On Thu, Aug 08, 2002 at 11:23:08AM +0200, Balazs Scheidler wrote:

Hi,

This patch should fix the message mangling problems you might have encountered. As the log parsing routines are quite critical I don't want to release this patch without testing on most platforms. It seems to work on Linux for me, but tests from more exotic platforms are welcome.

(the problem this patch fixes occurs only if you have messages longer than the default limit. the limit can be changed by log_msg_size)

Thinking a bit more this patch breaks when receiving UDP syslog from a devices which do not terminate messages with nl or \0. The best solution though is to increase log_msg_size() to be longer than the longest expected message. A fixed patch below (still against plain 1.5.19 so you need to reverse the previous patch): Index: sources.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/sources.c,v retrieving revision 1.34 diff -u -r1.34 sources.c --- sources.c 18 Jul 2002 13:18:02 -0000 1.34 +++ sources.c 8 Aug 2002 10:01:18 -0000 @@ -79,10 +80,11 @@ CAST(log_reader, closure, *h); UINT8 *eol, *start; UINT32 length; - int n; + int n, start_pos; char sabuf[256]; size_t salen = sizeof(sabuf); + start_pos = closure->pos; if (!closure->dgram) { if (closure->pad_size) n = A_READ(read, MIN(closure->max_log_line, closure->pad_size), closure->buffer + closure->pos); @@ -112,8 +114,11 @@ closure->pos = 0; return ST_OK | ST_GOON; } - if (!eol && closure->pos) { - /* we don't have a terminating nl nor \0 */ + if (!eol && (start_pos == 0 || closure->pos == closure->max_log_line)) { + /* we don't have a terminating nl nor \0, and our buffer is + full or we started with an empty buffer (e.g. each + message in its own packet). + */ do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen); closure->pos = 0; return ST_OK | ST_GOON; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1