I just downloaded 1.9.9 and I'm getting a segfault for the following syslog-ng.conf: source s_external_syslog { udp(port(514)); }; destination d_re_mce_aggregator { program( "/bin/true" ); }; log { source(s_external_syslog); destination(d_re_mce_aggregator); }; I think that the problem is when programs exit unexpectedly and/or don't wait for input. I haven't run many more test cases to see exactly what's going on. The segfault drops two cores, 1MB and 256KB. If they would be helpful, please let me know and I can send them somewhere. -- Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686
Hi, I am using syslog-ng 1.6.5-2.2 on a Debian box in a chroot environment. I have a default configuration except for gathering log messages from a few routers, a pix, and vpn concentrator. I have the logs going into the files I want, but the logs are also going into files I don't want. I currently have all the routers logging into a routers/ directory and the pix and vpn logging into a security/ directory, but the pix and vpn are also logging into the router directory which I would like to stop. I have tried a bunch of different filters but nothing seems to work. Any help appreciated. My configuration: # router syslog source s_syslogd { udp(ip(0.0.0.0) port(514)); }; # router syslog destination d_router { file("/var/log/routers/$HOST"); }; destination d_security { file("/var/log/security/$HOST"); }; # router syslog filter f_router { not host(/<vpn ip>/) or not host(/<pix ip>/); }; filter f_security { host(<vpn ip>) or host(<pix ip>); }; # router.* #log { source(s_syslogd); filter(f_router); destination(d_router); }; log { source(s_syslogd); destination(d_router); }; # firewall, vpn concentrtor log { source(s_syslogd); filter(f_security); destination(d_security); }; thanks. -s.
On Mon, 2006-02-27 at 17:33 -0600, Paul Krizak wrote:
I just downloaded 1.9.9 and I'm getting a segfault for the following syslog-ng.conf:
source s_external_syslog { udp(port(514)); };
destination d_re_mce_aggregator { program( "/bin/true" ); };
log { source(s_external_syslog); destination(d_re_mce_aggregator); };
The patch below should fix this (available in tomorrow's snapshot as well). It actually fixes another bug that prevents syslog-ng noticing exited programs (in order to restart them), but please notice that the configuration above will generate a lot of program executions as /bin/true will immediately exit without processing messages at all. --- orig/ChangeLog +++ mod/ChangeLog @@ -2,6 +2,25 @@ # arch-tag: automatic-ChangeLog--devel@balabit.hu--other-1/syslog-ng--mainline--2.0 # +2006-02-28 18:47:01 GMT Balazs Scheidler <bazsi@balabit.hu> patch-20 + + Summary: + fixed possible abort in program destination + Revision: + syslog-ng--mainline--2.0--patch-20 + + * src/afprog.c (afprogram_dd_deinit): don't drop the reference to + self->writer, only deinit it, + (afprogram_dd_free): drop the reference to self->writer, + + * src/main.c (main_loop_run): change the loop so that it actually + processes exited children + + + modified files: + ChangeLog src/afprog.c src/main.c + + 2006-02-26 09:39:39 GMT Balazs Scheidler <bazsi@balabit.hu> patch-19 Summary: --- orig/src/afprog.c +++ mod/src/afprog.c @@ -141,10 +141,7 @@ afprogram_dd_deinit(LogPipe *s, GlobalCo self->pid = -1; } if (self->writer) - { - log_pipe_deinit(self->writer, NULL, NULL); - log_pipe_unref(self->writer); - } + log_pipe_deinit(self->writer, NULL, NULL); return TRUE; } @@ -153,7 +150,7 @@ afprogram_dd_free(LogPipe *s) { AFProgramDestDriver *self = (AFProgramDestDriver *) s; - g_assert(!self->writer); + log_pipe_unref(self->writer); g_string_free(self->cmdline, TRUE); log_drv_free_instance(&self->super); g_free(self); --- orig/src/main.c +++ mod/src/main.c @@ -172,14 +172,15 @@ main_loop_run(GlobalConfig *cfg) } if (sig_child_received) { - pid_t pid = 0; + pid_t pid; int status; - while (pid > 0) + do { pid = waitpid(-1, &status, WNOHANG); child_manager_sigchild(pid, status); } + while (pid > 0); sig_child_received = FALSE; } } -- Bazsi
Yes, I would never use an exiting program for a program destination, but the segfault was a Bad Thing that I was able to reproduce with the simple configuration I provided. I ran across it because one of my scripts that I was using in a program destination had a syntax error and so would exit immediately after being started. When that happened, syslog-ng would segfault and disappear, thus halting all logging operations on the machine. Not good. Thanks for the prompt response on getting the bug fixed! Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Microprocessor Solutions Sector Cell: (512) 791-0686 Balazs Scheidler wrote:
On Mon, 2006-02-27 at 17:33 -0600, Paul Krizak wrote:
I just downloaded 1.9.9 and I'm getting a segfault for the following syslog-ng.conf:
source s_external_syslog { udp(port(514)); };
destination d_re_mce_aggregator { program( "/bin/true" ); };
log { source(s_external_syslog); destination(d_re_mce_aggregator); };
The patch below should fix this (available in tomorrow's snapshot as well). It actually fixes another bug that prevents syslog-ng noticing exited programs (in order to restart them), but please notice that the configuration above will generate a lot of program executions as /bin/true will immediately exit without processing messages at all.
--- orig/ChangeLog +++ mod/ChangeLog @@ -2,6 +2,25 @@ # arch-tag: automatic-ChangeLog--devel@balabit.hu--other-1/syslog-ng--mainline--2.0 #
+2006-02-28 18:47:01 GMT Balazs Scheidler <bazsi@balabit.hu> patch-20 + + Summary: + fixed possible abort in program destination + Revision: + syslog-ng--mainline--2.0--patch-20 + + * src/afprog.c (afprogram_dd_deinit): don't drop the reference to + self->writer, only deinit it, + (afprogram_dd_free): drop the reference to self->writer, + + * src/main.c (main_loop_run): change the loop so that it actually + processes exited children + + + modified files: + ChangeLog src/afprog.c src/main.c + + 2006-02-26 09:39:39 GMT Balazs Scheidler <bazsi@balabit.hu> patch-19
Summary:
--- orig/src/afprog.c +++ mod/src/afprog.c @@ -141,10 +141,7 @@ afprogram_dd_deinit(LogPipe *s, GlobalCo self->pid = -1; } if (self->writer) - { - log_pipe_deinit(self->writer, NULL, NULL); - log_pipe_unref(self->writer); - } + log_pipe_deinit(self->writer, NULL, NULL); return TRUE; }
@@ -153,7 +150,7 @@ afprogram_dd_free(LogPipe *s) { AFProgramDestDriver *self = (AFProgramDestDriver *) s;
- g_assert(!self->writer); + log_pipe_unref(self->writer); g_string_free(self->cmdline, TRUE); log_drv_free_instance(&self->super); g_free(self);
--- orig/src/main.c +++ mod/src/main.c @@ -172,14 +172,15 @@ main_loop_run(GlobalConfig *cfg) } if (sig_child_received) { - pid_t pid = 0; + pid_t pid; int status;
- while (pid > 0) + do { pid = waitpid(-1, &status, WNOHANG); child_manager_sigchild(pid, status); } + while (pid > 0); sig_child_received = FALSE; } }
participants (3)
-
Balazs Scheidler
-
Paul Krizak
-
Steven Matkoski