[syslog-ng]1.5.19 and tcp

CHENNES@Nationwide.com CHENNES@Nationwide.com
Wed, 7 Aug 2002 09:31:50 -0400 

I am having difficulty keeping 1.5.19 running when receiving syslog
messages via tcp.  I have a central logging host that receives messages via
tcp from collection hosts.  The collection hosts are receiving messages
from various hosts via udp and tcp.  Essentially, the ng process
immediately dies on the central logging host as soon as I start it.
However, if I alter the configurations to use only udp, I have no problems.
The central logging host and the collection hosts are all running Solaris 8
with 1.5.19.  I have tested the same exact scenario using a previous
version of ng (1.4.14) on the central logging host and it works just fine.
I have included some configuration information below.

**** output from command truss -fael syslog-ng -d

syslog-ng version 1.5.19 starting
1548/1:         write(2, " s y s l o g - n g   v e".., 34)      = 34
1548/1:         sigaction(SIGPIPE, 0xFFBEFA18, 0xFFBEFB18)      = 0
1548/1:         sigaction(SIGHUP, 0xFFBEFA18, 0xFFBEFB18)       = 0
1548/1:         sigaction(SIGTERM, 0xFFBEFA18, 0xFFBEFB18)      = 0
1548/1:         sigaction(SIGCLD, 0xFFBEFA18, 0xFFBEFB18)       = 0
1548/1:         time()                                          =
1028722452
1548/1:         poll(0xFFBEFB38, 2, 100)                        = 0
1548/1:         poll(0xFFBEFB38, 2, 60000)      (sleeping...)
1548/2:         signotifywait()                 (sleeping...)
1548/3:         door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
1548/4:         lwp_cond_wait(0xFF0F5550, 0xFF0F5560, 0xFF0EEDB8)
(sleeping...)
1548/5:         door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
1548/1:         poll(0xFFBEFB38, 2, 60000)                      = 1
1548/1:         accept(3, 0xFFBEF9C8, 0xFFBEF9C4, 1)            = 7
1548/1:         fcntl(7, F_GETFL, 0xFFFFFFFF)                   = 130
1548/1:         fstat64(7, 0xFFBEF698)                          = 0
1548/1:         getsockopt(7, 65535, 8192, 0xFFBEF798, 0xFFBEF790, 0) = 0
1548/1:         fstat64(7, 0xFFBEF698)                          = 0
1548/1:         getsockopt(7, 65535, 8192, 0xFFBEF798, 0xFFBEF794, 0) = 0
1548/1:         setsockopt(7, 65535, 8192, 0xFFBEF798, 4, 0)    = 0
1548/1:         fcntl(7, F_SETFL, 0x00000082)                   = 0
1548/1:         fcntl(7, F_SETFD, 0x00000001)                   = 0
AF_INET client connected from 10.1.1.1, port 38896
1548/1:         write(2, " A F _ I N E T   c l i e".., 55)      = 55
io.c: Preparing fd 7 for reading
1548/1:         write(2, " i o . c :   P r e p a r".., 33)      = 33
1548/1:         time()                                          =
1028722460
1548/1:         poll(0xFFBEFB30, 3, 100)                        = 1
1548/1:         read(7, " < 1 3 > A u g     7   0".., 2049)     = 2049
1548/1:             Incurred fault #6, FLTBOUNDS  %pc = 0xFF141D00
1548/1:               siginfo: SIGSEGV SEGV_MAPERR addr=0x3103F700
1548/1:             Received signal #11, SIGSEGV [default]
1548/1:               siginfo: SIGSEGV SEGV_MAPERR addr=0x3103F700
1548/1:                 *** process killed ***




**** syslog-ng.conf from central logging host:

options { sync(0); time_reopen(10); log_fifo_size(1000);
keep_hostname(yes); use_dns(yes); use_fqdn(no); use_time_recvd(yes);
gc_idle_threshold(1000); };

source ng_local {
        internal();
};

source local {
        sun-streams("/dev/log" door("/etc/.syslog_door"));
};

source remote {
        tcp(ip("10.1.1.10") port(5514));
};

destination ng_messages {
        file("/var/log/syslog-ng" owner(root) group(staff) perm(0440)
create_dirs(yes) dir_perm(0755));
};

destination local_messages {
        file("/var/adm/messages" owner(root) group(staff) create_dirs(yes)
dir_perm(0755));
};

destination remote_messages {
        file("/logfiles/$MONTH_$DAY_$YEAR/$HOST/messages" owner(root)
group(corenet) perm(0440) create_dirs(yes) dir_perm(0755));
};

log { source(ng_local); destination(ng_messages); };

log { source(local); destination(local_messages); };

log { source(remote); destination(remote_messages); };




**** syslog-ng.conf from collection hosts:

options { sync(0); time_reopen(10); log_fifo_size(2000);
keep_hostname(yes); use_fqdn(no);};

source ng_local {
        internal();
};

source local {
        sun-streams("/dev/log" door("/etc/.syslog_door"));
};

source remote {
        udp(ip("10.1.1.1") port(514));
        tcp(ip("10.1.1.1") port(5514));
};

destination ng_messages {
        file("/var/log/syslog-ng" owner(root) group(staff) create_dirs(yes)
dir_perm(0755));
};

destination local_messages {
        file("/var/adm/messages" owner(root) group(staff) create_dirs(yes)
dir_perm(0755));
};

destination remote_messages {
        tcp("10.1.1.10" port(5514));
};

log { source(ng_local); destination(ng_messages); };

log { source(local); destination(local_messages); };

log { source(remote); destination(remote_messages); };