-ng-3.3.3.so(main_loop_init+0x11b)[0x7f3eb76f9abb] /usr/local/sbin/syslog-ng(main+0x11f)[0x40168f] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f3eb6240126] /usr/local/sbin/syslog-ng[0x401379] I threw in some debug statements: LogRewrite * log_rewrite_set_new(const gchar *new_value) { fprintf(stderr, "%s('%s'):\n", __FUNCTION__, new_value); Plugin * plugin_find(GlobalConfig *cfg, gint plugin_type, const gchar *plugin_name) { fprintf(stderr, "%s(%p, %d, '%s'): '\n", __FUNCTION__, cfg, plugin_type, plugin_name); Which showed that the 'cfg' pointer is null when rewrite is called the second time: log_rewrite_set_new('$(echo $PROGRAM)'): plugin_find(0x60e210, 13, 'echo'): ' plugin_find: plugin->name = 'sys-to-EMail' plugin_find: plugin->name = 'audit-TPTI-to-EMail' plugin_find: plugin->name = 'quar-TPTI-to-EMail' plugin_find: plugin->name = 'quar-TPTI-to-CEF' plugin_find: plugin->name = 'tab-to-bar' plugin_find: plugin->name = 'tab-to-semicolon' plugin_find: plugin->name = 'tab-to-comma' plugin_find: plugin->name = 'to-upper-case' plugin_find: plugin->name = 'to-lower-case' plugin_find: plugin->name = 'ipv4-to-int' plugin_find: plugin->name = 'log-session-seqnum' plugin_find: plugin->name = 'indent-multi-line' plugin_find: plugin->name = 'if' plugin_find: plugin->name = 'grep' plugin_find: plugin->name = 'echo' plugin_find(0x60e210, 2, 'file'): ' [...] log_rewrite_set_new('$(echo $PROGRAM)'): plugin_find((nil), 13, 'echo'): ' *** Segmentation fault Sooo, my questions are: Is this expected behavior? Has this been patched already? Is there another way I can call a custom function to reformat the message field on a destination-by-destination basis? Thanks, Chris ---------------------------------------- Christopher Johnson chris.johnson3@hp.com<mailto:chris.johnson3@hp.com> HP Software - Security Product Group (916) 785-2817 ----------------------------------------