syslog-ng 3.0.1 dies on reload with program() destination
Sorry for possible double post, I sent the first from wrong email. Hi, Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains log { destination { program() } } directive set. 100% repeatable. Here are the relevant config lines: destination d_sshguard { program("/usr/sbin/sshguard -a 6"); }; # A desperate experiment #destination d_sshguard { program("read"); }; log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
From what I managed to find with strace/ltrace, syslog-ng kills the program, does not clear some data structures and then falls face down with sigsegv/term/ill trying to restart/reattach(?) to the program.
The exact same configuration works perfectly with version 2.0.10. -- Jan Rekorajski | ALL SUSPECTS ARE GUILTY. PERIOD! baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY? BOFH, MANIAC | -- TROOPS by Kevin Rubio
On Mon, 2009-03-30 at 22:54 +0200, Jan Rekorajski wrote:
Sorry for possible double post, I sent the first from wrong email.
Hi, Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains log { destination { program() } } directive set. 100% repeatable.
Here are the relevant config lines:
destination d_sshguard { program("/usr/sbin/sshguard -a 6"); }; # A desperate experiment #destination d_sshguard { program("read"); };
log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
From what I managed to find with strace/ltrace, syslog-ng kills the program, does not clear some data structures and then falls face down with sigsegv/term/ill trying to restart/reattach(?) to the program.
The exact same configuration works perfectly with version 2.0.10.
Hm... I've just tried to reproduce this problem with current 3.0 HEAD and also 3.0.1, but without success. Can you show me a backtrace of the failing program? You can do it using: gdb syslog-ng core (gdb) bt -- Bazsi
On Tue, 14 Apr 2009, Balazs Scheidler wrote:
On Mon, 2009-03-30 at 22:54 +0200, Jan Rekorajski wrote:
Sorry for possible double post, I sent the first from wrong email.
Hi, Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains log { destination { program() } } directive set. 100% repeatable.
Here are the relevant config lines:
destination d_sshguard { program("/usr/sbin/sshguard -a 6"); }; # A desperate experiment #destination d_sshguard { program("read"); };
log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
From what I managed to find with strace/ltrace, syslog-ng kills the program, does not clear some data structures and then falls face down with sigsegv/term/ill trying to restart/reattach(?) to the program.
The exact same configuration works perfectly with version 2.0.10.
Hm... I've just tried to reproduce this problem with current 3.0 HEAD and also 3.0.1, but without success.
Can you show me a backtrace of the failing program? You can do it using:
gdb syslog-ng core (gdb) bt
I can't get it to dump core unfortunately, all I get is: # syslog-ng -f /etc/syslog-ng/syslog-ng.conf Apr 15 11:25:25 sith syslog-ng[26571]: syslog-ng starting up; version='3.0.1' Apr 15 11:25:25 sith sshguard[26576]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. # kill -HUP 26571 Apr 15 11:25:33 sith sshguard[26576]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith sshguard[26576]: Run command "/usr/sbin/iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1. Apr 15 11:25:33 sith syslog-ng[26571]: WARNING: Your configuration uses a newly introduced reserved word as identifier, please use a different name; keyword='syslog', filename='/etc/syslog-ng/syslog-ng.conf', line='77' Apr 15 11:25:33 sith syslog-ng[26571]: Configuration reload request received, reloading configuration; Apr 15 11:25:33 sith sshguard[26585]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. Apr 15 11:25:33 sith syslog-ng[26571]: Termination requested via signal, terminating; Apr 15 11:25:33 sith sshguard[26585]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith syslog-ng[26571]: syslog-ng shutting down; version='3.0.1' Jan -- Jan Rekorajski | ALL SUSPECTS ARE GUILTY. PERIOD! baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY? BOFH, MANIAC | -- TROOPS by Kevin Rubio
On Wed, 2009-04-15 at 11:46 +0200, Jan Rekorajski wrote:
On Tue, 14 Apr 2009, Balazs Scheidler wrote:
On Mon, 2009-03-30 at 22:54 +0200, Jan Rekorajski wrote:
Sorry for possible double post, I sent the first from wrong email.
Hi, Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains log { destination { program() } } directive set. 100% repeatable.
Here are the relevant config lines:
destination d_sshguard { program("/usr/sbin/sshguard -a 6"); }; # A desperate experiment #destination d_sshguard { program("read"); };
log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
From what I managed to find with strace/ltrace, syslog-ng kills the program, does not clear some data structures and then falls face down with sigsegv/term/ill trying to restart/reattach(?) to the program.
The exact same configuration works perfectly with version 2.0.10.
Hm... I've just tried to reproduce this problem with current 3.0 HEAD and also 3.0.1, but without success.
Can you show me a backtrace of the failing program? You can do it using:
gdb syslog-ng core (gdb) bt
I can't get it to dump core unfortunately, all I get is:
# syslog-ng -f /etc/syslog-ng/syslog-ng.conf
Apr 15 11:25:25 sith syslog-ng[26571]: syslog-ng starting up; version='3.0.1' Apr 15 11:25:25 sith sshguard[26576]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan.
# kill -HUP 26571
Apr 15 11:25:33 sith sshguard[26576]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith sshguard[26576]: Run command "/usr/sbin/iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1. Apr 15 11:25:33 sith syslog-ng[26571]: WARNING: Your configuration uses a newly introduced reserved word as identifier, please use a different name; keyword='syslog', filename='/etc/syslog-ng/syslog-ng.conf', line='77' Apr 15 11:25:33 sith syslog-ng[26571]: Configuration reload request received, reloading configuration; Apr 15 11:25:33 sith sshguard[26585]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. Apr 15 11:25:33 sith syslog-ng[26571]: Termination requested via signal, terminating; Apr 15 11:25:33 sith sshguard[26585]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith syslog-ng[26571]: syslog-ng shutting down; version='3.0.1'
Hm.. syslog-ng seems to exit normally here, not because it crashed but because it received either SIGINT or SIGTERM. The question what process sends it a SIGINT or SIGTERM signal? You could confirm this by running syslog-ng under strace and check whether it gets a SIGTERM somewhere. Since signals might be delivered to process groups, it might be possible that sshguard kill its whole process group and that signal is also delivered to syslog-ng. But this is only a hypothesis. -- Bazsi
Jan Rekorajski írta:
On Tue, 14 Apr 2009, Balazs Scheidler wrote:
On Mon, 2009-03-30 at 22:54 +0200, Jan Rekorajski wrote:
Sorry for possible double post, I sent the first from wrong email.
Hi, Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains log { destination { program() } } directive set. 100% repeatable.
Here are the relevant config lines:
destination d_sshguard { program("/usr/sbin/sshguard -a 6"); }; # A desperate experiment #destination d_sshguard { program("read"); };
log { source(s_sys); filter(f_authpriv); destination(d_sshguard); };
From what I managed to find with strace/ltrace, syslog-ng kills the program, does not clear some data structures and then falls face down with sigsegv/term/ill trying to restart/reattach(?) to the program.
The exact same configuration works perfectly with version 2.0.10.
Hm... I've just tried to reproduce this problem with current 3.0 HEAD and also 3.0.1, but without success.
Can you show me a backtrace of the failing program? You can do it using:
gdb syslog-ng core (gdb) bt
I can't get it to dump core unfortunately, all I get is:
# syslog-ng -f /etc/syslog-ng/syslog-ng.conf
Apr 15 11:25:25 sith syslog-ng[26571]: syslog-ng starting up; version='3.0.1' Apr 15 11:25:25 sith sshguard[26576]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan.
# kill -HUP 26571
Apr 15 11:25:33 sith sshguard[26576]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith sshguard[26576]: Run command "/usr/sbin/iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1. Apr 15 11:25:33 sith syslog-ng[26571]: WARNING: Your configuration uses a newly introduced reserved word as identifier, please use a different name; keyword='syslog', filename='/etc/syslog-ng/syslog-ng.conf', line='77' Apr 15 11:25:33 sith syslog-ng[26571]: Configuration reload request received, reloading configuration; Apr 15 11:25:33 sith sshguard[26585]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. Apr 15 11:25:33 sith syslog-ng[26571]: Termination requested via signal, terminating; Apr 15 11:25:33 sith sshguard[26585]: Got exit signal, flushing blocked addresses and exiting... Apr 15 11:25:33 sith syslog-ng[26571]: syslog-ng shutting down; version='3.0.1'
Jan
Hi, I also have tried to reproduce this issue but without success: Apr 23 19:52:42 pzolee-laptop syslog-ng[7281]: syslog-ng starting up; version='3.0.1' Apr 23 19:52:42 pzolee-laptop sshguard[7283]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. Apr 23 19:52:58 pzolee-laptop pzolee: test message #kill -HUP 7281 Apr 23 19:53:12 pzolee-laptop sshguard[7283]: Got exit signal, flushing blocked addresses and exiting... Apr 23 19:53:12 pzolee-laptop syslog-ng[7281]: Configuration reload request received, reloading configuration; Apr 23 19:53:12 pzolee-laptop sshguard[7304]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan. Apr 23 19:53:12 pzolee-laptop sshguard[7283]: Run command "/sbin/iptables -F sshguard ; /sbin/ip6tables -F sshguard": exited 1. Apr 23 19:53:16 pzolee-laptop pzolee: test message2 I tested it with sshguard-1.4rc3. Could you tell me the version of your sshguard? It will be very useful to run syslog-ng with strace: strace -s 256 /opt/syslog-ng/sbin/syslog-ng -F Regards, Zoltan
On Thu, 23 Apr 2009, Pallagi Zoltan wrote:
Hi,
I also have tried to reproduce this issue but without success: [cut successful run]
I tested it with sshguard-1.4rc3. Could you tell me the version of your sshguard?
I run 1.4rc2, just tried 1.4rc3, still fails :(
It will be very useful to run syslog-ng with strace: strace -s 256 /opt/syslog-ng/sbin/syslog-ng -F
I attached gziped strace output and my config. Thanks, Jan -- Jan Rekorajski | ALL SUSPECTS ARE GUILTY. PERIOD! baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY? BOFH, MANIAC | -- TROOPS by Kevin Rubio
participants (5)
-
Balazs Scheidler
-
Jan Rekorajski
-
okapareeya@hotmail.com
-
Pallagi Zoltan
-
Pallagi Zoltán