[syslog-ng]syslog-ng 1.4.9a mixing up log sources?

Balazs Scheidler bazsi@balabit.hu
Fri, 24 Nov 2000 19:13:51 +0100


hi,

> Today, I upgraded to 1.4.9a on our Solaris log server. Some hours
> later, my "logcheck clone" reported strange things; our webserver's
> logs contained lines for netsrvm (part of the Mimer database). However, we
> do not run Mimer on that machine, but on some others.
> 
> Sample log line (host names/IP:s changed):
> 
> Nov 24 13:29:08 web.example/web.example netsrvm[15501]: connect from mimerclient.example<30>sshd[9892]: log: Connection from 192.168.1.1 port 57733
> 
> The second part could be a correct entry for the web machine.
> 
> Please contact me personally if unmodified log lines are needed for
> some debugging.

can you check if this one fixes your problem:

--- /home/bazsi/z/syslog-ng-1.4.9a/src/sources.c	Thu Nov 23 09:27:15 2000
+++ sources.c	Fri Nov 24 19:08:39 2000
@@ -100,8 +100,8 @@
 	eol = memchr(closure->buffer, '\0', closure->pos);
 	if (eol == NULL)
 		eol = memchr(closure->buffer, '\n', closure->pos);
-	if (!eol && closure->pos == MAX_LINE) {
-		/* our buffer is full, we have to flush it */
+	if (!eol && closure->pos) {
+		/* we don't have a terminating nl nor \0 */
 		do_handle_line(closure, closure->pos, closure->buffer, salen ? (abstract_addr *) &sabuf : NULL, salen);
 		closure->pos = 0;
 		return ST_OK | ST_GOON;

This restores the original behaviour (which I believed to be only used on
HP-UXes) (you may have to touch sources.c.x after applying the patch)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt