[syslog-ng] syslog-ng 3.0.1 dies on reload with program() destination

Pallagi Zoltan pzolee at balabit.hu
Thu Apr 23 21:23:42 CEST 2009


Jan Rekorajski írta:
> On Tue, 14 Apr 2009, Balazs Scheidler wrote:
>
>   
>> On Mon, 2009-03-30 at 22:54 +0200, Jan Rekorajski wrote:
>>     
>>> Sorry for possible double post, I sent the first from wrong email.
>>>
>>> Hi,
>>> Syslog-ng 3.0.1 dies on reload (kill -HUP pid) when config file contains
>>> log { destination { program() } }  directive set. 100% repeatable.
>>>
>>> Here are the relevant config lines:
>>>
>>> destination d_sshguard  { program("/usr/sbin/sshguard -a 6"); };
>>> # A desperate experiment
>>> #destination d_sshguard  { program("read"); };
>>>
>>> log { source(s_sys); filter(f_authpriv);        destination(d_sshguard); };
>>>
>>>
>>> From what I managed to find with strace/ltrace, syslog-ng kills the
>>> program, does not clear some data structures and then falls face down
>>> with sigsegv/term/ill trying to restart/reattach(?) to the program.
>>>
>>> The exact same configuration works perfectly with version 2.0.10.
>>>
>>>       
>> Hm... I've just tried to reproduce this problem with current 3.0 HEAD
>> and also 3.0.1, but without success.
>>
>> Can you show me a backtrace of the failing program? You can do it using:
>>
>> gdb syslog-ng core
>> (gdb) bt
>>     
>
> I can't get it to dump core unfortunately, all I get is:
>
> # syslog-ng -f /etc/syslog-ng/syslog-ng.conf
>
> Apr 15 11:25:25 sith syslog-ng[26571]: syslog-ng starting up; version='3.0.1'
> Apr 15 11:25:25 sith sshguard[26576]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan.
>
> # kill -HUP 26571
>
> Apr 15 11:25:33 sith sshguard[26576]: Got exit signal, flushing blocked addresses and exiting...
> Apr 15 11:25:33 sith sshguard[26576]: Run command "/usr/sbin/iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1.
> Apr 15 11:25:33 sith syslog-ng[26571]: WARNING: Your configuration uses a newly introduced reserved word as identifier, please use a different name; keyword='syslog', filename='/etc/syslog-ng/syslog-ng.conf', line='77'
> Apr 15 11:25:33 sith syslog-ng[26571]: Configuration reload request received, reloading configuration;
> Apr 15 11:25:33 sith sshguard[26585]: Started successfully [(a,p,s)=(6, 420, 1200)], now ready to scan.
> Apr 15 11:25:33 sith syslog-ng[26571]: Termination requested via signal, terminating;
> Apr 15 11:25:33 sith sshguard[26585]: Got exit signal, flushing blocked addresses and exiting...
> Apr 15 11:25:33 sith syslog-ng[26571]: syslog-ng shutting down; version='3.0.1'
>
> Jan
>   

Hi,

I also have tried to reproduce this issue but without success:

Apr 23 19:52:42 pzolee-laptop syslog-ng[7281]: syslog-ng starting up; 
version='3.0.1'
Apr 23 19:52:42 pzolee-laptop sshguard[7283]: Started successfully 
[(a,p,s)=(6, 420, 1200)], now ready to scan.
Apr 23 19:52:58 pzolee-laptop pzolee: test message
#kill -HUP 7281
Apr 23 19:53:12 pzolee-laptop sshguard[7283]: Got exit signal, flushing 
blocked addresses and exiting...
Apr 23 19:53:12 pzolee-laptop syslog-ng[7281]: Configuration reload 
request received, reloading configuration;
Apr 23 19:53:12 pzolee-laptop sshguard[7304]: Started successfully 
[(a,p,s)=(6, 420, 1200)], now ready to scan.
Apr 23 19:53:12 pzolee-laptop sshguard[7283]: Run command 
"/sbin/iptables -F sshguard ; /sbin/ip6tables -F sshguard": exited 1.
Apr 23 19:53:16 pzolee-laptop pzolee: test message2

I tested it with sshguard-1.4rc3.
Could you tell me the version of your sshguard?
It will be very useful to run syslog-ng with strace:
strace -s 256 /opt/syslog-ng/sbin/syslog-ng -F

Regards,
Zoltan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090423/eec6eb39/attachment-0001.htm 


More information about the syslog-ng mailing list