Error compiling 1.6.4 on OpenBSD 3.5-stable
$ ./configure ... $ make ... gcc -DHAVE_CONFIG_H -I. -I/home/ssurdock/syslog-ng-1.6.4/src -I. -g -O2 -Wall -I/usr/local/include/libol -D_GNU_SOURCE -c macros.c macros.c: In function `format_tzofs': macros.c:118: error: `tm' undeclared (first use in this function) macros.c:118: error: (Each undeclared identifier is reported only once macros.c:118: error: for each function it appears in.) *** Error code 1 Stop in /home/ssurdock/syslog-ng-1.6.4/src. *** Error code 1 Stop in /home/ssurdock/syslog-ng-1.6.4/src (line 253 of Makefile). *** Error code 1 Stop in /home/ssurdock/syslog-ng-1.6.4/src (line 418 of Makefile). *** Error code 1 Stop in /home/ssurdock/syslog-ng-1.6.4 (line 168 of Makefile). $ Which seems to stem from the GLOBAL_TIMEZONE not being detected and tm not being defined in the "else" part of the #if: format_tzofs(char *dest, size_t left) { size_t length; #if HAVE_GLOBAL_TIMEZONE length = snprintf(dest, left - 1, "%c%02ld%02ld", timezone > 0 ? '-' : '+', (timezone < 0 ? -timezone : timezone) / 3600, (timezone % 3600) / 60); #else length = strftime(dest, left -1, "%z", tm); #endif return length; } And possibly the relevant config.log ... configure:1876: checking for global timezone variable configure:1895: gcc -c -g -O2 conftest.c 1>&5 configure: In function `foo': configure:1889: error: invalid lvalue in assignment configure: failed program was: #line 1881 "configure" ... Interestingly the following seems to work: #else length = strftime(dest, left -1, "%z", localtime(time(NULL))); #endif
2004-05-19, sze keltezéssel 03:54-kor Steven J. Surdock ezt írta:
$ ./configure ... $ make ... gcc -DHAVE_CONFIG_H -I. -I/home/ssurdock/syslog-ng-1.6.4/src -I. -g -O2 -Wall -I/usr/local/include/libol -D_GNU_SOURCE -c macros.c macros.c: In function `format_tzofs': macros.c:118: error: `tm' undeclared (first use in this function) macros.c:118: error: (Each undeclared identifier is reported only once macros.c:118: error: for each function it appears in.) *** Error code 1
thanks for the report, this patch should be the real solution: diff -u -r1.4.4.4 macros.c --- macros.c 6 May 2004 07:37:10 -0000 1.4.4.4 +++ macros.c 19 May 2004 14:24:37 -0000 @@ -105,7 +105,7 @@ } static size_t -format_tzofs(char *dest, size_t left) +format_tzofs(char *dest, size_t left, struct tm *tm) { size_t length; @@ -336,7 +336,7 @@ case M_ISODATE_RECVD: case M_ISODATE_STAMP: length = strftime(*dest, *left - 1, "%Y-%m-%dT%H:%M:%S", tm); - length = length + format_tzofs((*dest) + length, *left - length - 1); + length = length + format_tzofs((*dest) + length, *left - length - 1, tm); break; case M_FULLDATE: case M_FULLDATE_RECVD: @@ -351,7 +351,7 @@ case M_TZOFFSET: case M_TZOFFSET_RECVD: case M_TZOFFSET_STAMP: - length = format_tzofs(*dest, *left - 1); + length = format_tzofs(*dest, *left - 1, tm); break; case M_TZ: case M_TZ_RECVD: -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
That worked. Thanks! Now syslog-ng dies without error when started (ktrace output way below). Started with "-F" caused a core dump (see gdb output below). Started with "-d" seems to work but timestamps are off and hostnames for udp messages are lost. ...running syslogd May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023: Deny udp src o utside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19 2004 00:33:39: %PIX-4-106023: Deny udp src o utside:210.12.158.85/1243 dst inside:10.1.2.15/1434 by access-group "outsid e_access_in" ...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" root@logger01 [/root]# gdb /usr/local/sbin/syslog-ng syslog-ng.core GNU gdb 4.16.1 Copyright 1996 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc64-unknown-openbsd3.5"... Core was generated by `syslog-ng'. Program terminated with signal 11, Segmentation fault. Couldn't read input and local registers from core file Couldn't read input and local registers from core file #0 0x114d48 in werror () at macros.c:104 104 return l; (gdb) And here is an obnoxiously long ktrace output when running with no flags... 30343 syslog-ng GIO fd 3 read 3503 bytes "# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. B\ ut # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); keep_hostname (yes); chain_hostnames (yes); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; #source s_sys { unix-stream ("/dev/log"); internal(); file ("/dev/klog\ ") }; source s_sys { unix-dgram ("/dev/log"); internal(); file ("/dev/klog")\ ; }; source s_udp { udp (); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/authlog"); }; destination d_authp { file("/var/log/secure"); }; destination d_cron { file("/var/cron/log"); }; destination d_daem { file("/var/log/daemon"); }; destination d_ftp { file("/var/log/xferlog"); }; destination d_lpr { file("/var/log/lpd-errs"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/uucp"); }; destination d_mlal { usertty("*"); }; destination d_root { usertty("root"); }; destination d_trap { file("/var/log/snmptraps"); }; destination d_cisco { file("/var/log/cisco" template("$FULLDATE $HOST $FACILITY.$PRIORITY $MSG\\n"\ )); }; destination d_catchudp { file("/var/log/systems/catchudp.log"); }; destination d_catchsys { file("/var/log/catchsys.log"); }; #destination d_swatch { program("/usr/bin/swatch -c /etc/swatch/swatch\ rc -p \\"cat /dev/fd/0\\""); }; filter f_kern { facility(kern); }; filter f_mesg { level(info..emerg) and not facility(mail, auth, authpriv, ftp, lpr,local0\ , local7) and not filter(f_croner) and not facility(daemon) and level(info); }; filter f_auth { facility(auth); }; filter f_authp { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_daem { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_spol { facility(uucp) or (facility(news) and level(crit)); }; filter f_trap { facility(local0); }; filter f_cisco { facility(local7); }; filter f_swatch { level(info..emerg); }; #log { source(s_sys); filter(f_kern); destination(d_cons); }; log { source(s_sys); filter(f_kern); destination(d_mesg); }; log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emerg); destination(d_mlal); }; log { source(s_sys); filter(f_spol); destination(d_spol); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_trap); destination(d_trap); }; log { source(s_udp); filter(f_cisco); destination(d_cisco); }; log { source(s_sys); filter(f_swatch); destination(d_catchsys); }; #log { source(s_ksy); filter(f_swatch); destination(d_catchsys); }; #log { source(s_udp); filter(f_swatch); destination(d_swatch); }; #log { source(s_udp); filter(f_swatch); destination(d_catchudp); }; " 30343 syslog-ng RET read 3503/0xdaf 30343 syslog-ng CALL read(0x3,0x730000,0x4000) 30343 syslog-ng RET read 0 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL ioctl(0x3,TIOCGETA,0xfffffffffffee150) 30343 syslog-ng RET ioctl -1 errno 25 Inappropriate ioctl for device 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL close(0x3) 30343 syslog-ng RET close 0 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL pipe(0xfffffffffffeedf0) 30343 syslog-ng RET pipe 0 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL fork 30343 syslog-ng RET fork 24318/0x5efe 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL close(0x4) 30343 syslog-ng RET close 0 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL read(0x3,0xfffffffffffeedef,0x1) 30343 syslog-ng GIO fd 3 read 1 bytes "\0" 30343 syslog-ng RET read 1 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x41c000,0x2000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL munmap(0x473e8000,0x2000) 30343 syslog-ng RET munmap 0 30343 syslog-ng CALL sigprocmask(0x1,0xffffffff) 30343 syslog-ng RET sigprocmask 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x7) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL mprotect(0x46cd8000,0x8000,0x5) 30343 syslog-ng RET mprotect 0 30343 syslog-ng CALL sigprocmask(0x3,0) 30343 syslog-ng RET sigprocmask -65793/0xfffefeff 30343 syslog-ng CALL exit(0) root@logger01 [/root]# Balazs Scheidler wrote:
2004-05-19, sze keltezéssel 03:54-kor Steven J. Surdock ezt írta:
thanks for the report, this patch should be the real solution:
diff -u -r1.4.4.4 macros.c ...
OK, so let's try one problem at time;-) When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart. Any insight would be appreciated. ...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" ...running syslogd on OpenBSD 3.5-stable/sparc64 May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19 2004 00:33:39: %PIX-4-106023: Deny udp src outside:210.12.158.85/1243 dst inside:10.1.2.15/1434 by access-group "outside_access_in" # syslog-ng configuration file. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); keep_hostname (yes); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { unix-dgram ("/dev/log"); internal(); file ("/dev/klog"); }; source s_udp { udp (); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/authlog"); }; destination d_authp { file("/var/log/secure"); }; destination d_cron { file("/var/cron/log"); }; destination d_daem { file("/var/log/daemon"); }; destination d_ftp { file("/var/log/xferlog"); }; destination d_lpr { file("/var/log/lpd-errs"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/uucp"); }; destination d_mlal { usertty("*"); }; destination d_root { usertty("root"); }; destination d_trap { file("/var/log/snmptraps"); }; destination d_cisco { file("/var/log/cisco"); }; destination d_catchudp { file("/var/log/systems/catchudp.log"); }; destination d_catchsys { file("/var/log/catchsys.log"); }; filter f_kern { facility(kern); }; filter f_mesg { level(info..emerg) and not facility(mail, auth, authpriv, ftp, lpr,local0, local7)and not filter(f_croner) and not facility(daemon) and level(info); }; filter f_auth { facility(auth); }; filter f_authp { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_daem { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_spol { facility(uucp) or (facility(news) and level(crit)); }; filter f_trap { facility(local0); }; filter f_cisco { facility(local7); }; filter f_swatch { level(info..emerg); }; #log { source(s_sys); filter(f_kern); destination(d_cons); }; log { source(s_sys); filter(f_kern); destination(d_mesg); }; log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emerg); destination(d_mlal); }; log { source(s_sys); filter(f_spol); destination(d_spol); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_trap); destination(d_trap); }; log { source(s_udp); filter(f_cisco); destination(d_cisco); }; log { source(s_sys); filter(f_swatch); destination(d_catchsys); };
The time difference could be the hardware clock or local system. Is either syslog chrooted? I had this problem with apache. I needed to put something into the chrooted dir. Some libraries or the date command? I don't remember. Bobby On Thu, 20 May 2004 21:40:24 -0400 "Steven S." <ssurdock@engineered-net.com> wrote:
OK, so let's try one problem at time;-)
When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart.
Any insight would be appreciated.
...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in"
...running syslogd on OpenBSD 3.5-stable/sparc64 May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19 2004 00:33:39: %PIX-4-106023: Deny udp src outside:210.12.158.85/1243 dst inside:10.1.2.15/1434 by access-group "outside_access_in"
# syslog-ng configuration file. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com
options { sync (0); time_reopen (10); log_fifo_size (1000); keep_hostname (yes); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_sys { unix-dgram ("/dev/log"); internal(); file ("/dev/klog"); }; source s_udp { udp (); };
destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/authlog"); }; destination d_authp { file("/var/log/secure"); }; destination d_cron { file("/var/cron/log"); }; destination d_daem { file("/var/log/daemon"); }; destination d_ftp { file("/var/log/xferlog"); }; destination d_lpr { file("/var/log/lpd-errs"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/uucp"); }; destination d_mlal { usertty("*"); }; destination d_root { usertty("root"); }; destination d_trap { file("/var/log/snmptraps"); }; destination d_cisco { file("/var/log/cisco"); }; destination d_catchudp { file("/var/log/systems/catchudp.log"); }; destination d_catchsys { file("/var/log/catchsys.log"); };
filter f_kern { facility(kern); }; filter f_mesg { level(info..emerg) and not facility(mail, auth, authpriv, ftp, lpr,local0, local7)and not filter(f_croner) and not facility(daemon) and level(info); }; filter f_auth { facility(auth); }; filter f_authp { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_daem { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_spol { facility(uucp) or (facility(news) and level(crit)); }; filter f_trap { facility(local0); }; filter f_cisco { facility(local7); }; filter f_swatch { level(info..emerg); };
#log { source(s_sys); filter(f_kern); destination(d_cons); }; log { source(s_sys); filter(f_kern); destination(d_mesg); }; log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emerg); destination(d_mlal); }; log { source(s_sys); filter(f_spol); destination(d_spol); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_trap); destination(d_trap); }; log { source(s_udp); filter(f_cisco); destination(d_cisco); }; log { source(s_sys); filter(f_swatch); destination(d_catchsys); };
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Whoops! I forgot to mention that timestamps for local messages (i.e. non-udp) are correct. Only those timestamps received via the network seem wrong. -Steve S. Bobby Johnson wrote:
The time difference could be the hardware clock or local system. Is either syslog chrooted? I had this problem with apache. I needed to put something into the chrooted dir. Some libraries or the date command? I don't remember.
Bobby
On Thu, 20 May 2004 21:40:24 -0400 "Steven S." <ssurdock@engineered-net.com> wrote:
OK, so let's try one problem at time;-)
When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart.
Any insight would be appreciated.
...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in"
...running syslogd on OpenBSD 3.5-stable/sparc64 May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19 2004 00:33:39: %PIX-4-106023: Deny udp src outside:210.12.158.85/1243 dst inside:10.1.2.15/1434 by access-group "outside_access_in"
Hi! I am new to syslog-ng. I tried to configure the daemon, obviously not with great success. I will past the part form my .conf file and would like to ask, why isn't the logging working. #I have enabled this option. source src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" log_prefix(" kernel: ")); udp( port(514) ); }; #A new destination destination local0{ file("/var/log/test/syslog-net-$HOST/$DAY$MONTH$YEAR/$FACILITY" owner("root") group("adm") perm (0600) dir_perm(0700) create_dirs(yes));}; filter loc_network{ facility(local0,local1,local2,local3,local4,local5,local6,local7);}; log { source(src);filter(f_syslog);filter(loc_network);destination(local0);}; As you' ve might seen, I try to get even every syslog message in the same dir, but it just doesn't works. Could it be a problem, that I haven't created the directory 'test' ? cheers Dian ------------------------------------------------------------- Windows 95/NT - 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition.
Hi again! I read some papers about syslog-ng facilities...and what I found out is..there are no local0-local7 facilities! Why? How can I handle messaegs from such facilities? My router (an Enterasys Matrix E1) syslogs with local0 ot local7. How can I handle his messages? cheers Dian P.S. I am running syslog-ng on Debian Woody / Linux 2.4.26 ------------------------------------------------------------- Windows 95/NT - 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition.
2004-05-22, szo keltezéssel 01:25-kor Dian HiWi ezt írta:
Hi again! I read some papers about syslog-ng facilities...and what I found out is..there are no local0-local7 facilities! Why? How can I handle messaegs from such facilities? My router (an Enterasys Matrix E1) syslogs with local0 ot local7. How can I handle his messages?
of course there are local facilities. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Sorry, my mistake. I got a manual, where no local facilities were mentioned. Cheers Dian P.S. I have configured syslog-ng already. It's working fine. Thanks! ----- Original Message ----- From: "Balazs Scheidler" <bazsi@balabit.hu> To: <syslog-ng@lists.balabit.hu> Sent: Saturday, May 22, 2004 2:54 PM Subject: Re: [syslog-ng]UDP messages not logged - PART 2
2004-05-22, szo keltezéssel 01:25-kor Dian HiWi ezt írta:
Hi again! I read some papers about syslog-ng facilities...and what I found out is..there are no local0-local7 facilities! Why? How can I handle messaegs from such facilities? My router (an Enterasys Matrix E1) syslogs with local0 ot local7. How can I handle his messages?
of course there are local facilities.
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
A bit of tracing shows the results of get_source_hostname is NULL. I assume this contributes to syslog-ng putting logger01 (the logging host) back in as the name of the source host. Can anyone confirm they have UDP logging with source hosts working in 1.6.4? Thanks as I'm a bit stuck. -Steve S. Steven S. wrote:
When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart.
Any insight would be appreciated.
...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in"
...
Steven S. wrote: Something still seems not quite right in macros.c. "Syslog-ng -F" core dumps after doing: 28992 syslog-ng CALL getpid 28992 syslog-ng RET getpid 28992/0x7140 28992 syslog-ng CALL gettimeofday(0xffffffffff7fed10,0) 28992 syslog-ng RET gettimeofday 0 Over and over again. "Syslog-ng -d" works fine and "syslog-ng" just dies. Any thoughts on where I could look? Thanks. -Steve S.
root@logger01 [/root]# gdb /usr/local/sbin/syslog-ng syslog-ng.core GNU gdb 4.16.1 Copyright 1996 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc64-unknown-openbsd3.5"... Core was generated by `syslog-ng'. Program terminated with signal 11, Segmentation fault. Couldn't read input and local registers from core file Couldn't read input and local registers from core file #0 0x114d48 in werror () at macros.c:104 104 return l; (gdb)
And here is an obnoxiously long ktrace output when running with no flags...
Answering my own question... I cleaned up my syslog-ng.conf file and these issues went away. It now seems to be working with OpenBSD 3.5, (with the exception of the UDP logging hostname.) -Steve S. Steven S. wrote:
Steven S. wrote: Something still seems not quite right in macros.c.
"Syslog-ng -F" core dumps after doing:
28992 syslog-ng CALL getpid 28992 syslog-ng RET getpid 28992/0x7140 28992 syslog-ng CALL gettimeofday(0xffffffffff7fed10,0) 28992 syslog-ng RET gettimeofday 0
Over and over again. "Syslog-ng -d" works fine and "syslog-ng" just dies.
Any thoughts on where I could look? Thanks.
-Steve S.
root@logger01 [/root]# gdb /usr/local/sbin/syslog-ng syslog-ng.core GNU gdb 4.16.1 Copyright 1996 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc64-unknown-openbsd3.5"... Core was generated by `syslog-ng'. Program terminated with signal 11, Segmentation fault. Couldn't read input and local registers from core file Couldn't read input and local registers from core file #0 0x114d48 in werror () at macros.c:104 104 return l; (gdb)
And here is an obnoxiously long ktrace output when running with no flags...
participants (5)
-
Balazs Scheidler
-
Bobby Johnson
-
Dian HiWi
-
Steven J. Surdock
-
Steven S.