[syslog-ng] bug report

Matt Zagrabelny mzagrabe at d.umn.edu
Thu Sep 21 21:29:58 CEST 2006


On Thu, 2006-09-21 at 20:53 +0200, Sandor Geller wrote:
> Matt Zagrabelny wrote:
> > does anyone on the list know the preferred way of submitting bug reports
> > to the developers?
> 
> Why don't you send your report to the list? 

just wanted to make sure the bugreport wouldnt fall on deaf ears. ;)

the problem has to do with using the program() destination driver
dropping syslog entries, or at least the program not receiving them. it
may very well be a problem with the program i am using, but i thought i
would pass it on to the experts.

what happens is that when the program() is executing a remote command,
for example via ssh, any successive input on STDIN is dropped or not
received or not sent or something. thus to test this phenomenon, the
program() must get more than one line at a time (or perhaps, at least a
second line before the remote program is done executing). exact timing
of the failure hasnt been investigated yet. the test below uses the auth
facilities because establishing an ssh connection sends more than one
message to syslog.

the only thing you have to do to test this is setup a trusted no
passphrase key for ssh for the user that syslog-ng runs as to the same
box.

to see things work as i would expect them set '$use_ssh = 0' in the
program.

i have been 'tail -f'ing the both /tmp/syslog_sleep
and /var/log/auth.log to witness the failure.

-----------------------------------------
relavent sections of syslog-ng.conf
-----------------------------------------
source s_all {
        internal();
        unix-stream("/dev/log");
        file("/proc/kmsg" log_prefix("kernel: "));
        udp();
};

filter f_auth { facility(auth, authpriv); };

destination dp_syslog_sleep {
	program("/home/mzagrabe/code/perl/test/syslog_sleep");
};

log {
        source(s_all);
        filter(f_auth);
        destination(dp_syslog_sleep);
};

-----------------------------------------
syslog_sleep program follows
-----------------------------------------
#!/usr/bin/perl

use strict;
use FileHandle;

my $sleep = 1;
my $use_ssh = 1;
my $sleep_duration = 5;
my $output_file = '/tmp/syslog_sleep';

my $fh = new FileHandle;
$fh->open('>> '.$output_file) or die "could not open $output_file for
writing: $!\n";
$fh->autoflush(1);

while (<>) {
        print $fh $_;
        if ($sleep) {
                if ($use_ssh) {
                        system("ssh localhost sleep $sleep_duration");
                } else {
                        sleep $sleep_duration;
                }
        }
}

-- 
Matt Zagrabelny - mzagrabe at d.umn.edu - (218) 726 8844
University of Minnesota Duluth
Information Technology Systems & Services
PGP key 1024D/84E22DA2 2005-11-07
Fingerprint: 78F9 18B3 EF58 56F5 FC85  C5CA 53E7 887F 84E2 2DA2

He is not a fool who gives up what he cannot keep to gain what he cannot
lose.
-Jim Elliot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060921/3247863c/attachment.pgp


More information about the syslog-ng mailing list