[syslog-ng] Bug in syntax checking in 2.0-rc1

Chris Whipple CWhipple at hertz.com
Fri Jul 14 22:12:01 CEST 2006 

I must agree. This one's bitten me a time or two as well. I would like to
see the addition of "undefined reference" checking to the -s option, if
possible.

Thank you,

Chris Whipple
Sr. Security Analyst
Unix Security Group
The Hertz Corporation
5601 NW Expressway
Oklahoma City, OK 73132, USA
cwhipple at hertz.com



                                                                           
                                                                           
                                                                           
                                                                        To 
                                       "Syslog-ng users' and developers'   
                                       mailing list"                       
  "Paul Krizak"                        <syslog-ng at lists.balabit.hu>        
  <paul.krizak at amd.com>                                                 cc 
  Sent by:                                                                 
  syslog-ng-bounces at lists.bala                                     Subject 
  bit.hu                               Re: [syslog-ng] Bug in syntax       
                                       checking in 2.0-rc1                 
                                                                           
  07/14/2006 02:50 PM                                                      
                                                                           
                                                                           
  Please respond to                                                        
  "Syslog-ng users' and                                                    
  developers' mailing list"                                                
  <syslog-ng at lists.balabit.hu>                                             
                                                                           
                                                                           




Good points, Valdis.

Guess I was mostly just bitter about having beaten my head on the
problem assuming that the -s switch was doing more than it really did.

However, I'd argue that in this one specific case, i.e. a log statement
referencing a non-existent source, destination, filter, etc. that it
*is* something that -s should check for.  After all, this type of
problem *guarantees* that syslog-ng will not be able to start up if
passed this configuration file.  More specifically, syslog-ng does this
sanity check before starting up.  Why can't it do the same sanity check
when doing a syntax check?

Obviously it's a bit extreme to expect that passing the -s check will
guarantee startup success, but I do think that checking for undefined
references in the config file is an appropriate check for -s to do.

Paul Krizak                         5900 E. Ben White Blvd. MS 625
Advanced Micro Devices              Austin, TX  78741
Linux/Unix Systems Engineering      Phone: (512) 602-8775
Microprocessor Solutions Sector     Cell:  (512) 791-0686


Valdis.Kletnieks at vt.edu wrote:
> On Thu, 13 Jul 2006 18:52:23 CDT, Paul Krizak said:
>> $ syslog-ng -d -F -f /opt/mpd/vtec/etc/syslog-ng.conf
>> Error in configuration, unresolved destination reference;
>> filter='d_syslog_pipe'
>
> The syntax is fine, it's the semantics that's screwed up here.
>
> You had a syntactically correct line that referenced a bad destination.
>
>> I believe that the -s switch should mean "if it returns zero, then when
>> you fire up syslog-ng, it *will* start up and begin functioning."
>
> No.
>
> The -s switch *can't* guarantee that.  Consider all the ways it can
> fail on the way up - everything from being unable to bind port 514 for
> listening to not being able to exec() the binary for a destination that
> pipes to a program.
>
> It's even possible that if you run the -s as one user, but actually
launch it
> as root, it will fail because it can't read its config file (consider a
/etc/
> syslog.conf that's on an NFS mount in a cluster, owned by a user 'syslog'
and
> mode 640 - and the mount squashes root access to 'nobody').
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>


_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html






---------------
This message (including attachments) may contain information that is 
privileged, confidential or protected from disclosure.  If you are not the 
intended recipient, you are hereby notified that dissemination, 
disclosure, copying, distribution or use of this message or any 
information contained in it is strictly prohibited.  If you have received 
this message in error, please immediately notify the sender by reply 
e-mail and delete this message from your computer.  Although we have taken 
steps to ensure that this e-mail and attachments are free from any virus, 
we advise that in keeping with good computing practice the recipient 
should ensure they are actually virus free.
---------------

More information about the syslog-ng mailing list