Hi Ole! You are totally right, this is a bug in afstomp module. There is a missing g_sockaddr_set_port() call in stomp.c. I can create a patch for you at the weekend, or you can patch it manually by inserting the line: g_sockaddr_set_port(conn->remote_sa, (uint16) port); into modules/afstomp/stomp.c in line 118. Thanks for the detailed bug report! HtH, Viktor On Thu, Jan 29, 2015 at 6:39 PM, Ole Jørgensen <oleide@gmail.com> wrote:
Hi,
I'm testing the stomp destination using syslog-ng ose 3.6.2, and as the process starts it logs: # /opt/syslog-ng-3.6.2/sbin/syslog-ng -f /opt/syslog-ng-3.6.2/etc/syslog-ng.conf -F -d -v -t 2>&1 | grep -i stomp [2015-01-29T18:29:45.323518] Reading shared object for a candidate module; path='/opt/syslog-ng-3.6.2/lib/syslog-ng', fname='afstomp.so', module='afstomp' [2015-01-29T18:29:45.323629] Registering candidate plugin; module='afstomp', context='destination', name='stomp', preference='0' [2015-01-29T18:29:45.343833] Module loaded and initialized successfully; module='afstomp' [2015-01-29T18:29:45.344725] Compiling d_stomp reference [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:70:2] [2015-01-29T18:29:45.344728] Compiling d_stomp sequence [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:32:1] [2015-01-29T18:29:45.345092] Initializing STOMP destination; host='localhost', port='61613', destination='/topic/syslog' [2015-01-29T18:29:45.345368] Worker thread started; driver='d_stomp#0' [2015-01-29T18:29:45.346854] Stomp connection failed; host='localhost'
Relevant parts of my configuration: destination d_stomp { stomp( host("localhost") port(61613) body("testing") ack(yes) retries(9) value-pairs(scope(everything)) ); };
The strange thing is that when I'm starting syslog-ng I am running tcpdump -i lo -s0 -nn -v port 61613, and cannot see any packets. I would expect at least a syn connection since it claims to fail. SELinux does not log any denies during the startup, so I suspect the problem to be elsewhere.
If i do a tcpdump -i lo -s0 -nn -v -X and start syslog-ng this is captured: 18:33:26.833330 IP (tos 0x0, ttl 64, id 5652, offset 0, flags [DF], proto TCP (6), length 60) 127.0.0.1.35340 > 127.0.0.1.0: Flags [S], cksum 0xd601 (correct), seq 801587243, win 65495, options [mss 65495,sackOK,TS val 700601919 ecr 0,nop,wscale 7], length 0 0x0000: 4500 003c 1614 4000 4006 26a6 7f00 0001 E..<..@.@.&..... 0x0010: 7f00 0001 8a0c 0000 2fc7 402b 0000 0000 ......../.@+.... 0x0020: a002 ffd7 d601 0000 0204 ffd7 0402 080a ................ 0x0030: 29c2 563f 0000 0000 0103 0307 ).V?........ 18:33:26.833412 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 127.0.0.1.0 > 127.0.0.1.35340: Flags [R.], cksum 0xb7ce (correct), seq 0, ack 801587244, win 0, length 0 0x0000: 4500 0028 0000 4000 4006 3cce 7f00 0001 E..(..@.@.<..... 0x0010: 7f00 0001 0000 8a0c 0000 0000 2fc7 402c ............/.@, 0x0020: 5014 0000 b7ce 0000 P.......
So we get a syn to port 0 and answer with reset. Could there be a port parsing error for stomp in syslog-ng OSE 3.6.2? Any suggestions?
Also: syslog-ng spawns another thread to do the stomp connection, any suggestions on how I can strace this thread during startup to see what is actually going on? Would love to know if in fact this connection is made to port 0.
Thanks, Ole
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq