[syslog-ng] Syslog-ng fails with more than one program destination

George Madden gmadden@columbus.rr.com
Mon, 31 Jan 2000 14:50:13 -0500


I was testing with 1.3.13 and found it fails with a kill -HUP when more than
one "program" destination is used. Syslog-ng never restarts and starts using
all the cpu. I tested this on both Redhat 6.1 and FreeBSD 3.3. When I remove
all but one program destination, it works fine. It also works fine under
syslog-ng 1.2.3. I assume I can have more than one program destination but
maybe not.

Here is the debug output. It never closes the fd and the cpu goes to about
97%

binding fd 3, inetaddr: 0.0.0.0, port: 514
io.c: Preparing fd 3 for reading
io.c: listening on fd 4
io.c: Preparing fd 6 for writing
io.c: Preparing fd 7 for writing
io.c: Preparing fd 8 for writing
syslog-ng version 1.3.13 starting
io.c: Preparing fd 5 for writing
Garbage collecting while idle...
Objects alive: 68, garbage collected: 4
Garbage collecting while idle...
Objects alive: 68, garbage collected: 14
Garbage collecting while idle...
Objects alive: 68, garbage collected: 28
Garbage collecting while idle...
Objects alive: 68, garbage collected: 37
SIGHUP received, restarting syslog-ng
Marking fd 3 for closing.
Marking fd 5 for closing.
Marking fd 8 for closing.



Here are the files from the Redhat system:

syslog-ng.conf

##
options { long_hostnames(off); sync(0); log_fifo_size(10); };
source src { unix-stream("/dev/log"); internal(); };
source net { udp(); };
#
destination all { file ("/var/log/all" sync(0)); };
destination net { file ("/var/log/net" sync(100)); };
#
destination authenfail {program ("/etc/scripts/authenfail.sh"); };
destination authendeny {program ("/etc/scripts/authendeny.sh"); };
destination poolmess {program ("/etc/scripts/poolmess.sh"); };
#
filter f_authen { match ("PIX-6-10900"); };
filter f_authenfail { match ("PIX-6-109006"); };
filter f_authendeny { match ("PIX-6-109009"); };
filter f_poolfail { match ("laddr 10.10.01.254"); };
#
log { source(src); destination(all); };
log { source(net); destination(net); };
#
log { source(net); filter(f_authenfail); destination(authenfail); };
log { source(net); filter(f_authendeny); destination(authendeny); };
log { source(net); filter(f_poolfail); destination(poolmess); };


Here are the scripts:

authendeny.sh

#!/bin/sh
while read LINE; do
        echo $LINE | mail -s "Athentication Denied" root
done


authenfail.sh

#!/bin/sh
while read LINE; do
# use awk to get the second field with a ' as a delimiter
NAME=`echo $LINE | awk -F\' '{print $2}'`
echo $NAME
        echo $LINE | mail -s "Athentication Failed for $NAME" root
done



poolmess.sh

#!/bin/sh
while read LINE; do
        echo $LINE | mail -s "Possible pool overload" pixadmin
done