[syslog-ng] syslog-ng 2.0.x bug - facility(auth) fails to match any messages

Balazs Scheidler bazsi at balabit.hu
Fri Apr 20 22:23:57 CEST 2007


On Mon, 2007-04-16 at 10:33 -0700, Evan Rempel wrote:
> Balazs Scheidler wrote:

> and use filter rather than using two filters in the log line,
> things work as documented.
> 
> The problem is with messages that should match the facility of auth not with
> the messages that match local1 and ldap.
> 
> > 
> > This means that:
> > 
> >> filter f_auth         { facility(auth); };
> >> filter f_local1       { facility(local1); };
> >> filter f_ldap       { program(^slapd); };
> >>
> >> # ****** PROBLEM LOG LINE ****
> >> log { source(local); filter(f_local1); filter(f_ldap); destination(test.log); };
> > 
> > Test.log will only receive a message if the facility is local1 and the 
> > program sending the message is slapd. I've googled for this and slapd uses 
> > local4 by default:
> 
> Yes, in our environment our primary LDAP server logs with the facility of local1.
> 
> It is easy to test. Use the attached configuration and try to log with any priority auth.*
> and see where the messages get logged. They should be logged in the auth.log but on my system they
> are logged into unknown.log
> 

Sorry for not responding for so long. The problem you reported was was
indeed a bug in syslog-ng. The patch below fixes the problem in the code
and adjusts the unit testcase to detect the problem.

As a side-note, I've migrated to use git instead of GNU arch, thus daily
snapshots will not receive this and further updates until I fix that to
use my git tree instead. So you need to apply this patch by hand.

Please give me some time to fix the snapshot generation. I'll try to
publish my git tree in the interim time.

diff --git a/src/filter.c b/src/filter.c
index 04e3639..269d016 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -208,7 +208,7 @@ filter_facility_eval(FilterExprNode *s, LogMessage *msg)
             {
               if (sl_facilities[i].value == fac) 
                 {
-                  if (fac_num < 32)
+                  if (fac_num < 32 && bitpos[fac_num] == -1)
                     bitpos[fac_num] = i;
                   if (bits & 1)
                     {
diff --git a/tests/unit/test_filters.c b/tests/unit/test_filters.c
index 422dff2..58236d7 100644
--- a/tests/unit/test_filters.c
+++ b/tests/unit/test_filters.c
@@ -91,6 +91,7 @@ main(int argc G_GNUC_UNUSED, char *argv[] G_GNUC_UNUSED)
   
   testcase("<128> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(facility_bits("local0")), 1);
   testcase("<128> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(0x80000000 | (LOG_LOCAL0 >> 3)), 1);
+  testcase("<32> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(facility_bits("local1")), 0);
   testcase("<32> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(facility_bits("auth")), 1);
   testcase("<32> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(0x80000000 | (LOG_AUTH >> 3)), 1);
   testcase("<80> openvpn[2499]: PTHREAD support initialized", 0, filter_facility_new(facility_bits("authpriv")), 1);


-- 
Bazsi



More information about the syslog-ng mailing list