On Sun, 2008-03-16 at 16:38 +0100, Jean-Baptiste Quenot wrote:
Hi there,
Thanks for the great syslog-ng program, it rocks.
I have a step-by-step recipe below that yields unpredictable results in the syslog output, and this worries me a bit as in my company we have similar messages sent to syslog by PHP's print_r() function. The example is simplified to a message that consists of 40 occurences of an incrementing number, with a newline separating each number. Let's call it syslog_overflow.txt:
This seems to be a genuine bug in syslog-ng. It is related to the fact that syslog-ng tries to fetch multiple messages at a single poll iteration, and that reading EOF from a stream results in the remainder message to be flushed unconditonally. This is what happens: * the complete 0-39 sequence of numbers is sent to syslog-ng in a single "packet", which is read by syslog-ng as one packet * syslog-ng then reads an EOF while there are still some messages in the incoming queue But on the reception of an EOF, syslog-ng takes the remainder of the buffer as a single message. This assumption is wrong. The problem is in log_reader_fetch_log() message and the way EOF is handled. For some reason I can't reproduce the same problem with 2.1 and I still can't see why. I'll give it a spin to fix this. -- Bazsi