[syslog-ng] [Bug 3] New: udp flood

[bugzilla at bugzilla.balabit.com]

https://bugzilla.balabit.com/show_bug.cgi?id=3

           Summary: udp flood
           Product: syslog-ng
           Version: 2.0.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: manoo at manoo.hu
Type of the Report: bug
   Estimated Hours: 0.0


I installed syslog-ng 2.0.5 (because there was no .rpm for a RHEL3 server I made it with rpmbuild).
In the config file I placed two destination lines for the same filter, first for place the log locally and
an other to send it to a remote loghost (udp/514). I had a typo in the path of the local logfile (started
with "/vavr" instead of "/var") and syslog-ng cannot create/write the specified file (I made no "create_dirs(yes)")
when I started the logging (with logger - that was an apache logging system) the result was the following:
it did not checked the writability of the file but could start itself (resart of syslog-ng was successfull)
and started to sends this errormessage to the loghost with full speed:

Dec 13 09:56:07 192.168.0.2 syslog-ng[19315]: Error opening file for writing; filename='/vavr/log/apache/apache.log',
error='No such file or directory (2)' 

within 20 minutes it sends cca 700mb of clear text to the loghost. There is a leased line between the two
hosts via internet and this flooded the communication channel.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.