I have found another serious bug in the 1.4.0 syslog-ng code. Actually the bug is in libol. The log is configured to read log entries from a named pipe, write them to a local file, and forward them to a remote machine which writes them to a file. The input testing program is writing log entries which are four bytes: three bytes of integers and a carraige return.
The problem is that syslog-ng is throwing away most of these entries. It reads 1024 bytes from the input pipe. 1024 bytes is 256 log entries. It then takes 100 of these entries and puts them in the log queue. These 100 are logged properly, and then another 1024 bytes are read from the pipe. The remaining 156 log entries from the original read are simply overwritten.
hmmm... maybe you could increase the log queue size via log_fifo_size() ?
Also, I found another small bug in src/sources.c. On line 128, memcpy is used to copy memory between overlapping regions. At least on Linux, memcpy should not be used to copy between overlapping regions. memmove() should be used instead.
hmm... that code is rather ugly, so I may have to rewrite it a bit. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt