[Bug 216] New: 3.4.0rc1 LLADDR parser does not work
https://bugzilla.balabit.com/show_bug.cgi?id=216 Summary: 3.4.0rc1 LLADDR parser does not work Product: syslog-ng Version: 3.4.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: erempel@uvic.ca Type of the Report: --- Estimated Hours: 0.0 IT does not matter if I use @LLADDR@, @LLADDR:mac@, @LLADDR:mac:6@ or @LLADDR::6@ I get the same results On syslog-ng 3.3.7 (with a patch to get the LLADDR parser) I get % /usr/local/bin/pdbtool test --validate ./pattern.xml ./pattern.xml validates Testing message program='dhcpd' message='DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253' On syslog-ng 3.4.0rc1 % /usr/local/bin/pdbtool test --validate ~/pattern.xml /home1l/erempel/pattern.xml validates Testing message program='dhcpd' message='DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253' Wrong match name='.classifier.rule_id', value='', expected='18c8c7bf-977d-4495-ab73-8692f9bfb0f2' Wrong match name='ip', value='', expected='142.104.103.253' Wrong match name='mac', value='', expected='e8:3e:b6:95:b2:38' Wrong match name='name', value='', expected='BLACKBERRY-27BD' With a minimal pattern.xml <patterndb version="4" pub_date="2009-09-01"> <ruleset name="dhcpd" id="RS-4d2abc9e-ae62-4dff-a87d-501503ed1360"> <pattern>dhcpd</pattern> <rules> <rule id="18c8c7bf-977d-4495-ab73-8692f9bfb0f2" class="dhcpd" provider="UVic"> <patterns> <pattern>DHCPDISCOVER from @LLADDR:mac:6@ @QSTRING:name:()@ via @IPv4:ip@</pattern> </patterns> <tags> <tag>ignore</tag> </tags> <values> <value name="AUTHPROGRAM">dhcpd</value> </values> <examples> <example> <test_message program="dhcpd">DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253</test_message> <test_values> <test_value name="ip">142.104.103.253</test_value> <test_value name="mac">e8:3e:b6:95:b2:38</test_value> <test_value name="name">BLACKBERRY-27BD</test_value> </test_values> </example> </examples> </rule> </rules> </ruleset> </patterndb> -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=216 --- Comment #1 from Evan Rempel <erempel@uvic.ca> 2013-01-16 01:20:22 --- Created an attachment (id=69) --> (https://bugzilla.balabit.com/attachment.cgi?id=69) LLADDR patch 3.4.0rc1 -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=216 --- Comment #2 from Evan Rempel <erempel@uvic.ca> 2013-01-16 01:21:19 --- I have attached a patch that fixes the issue for me. It is in your 3.4 style rather than the one I submitted for 3.3.7 -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=216 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |3.4.1 CC| |algernon@balabit.hu AssignedTo|bazsi@balabit.hu |algernon@balabit.hu --- Comment #3 from Gergely Nagy <algernon@balabit.hu> 2013-01-16 14:50:32 --- Thanks, I'll review and update the patch later today, so this'll get into RC2. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=216 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #4 from Gergely Nagy <algernon@balabit.hu> 2013-01-16 14:52:06 --- And by update, I mean apply. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=216 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |FIXED Status|ASSIGNED |RESOLVED --- Comment #5 from Gergely Nagy <algernon@balabit.hu> 2013-01-17 11:23:22 --- (In reply to comment #0)
IT does not matter if I use @LLADDR@, @LLADDR:mac@, @LLADDR:mac:6@ or @LLADDR::6@ I get the same results [...] <patterns> <pattern>DHCPDISCOVER from @LLADDR:mac:6@ @QSTRING:name:()@ via @IPv4:ip@</pattern> </patterns> [...] <test_message program="dhcpd">DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253</test_message> <test_values> <test_value name="ip">142.104.103.253</test_value> <test_value name="mac">e8:3e:b6:95:b2:38</test_value> <test_value name="name">BLACKBERRY-27BD</test_value> </test_values> [...]
Thanks for the examples, I finally understood how you intended to use @LLADDR@, and why the way I rewrote it when picking it for 3.4 was wrong. I've picked the patch to 3.4, after adjusting the test cases. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com