[syslog-ng] No line break every so often
Balazs Scheidler
bazsi at balabit.hu
Mon May 23 12:59:04 CEST 2005
On Fri, 2005-05-20 at 12:14 -0700, Mike Tremaine wrote:
> On Fri, 2005-05-20 at 04:49, Balazs Scheidler wrote:
> Luckly it is... Attached is a trimmed down trace file with a few
> examples of the problem [about 200lines let me know if more would be
> useful...]
>
> To my [uneducated] eye it looks like sendmail is the problem but like I
> said sometimes it does it right sometime it doesn't.
>
> Example:
>
> read(16, "<20>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: collect:
> premature EOM: unexpected close", 2048) = 93
>
> Notice no \0 or \n
>
> Then the next read
>
> read(16, "<21>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: collect:
> unexpected close on connection from [61.43.165.161],
> sender=<Hager at indiatimes.com>\0<22>May 20 07:48:02 sendmail[16668]:
> j4KEkWOv016668: from=<Hager at indiatimes.com>, size=0, class=0, nrcpts=1,
> proto=SMTP, daemon=MTA, relay=[61.43.165.161]\0", 1955) = 300
>
>
> A null terminator
> That leads to the output
>
> write(22, "2005-05-20 07:48:02 quasar mail.warning sendmail[16668]:
> j4KEkWOv016668: collect: premature EOM: unexpected close<21>May 20
> 07:48:02 sendmail[16668]: j4KEkWOv016668: collect: unexpected close on
> connection from [61.43.165.161],
> sender=<Hager at indiatimes.com>\n2005-05-20 07:48:02 quasar mail.info
> sendmail[16668]: j4KEkWOv016668: from=<Hager at indiatimes.com>, size=0,
> class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=[61.43.165.161]\n",
> 430) = 430
> .
>
> So the null was caught and turned into \n but the line before it runs
> together. With some weird <21> [and more often <22> see trace file].
Hm. Sendmail really seems to be the culprit, it is only hidden by
sysklogd using unix-dgram() sockets in which case the syslog daemon does
not care whether the message was NL or \0 terminated or not.
The manpage for syslogd, mentions:
... "A trailing newline is added when needed."
This does not seem to be true. After judging the source it seems to be
adding the NL character only if LOG_PERROR is specified to openlog()
which clearly isn't the case for sendmail.
I'd say this is a libc bug which you can work around by avoiding using
unix-stream and sticking to unix-dgram instead. (a solution which I
myself do not like).
--
Bazsi
More information about the syslog-ng
mailing list