Hi, Syslog-ng 1.5.21 still produces mangled messages into pipes! This happens ca. 10 times a day. Here an example what syslog-ng writes in the pipe: INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for command \'check_total_procs\' to be rINSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '11:24:57', 'nrpe', 'nrpe[15656]: Return Code: 0, Output: OK - 67 processes running' ); the 3rd line should look like this: '2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for command \'check_total_procs\' to be run...' ); But syslog-ng doesn't finish that line. Here another example: INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '01:26:52', 'nrpe', 'nrpe[15INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '01:26:52', 'nrpe', 'nrpe[15387]: Return Code: 1, Output: 2 users currently logged in' ); Here is my syslog-ng.conf: # # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # # 1.options options { long_hostnames(off); use_fqdn(yes); sync(0); log_fifo_size (500); gc_busy_threshold(768); use_time_recvd(1); }; # 2.sources source s_kernel { pipe("/proc/kmsg"); internal(); }; source s_stream { unix-stream("/dev/log"); internal(); }; source sn_udp { udp(); }; # 3.destinations destination df_all_messages { file("/var/log/all_messages-$YEAR$MONTH$DAY"); }; destination dq_mysql_all_messages { pipe("/var/pipes/mysql.fifo" template("INSERT INTO all_messages_$YEAR$MONTH (host, facility, priority, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; # 4.Log log { source(s_stream); source(s_kernel); source(sn_udp); destination(df_all_messages); }; log { source(s_stream); source(s_kernel); source(sn_udp); destination(dq_mysql_all_messages); }; And here the Script that reads from the pipe (I'm starting a new database every month): #!/bin/sh datum=$(date +%Y%m) if [ -e /var/pipes/mysql.fifo ]; then while [ -e /var/pipes/mysql.fifo ] do /usr/local/mysql/bin/mysql -vvT syslog_$datum < /var/pipes/mysql.fifo done else mkfifo /var/pipes/mysql.fifo fi My system: # uname -a Linux clc 2.4.10-4GB #1 Tue Sep 25 12:33:54 GMT 2001 i686 unknown Could anyone PLEASE help me? thanks Harald -- Holen Sie sich den Turbo fürs Internet: T-DSL! http://bonus.gmx.net/?gid=46842444&prid=11
Hi Harald, we (and some other list members) observing the same problem. (see list thread "[syslog-ng]Urgent: Mangled messages in pipe() destinations in version 1.5.19" starting at 02/08) The last running version is 1.5.8. The bug is known to Bazsi. But unfortunately it isn't reproducable for him. Bazsi need more information! For us, its really hard to truss/strace our syslogd's, because they are heavy loaded. So, trussing will generate GB's of output and its hard to find the exact section, where the error occurs. Would be great, if you can strace your syslogd and send the output to Bazsi, to help him to fix this bug. Sounds that your syslogd isn't really high loaded. Thanks for your help! harald schmidt wrote:
Syslog-ng 1.5.21 still produces mangled messages into pipes! This happens ca. 10 times a day.
-- Best regards --Andreas Schulze [phone: +49.5246.80.1275, fax: +49.5246.80.2275] | I believe, it was Dennis Ritchie who said something like: | "C is rarely the best language for a given task, | but it's often the second-best". | The implication being that: "[...]" | | sh# cat>$$.c<<EOT | main(l,a,n,d)char**a;{for(d=atoi(a[1])/10*80-atoi(a[2])/5-596;n="@NK\ | ACLCCGZAAQBEAADAFaISADJABBA^SNLGAQABDAXIMBAACTBATAHDBANZcEMMCCCCAAhE\ | IJFAEAAABAfHJETBdFLDAANEfDNBPHdBcBBBEA_AL H E L L O, W O R L D! " | [l++-3];)for(;n-->64;)putchar(!d+++33^l&1);} | EOT | gcc -o$$ $$.c;clear;./$$ 52 8;rm -f $$*
Try to test this solution: http://lists.balabit.hu/pipermail/syslog-ng/2002-October/003905.html -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of harald schmidt Sent: Thursday, October 10, 2002 5:31 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]STILL MANGLED MESSAGES! Please Help! Importance: High Hi, Syslog-ng 1.5.21 still produces mangled messages into pipes! This happens ca. 10 times a day. Here an example what syslog-ng writes in the pipe: INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for command \'check_total_procs\' to be rINSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '11:24:57', 'nrpe', 'nrpe[15656]: Return Code: 0, Output: OK - 67 processes running' ); the 3rd line should look like this: '2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for command \'check_total_procs\' to be run...' ); But syslog-ng doesn't finish that line. Here another example: INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '01:26:52', 'nrpe', 'nrpe[15INSERT INTO all_messages_200210 (host, facility, priority, tag, date, time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f', '2002-10-10', '01:26:52', 'nrpe', 'nrpe[15387]: Return Code: 1, Output: 2 users currently logged in' ); Here is my syslog-ng.conf: # # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # # 1.options options { long_hostnames(off); use_fqdn(yes); sync(0); log_fifo_size (500); gc_busy_threshold(768); use_time_recvd(1); }; # 2.sources source s_kernel { pipe("/proc/kmsg"); internal(); }; source s_stream { unix-stream("/dev/log"); internal(); }; source sn_udp { udp(); }; # 3.destinations destination df_all_messages { file("/var/log/all_messages-$YEAR$MONTH$DAY"); }; destination dq_mysql_all_messages { pipe("/var/pipes/mysql.fifo" template("INSERT INTO all_messages_$YEAR$MONTH (host, facility, priority, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; # 4.Log log { source(s_stream); source(s_kernel); source(sn_udp); destination(df_all_messages); }; log { source(s_stream); source(s_kernel); source(sn_udp); destination(dq_mysql_all_messages); }; And here the Script that reads from the pipe (I'm starting a new database every month): #!/bin/sh datum=$(date +%Y%m) if [ -e /var/pipes/mysql.fifo ]; then while [ -e /var/pipes/mysql.fifo ] do /usr/local/mysql/bin/mysql -vvT syslog_$datum < /var/pipes/mysql.fifo done else mkfifo /var/pipes/mysql.fifo fi My system: # uname -a Linux clc 2.4.10-4GB #1 Tue Sep 25 12:33:54 GMT 2001 i686 unknown Could anyone PLEASE help me? thanks Harald -- Holen Sie sich den Turbo fürs Internet: T-DSL! http://bonus.gmx.net/?gid=46842444&prid=11 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
_/CaT\_
-
Andreas Schulze
-
harald schmidt