[syslog-ng]Re: Bug #161915

Balazs Scheidler bazsi@balabit.hu
Thu, 3 Oct 2002 12:54:41 +0200


Thanks for the information you provided.

The problem is that the programs do not send \n at the end of line while
syslog-ng expects one for STREAM oriented sources. (such as unix-stream),

Earlier versions of syslog-ng took a message as a full message in the
following cases:
1) either NL or NUL was found in the incoming stream
2) after a single read and the source is datagram oriented (UDP or unix-dgram)
3) after the incoming buffer is full (specified via log_msg_size())

For stream oriented sources either 1) or 3) must be true. The strace you
sent me indicates that some programs do not terminate their messages by

Checking out the libc sources shows that libc automatically terminates
messages by NL if LOG_PERROR is set, and also adds a \0 at the end of the
line if STREAM sockets are used. So both syslog-ng and libc behaviour seems
to be correct. Something must be wrong anyway as the strace didn't show
terminating NUL characters.

I assumed that you are using unix-stream sources, but this assumption
should be true as syslog-ng issues read() instead of recvfrom().

As syslog-ng reads no terminating NUL characters, I think this should be a
libc issue. stream sockets should always have line terminations, as it is
not guaranteed by the kernel that a single write will be read by single read

I don't know where to submit this bug, to the libc people, or to the cron

> read(3, "<38>Oct  2 15:49:02 PAM_unix[4971]: (cron) session closed for user list", 2049) = 71
> read(3, "<38>Oct  2 15:50:01 PAM_unix[4974]: (cron) session opened for user root by (uid=0)", 1978) = 82
> read(3, "<38>Oct  2 15:50:01 PAM_unix[4975]: (cron) session opened for user list by (uid=0)", 1896) = 82
> read(3, "<78>Oct  2 15:50:01 /USR/SBIN/CRON[4977]: (list) CMD (   [ -x /usr/bin/python -a -f /usr/lib/mailman/cron/qrunner ] && /usr/bin/python /usr/lib/mailman/cron/qrunner)", 1814) = 165
> read(3, "<78>Oct  2 15:50:01 /USR/SBIN/CRON[4976]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)", 1649) = 171
> read(3, "<38>Oct  2 15:50:01 PAM_unix[4974]: (cron) session closed for user root", 1478) = 71
                                                                                ^^^^^ missing nl or nul character

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1