[Bug 124] New: [regression] broken $FULLHOST after upgrade to 3.2.4
https://bugzilla.balabit.com/show_bug.cgi?id=124 Summary: [regression] broken $FULLHOST after upgrade to 3.2.4 Product: syslog-ng Version: 3.2.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: enrico.scholz@informatik.tu-chemnitz.de Type of the Report: --- Estimated Hours: 0.0 syslog-ng 3.2.4 sets the chained hostname from local sources always to 'hostname/hostname'. Previous version (2.x and 3.1.4) used 'localhost@hostname' for this resp. '<sourcename>@hostname'. This breaks existing setups because * destination filenames which contain $FULLHOST can not be used anymore because the '/' prevents their creation; e.g. my remote logserver has | destination d_iptables { file("/var/log/remote/IPTABLES/log.$FULLHOST" sync(10)); }; which created e.g. 'log.localhost@walther'. Now, it fails with | Error opening file for writing; filename='/var/log/remote/IPTABLES/log.walther/walther', error='No such file or directory (2)' * originating sources can not be identified anymore; e.g. I use syslog-ng to log events within chroot environments. E.g. I have | source kerberos { unix-dgram ("/vservers/kerberos/dev/log" keep-alive(no)); }; | source ldap { unix-dgram ("/vservers/ldap/dev/log" keep-alive(no)); }; Previously, messages could be identified because they were reported to come from 'kerberos@<host>' or 'ldap@<host>'. Now, the source is reported as '<host>/<host>' for both environments. 'strace' shows that the syslog client creates '<host>/<host>' strings. The syslog-ng client is configured as ----- @version:3.2 ################################################################### #### #### DO NOT EDIT THIS FILE! #### This file is managed by cfengine; any manual changes will be overridden #### ################################################################### options { flush_lines (0); time_reopen (10); log_fifo_size (16384); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); chain_hostnames (yes); }; source localhost { unix-stream ("/dev/log"); file("/proc/kmsg" program_override("kernel")); internal(); }; destination stunnel { tcp("127.0.0.1" port(520)); tcp("127.0.0.1" port(521)); }; ## Common block for kernel-logging filter f_kern { facility(kern); }; filter f_min_emerg { level(emerg); }; filter f_min_alert { level(alert..emerg); }; filter f_min_crit { level(crit..emerg); }; filter f_min_err { level(err..emerg); }; filter f_min_warn { level(warn..emerg); }; filter f_kern_err { filter(f_kern) and filter(f_min_warn); }; filter f_kern_crit { filter(f_kern) and filter(f_min_crit); }; destination d_kern { file("/var/log/kernel" fsync(yes) perm(0644)); }; destination d_cons { file("/dev/console"); }; log { filter(f_kern_err); source(localhost); destination(d_kern); }; log { filter(f_kern_crit); source(localhost); destination(d_cons); }; ## End kernel-logging block} log { destination(stunnel); flags(catch-all); }; ----- I am using the syslog-ng package from Fedora EPEL6 (http://koji.fedoraproject.org/koji/buildinfo?buildID=245187) -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=124 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2011-06-24 14:11:09 --- Thanks for the report. I'm working on my backlog on the syslog-ng mailing list, answering and testing stuff that people posted. This is also on this list, I just wanted to say thanks and a note that it's not forgotten. Hopefully I can diagnose your findings today. If not, then in the coming days. (and of course help from the other syslog-ng mailing list members is more than welcome). -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=124 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |FIXED Status|NEW |RESOLVED --- Comment #2 from Balazs Scheidler <bazsi@balabit.hu> 2011-06-27 09:50:51 --- (In reply to comment #0)
syslog-ng 3.2.4 sets the chained hostname from local sources always to 'hostname/hostname'. Previous version (2.x and 3.1.4) used 'localhost@hostname' for this resp. '<sourcename>@hostname'.
Indeed, this was broken. syslog-ng didn't properly mark locally received messages as such, so the host name mangling rules applied were the ones that gets applied to network received messages. Thanks for the report, this patch fixes it for me (against 3.2): commit 2db971fc37471e39f6a8b34595ca23833166831e Author: Balazs Scheidler <bazsi@balabit.hu> Date: Mon Jun 27 09:47:51 2011 +0200 fixed chain-hostnames() processing The marking of local messages was broken, and as a result hostnames generated by chain-hostnames(yes) got also broken: instead of <source>@<hostname> <hostname>/<hostname> got generated. Reported-By: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> diff --git a/lib/logreader.c b/lib/logreader.c index 7508abf..400668a 100644 --- a/lib/logreader.c +++ b/lib/logreader.c @@ -280,6 +280,9 @@ log_reader_handle_line(LogReader *self, const guchar *line, gint length, GSockAd m = log_msg_new((gchar *) line, length, saddr, &self->options->parse_options); + + if (self->options->flags & LR_LOCAL) + m->flags |= LF_LOCAL; if (!m->saddr && self->peer_addr) { -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com