https://bugzilla.balabit.com/show_bug.cgi?id=46 --- Comment #4 from Sikkerhed.org ApS <support@sikkerhed.org> 2009-05-07 23:17:56 --- (In reply to comment #3)
(In reply to comment #2)
(In reply to comment #1)
This is a positive feedback loop between the internal() source and one of the destinations (e.g. internal feeds messages to a given destination which in turn generate error messages that originate from internal()).
There's a proper solution for this in syslog-ng 3.0, in which case it'll detect this case and drop internal messages accordingly.
Since the change is rather big, it cannot really be backported to either 2.0 or 2.1, so please use 3.0 if you want this fixed, or don't feed internal() logs to anywhere but a local static file, then read that file using the file() source. This is only a workaround I know.
I set this to WONTFIX on 2.0, a fix is available in later versions.
Ok. We've rolled out syslog-ng on all our servers now anyway, so it shouldn't be a problem from here on.
if there's a feedback loop, and you don't apply the workaround I recommended you might have the same problem if the central server goes down.
Well, your solution was to save to a local static file. That is what I am already doing, if I understand you correctly. The static file is /var/log/syslog/current. I guess that by "static" you mean a file that doesn't have any macro expansions in the name? Now that all the machines have the dir /var/log/syslog in place, I don't see how this feedback loop could be triggered again?
It was, however, a little unnerving when it first happened, before I figured out why :-)
Are there other major reasons to use version 3.x over 2.x?
Sure there are various, especially if you also want to take care about the contents of your messages, rather than just store them.
http://bazsi.blogs.balabit.com/2009/03/as-promised-on-mailing-list-here-come...
I'll read that, thanks.
By the way, there's a problem with your mail server configuration. When replying to a bug report, it says:
<bugzilla@bugzilla.balabit.com>: host bugzilla.balabit.com[195.70.41.85] said: 554 5.1.1 <bugzilla@bugzilla.balabit.com>: Recipient address rejected: undeliverable address: mail for bugzilla.balabit.com loops back to myself (in reply to RCPT TO command)
bugzilla@bugzilla.balabit.com is not for replying messages, you should rather post your questions back to the ticket that you opened.
Wouldn't it make more sense to call it do-not-reply@balabit.com.invalid then? Suppling a valid-looking email address that can't be used is not so user-friendly :) -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.