Andreas, we found an error in our pattern file, check to see if this fixes it (I don't have a u16 box to test on at the moment): s/logzilla.program/PROGRAM/ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of "Mitzki, András" <andras.mitzki@balabit.com> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Date: Tuesday, January 3, 2017 at 8:04 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: "Czanik, Péter" <peter.czanik@balabit.com> Subject: Re: [syslog-ng] v3.9: Core dump on python module With your configuration syslog-ng crashes for me also. We will check where is the main problem. Thanks, On Tue, Jan 3, 2017 at 1:56 PM, Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> wrote: I'll send it to you directly. I need some time to get it from one of the devs From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of "Mitzki, András" <andras.mitzki@balabit.com<mailto:andras.mitzki@balabit.com>> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Date: Tuesday, January 3, 2017 at 7:55 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Cc: "Czanik, Péter" <peter.czanik@balabit.com<mailto:peter.czanik@balabit.com>> Subject: Re: [syslog-ng] v3.9: Core dump on python module If possible could you send it also? Thanks. On Tue, Jan 3, 2017 at 1:51 PM, Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> wrote: Here you go (I modified the python portion so you don't have to use our libs). Do you need the patterndb file? python { def is_well_known_port(p): return p in (22, 53, 80, 443) def parse_port(msg, port): try: if is_well_known_port(int(port)): return port else: return 'unknown' except ValueError: return 'unknown' }; parser patterndb_logzilla_sample { db-parser(file('/etc/syslog-ng/patterndb.d/logzilla-sample.xml')); }; log { source(s_logzilla); # disable s_src if you don't want local server events source(s_src); rewrite(rw_program); rewrite(rw_basename); parser(patterndb_logzilla_sample); rewrite { set("$(python parse_port ${logzilla.ut.src_port})" value("logzilla.ut.src_port") condition("${logzilla.ut.src_port}" ne "") ); }; rewrite { set("$(python parse_port ${logzilla.ut.dst_port})" value("logzilla.ut.dst_port") condition("${logzilla.ut.dst_port}" ne "") ); }; destination(d_logzilla); # Enable below for debug/testing of incoming events # destination(df_debug); flags(flow-control); }; From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of "Mitzki, András" <andras.mitzki@balabit.com<mailto:andras.mitzki@balabit.com>> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Date: Tuesday, January 3, 2017 at 7:43 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Cc: "Czanik, Péter" <peter.czanik@balabit.com<mailto:peter.czanik@balabit.com>> Subject: Re: [syslog-ng] v3.9: Core dump on python module Hi Clayton, I have tried to reproduce the issue, but for me syslog-ng can load the python module. I have tried with the actual Ubuntu 16.04 host machine and also with ubuntu:16.04 docker image. syslog-ng version was 3.9.1 from Laci's repository. Could you send a minimalized syslog-ng configuration (which is still failing)? Thanks Micek On Mon, Jan 2, 2017 at 4:01 PM, Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> wrote: My last email bounced, making sure you got this: I tested with both. Neither work on U16. The server was originally on 3.9 when it happened, so I tried downgrading to 3.8. Still didn't work. From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of "Czanik, Péter" <peter.czanik@balabit.com<mailto:peter.czanik@balabit.com>> Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Date: Monday, January 2, 2017 at 6:48 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: Re: [syslog-ng] v3.9: Core dump on python module Hi, Is it 3.8 or 3.9? Your title says 3.9 but your gdb trace shows 3.8. As 3.9 has tons of bugfixes over 3.8, I'd recommend trying 3.9. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com<mailto:peter.czanik@balabit.com>> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Sun, Jan 1, 2017 at 11:34 PM, Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> wrote: Confirmed: I installed Ubuntu 14 on that server and it works as expected, so it's got something to do with U16. From: Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> Date: Sunday, January 1, 2017 at 4:04 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: Re: v3.9: Core dump on python module No idea if this helps - I'm not a programmer ;) - but here's a gdb output. Happy to provide the core file also if you want (it's only 5MB) Reading symbols from /usr/sbin/syslog-ng...(no debugging symbols found)...done. [New LWP 13186] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `syslog-ng -Fdve'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fd99f82a54b in PyModule_GetDict () from /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 (gdb) bt full #0 0x00007fd99f82a54b in PyModule_GetDict () from /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 No symbol table info available. #1 0x00007fd99fc223b8 in _py_get_main_module () from /usr/lib/syslog-ng/3.8/libmod-python.so No symbol table info available. #2 0x00007fd99fc22473 in _py_evaluate_global_code () from /usr/lib/syslog-ng/3.8/libmod-python.so No symbol table info available. #3 0x00007fd99fc22551 in python_evaluate_global_code () from /usr/lib/syslog-ng/3.8/libmod-python.so No symbol table info available. #4 0x00007fd99fc2342f in python_parse () from /usr/lib/syslog-ng/3.8/libmod-python.so No symbol table info available. #5 0x00007fd9a44b068f in plugin_parse_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0 No symbol table info available. #6 0x00007fd9a44bd869 in main_parse () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0 No symbol table info available. #7 0x00007fd9a4497690 in cfg_run_parser () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0 No symbol table info available. #8 0x00007fd9a4497887 in cfg_read_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0 No symbol table info available. #9 0x00007fd9a44acae7 in main_loop_read_and_init_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0 No symbol table info available. #10 0x00000000004016f5 in main () No symbol table info available. From: Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> Date: Sunday, January 1, 2017 at 3:18 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: Re: v3.9: Core dump on python module Looks like this is happening with 3.8.1-3 as well :( Only difference I can see if Ubuntu 14 vs 16? Any ideas of what I can try? From: Clayton Dukes <cdukes@logzilla.net<mailto:cdukes@logzilla.net>> Date: Sunday, January 1, 2017 at 2:56 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: v3.9: Core dump on python module Hey guys, just want you to know Ubuntu16 is dumping core on loading the python module. Ubuntu14 does not do this. [2017-01-01T19:54:52.576749] Module loaded and initialized successfully; module='mod-python' Segmentation fault (core dumped) -Clayton Dukes ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq