Hi all,
I've come across a problem when using the
rewrite set function with a template function.
I've created a custom template function
'audit-TPTI-to-Email' and use it in a
rewrite:
rewrite r_audit_EMail {
set("$(audit-TPTI-to-EMail ${MSG})", value("MSG"));
};
Then call it:
filter f_audit_pgm{program("AUDIT-*" type("glob"));};
log {
source(s_local);
filter(f_audit_pgm);
log {
destination(d_logID_02);
};
log {
rewrite(r_audit_EMail);
rewrite(r_quote_newlines);
destination(d_logID_13);
};
flags(final);
};
Everything work fine.
Then if I add another call to
rewrite (i.e. add a second email destination):
filter f_audit_pgm{program("AUDIT-*" type("glob"));};
log {
source(s_local);
filter(f_audit_pgm);
log {
destination(d_logID_02);
};
log {
rewrite(r_audit_EMail);
rewrite(r_quote_newlines);
destination(d_logID_13);
};
log {
rewrite(r_audit_EMail);
rewrite(r_quote_newlines);
destination(d_logID_14);
};
flags(final);
};
Syslog-ng crashes with a segfault.
I've narrowed in down to any template function (just to make sure *I* wasn't screwing something up in my custom function):
rewrite r_echo { set("$(echo $PROGRAM)" value("PROGRAM")); };
destination d_test1{ file("/var/log/test1.log"); };
destination d_test2{ file("/var/log/test2.log"); };
log {
source(s_local);
log {
rewrite(r_echo);
destination(d_test1);
};
log {
rewrite(r_echo);
destination(d_test2);
};
};
The backtrace:
Backtrace:
/usr/local/lib/libsyslog-ng-3.3.3.so(plugin_find+0x39)[0x7f3eb76ff019]
/usr/local/lib/libsyslog-ng-3.3.3.so(log_template_compile+0x84f)[0x7f3eb7703baf]
/usr/local/lib/libsyslog-ng-3.3.3.so(log_rewrite_set_new+0x99)[0x7f3eb76f3349]
/usr/local/lib/libsyslog-ng-3.3.3.so[0x7f3eb76f3371]
/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line+0x35d)[0x7f3eb76dfecd]
/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init_pipe_line+0xd2)[0x7f3eb76dfc42]
/usr/local/lib/libsyslog-ng-3.3.3.so(log_center_init+0x56)[0x7f3eb76e0226]
/usr/local/lib/libsyslog-ng-3.3.3.so(cfg_init+0xb0)[0x7f3eb76e1530]
/usr/local/lib/libsyslog-ng-3.3.3.so(main_loop_init+0x11b)[0x7f3eb76f9abb]
/usr/local/sbin/syslog-ng(main+0x11f)[0x40168f]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f3eb6240126]
/usr/local/sbin/syslog-ng[0x401379]
I threw in some debug statements:
LogRewrite *
log_rewrite_set_new(const gchar *new_value)
{
fprintf(stderr, "%s('%s'):\n", __FUNCTION__, new_value);
Plugin *
plugin_find(GlobalConfig *cfg, gint plugin_type, const gchar *plugin_name)
{
fprintf(stderr, "%s(%p, %d, '%s'): '\n", __FUNCTION__, cfg, plugin_type, plugin_name);
Which showed that the 'cfg' pointer is null when
rewrite is called the second time:
log_rewrite_set_new('$(echo $PROGRAM)'):
plugin_find(0x60e210, 13, 'echo'): '
plugin_find: plugin->name = 'sys-to-EMail'
plugin_find: plugin->name = 'audit-TPTI-to-EMail'
plugin_find: plugin->name = 'quar-TPTI-to-EMail'
plugin_find: plugin->name = 'quar-TPTI-to-CEF'
plugin_find: plugin->name = 'tab-to-bar'
plugin_find: plugin->name = 'tab-to-semicolon'
plugin_find: plugin->name = 'tab-to-comma'
plugin_find: plugin->name = 'to-upper-case'
plugin_find: plugin->name = 'to-lower-case'
plugin_find: plugin->name = 'ipv4-to-int'
plugin_find: plugin->name = 'log-session-seqnum'
plugin_find: plugin->name = 'indent-multi-line'
plugin_find: plugin->name = 'if'
plugin_find: plugin->name = 'grep'
plugin_find: plugin->name = 'echo'
plugin_find(0x60e210, 2, 'file'): '
[...]
log_rewrite_set_new('$(echo $PROGRAM)'):
plugin_find((nil), 13, 'echo'): '
*** Segmentation fault
Sooo, my questions are:
Is this expected behavior?
Has this been patched already?
Is there another way I can call a custom function to reformat the message field on a destination-by-destination basis?
Thanks,
Chris
----------------------------------------
Christopher Johnson
HP Software - Security Product Group
(916) 785-2817
----------------------------------------