[syslog-ng]syslog-ng 1.4.9a mixing up log sources?
Balazs Scheidler
bazsi@balabit.hu
Fri, 24 Nov 2000 19:13:51 +0100
hi,
> Today, I upgraded to 1.4.9a on our Solaris log server. Some hours
> later, my "logcheck clone" reported strange things; our webserver's
> logs contained lines for netsrvm (part of the Mimer database). However, we
> do not run Mimer on that machine, but on some others.
>
> Sample log line (host names/IP:s changed):
>
> Nov 24 13:29:08 web.example/web.example netsrvm[15501]: connect from mimerclient.example<30>sshd[9892]: log: Connection from 192.168.1.1 port 57733
>
> The second part could be a correct entry for the web machine.
>
> Please contact me personally if unmodified log lines are needed for
> some debugging.
can you check if this one fixes your problem:
--- /home/bazsi/z/syslog-ng-1.4.9a/src/sources.c Thu Nov 23 09:27:15 2000
+++ sources.c Fri Nov 24 19:08:39 2000
@@ -100,8 +100,8 @@
eol = memchr(closure->buffer, '\0', closure->pos);
if (eol == NULL)
eol = memchr(closure->buffer, '\n', closure->pos);
- if (!eol && closure->pos == MAX_LINE) {
- /* our buffer is full, we have to flush it */
+ if (!eol && closure->pos) {
+ /* we don't have a terminating nl nor \0 */
do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen);
closure->pos = 0;
return ST_OK | ST_GOON;
This restores the original behaviour (which I believed to be only used on
HP-UXes) (you may have to touch sources.c.x after applying the patch)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt