[syslog-ng] syslog-ng 3.0.1 dies on reload with program() destination

Jan Rekorajski baggins at sith.mimuw.edu.pl
Fri Apr 24 00:48:01 CEST 2009 

On Thu, 23 Apr 2009, Pallagi Zoltan wrote:

> Hi,
> 
> I also have tried to reproduce this issue but without success:
[cut successful run]
> 
> I tested it with sshguard-1.4rc3.
> Could you tell me the version of your sshguard?

I run 1.4rc2, just tried 1.4rc3, still fails :(

> It will be very useful to run syslog-ng with strace:
> strace -s 256 /opt/syslog-ng/sbin/syslog-ng -F

I attached gziped strace output and my config.

Thanks,
Jan
-- 
Jan Rekorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, MANIAC              |                   -- TROOPS by Kevin Rubio
-------------- next part --------------
@version: 3.0
#
# Syslog-ng configuration for PLD Linux
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
	flush_lines(0);
	owner(root);
	group(logs);
	perm(0640);
	create_dirs(yes);
	dir_owner(root);
	dir_group(logs);
	dir_perm(0750);
	stats_freq(3600);
	time_reopen(10);
	time_reap(360);
	mark_freq(600);
	log_fifo_size(2048);
};

source s_sys	{
	file ("/proc/kmsg" program_override("kernel"));
	unix-stream("/dev/log" max-connections(1000));
	internal();
};

# uncomment the line below if you want to setup syslog server
#source s_net	{ udp(); };

#destination d_loghost	{ udp("loghost" port(514)); };

destination d_kern	{ file("/var/log/kernel"); };
destination d_messages	{ file("/var/log/messages"); };
destination d_authlog	{ file("/var/log/secure"); };
destination d_mail	{ file("/var/log/maillog"); };
destination d_uucp	{ file("/var/log/spooler"); };
destination d_debug	{ file("/var/log/debug"); };
destination d_cron	{ file("/var/log/cron" owner(root) group(crontab) perm(0660)); };
destination d_syslog	{ file("/var/log/syslog"); };
destination d_daemon	{ file("/var/log/daemon"); };
destination d_lpr		{ file("/var/log/lpr"); };
destination d_user	{ file("/var/log/user"); };
destination d_ppp		{ file("/var/log/ppp"); };
destination d_ftp		{ file("/var/log/xferlog"); };
destination d_audit	{ file("/var/log/audit"); };
destination d_postgres	{ file("/var/log/pgsql"); };
destination d_freshclam	{ file("/var/log/freshclam.log"); };

# Log iptables messages to separate file
destination d_iptables	{ file("/var/log/iptables"); };

destination d_console	{ usertty("root"); };
#destination d_console_all	{ file("/dev/tty12"); };
destination d_console_all	{ pipe("/var/log/readlog" perm(0644)); file("/dev/tty12"); };

destination d_xconsole	{ pipe("/dev/xconsole"); };

destination d_newscrit	{ file("/var/log/news/news.crit" owner(news) group(news)); };
destination d_newserr	{ file("/var/log/news/news.err" owner(news) group(news)); };
destination d_newsnotice	{ file("/var/log/news/news.notice" owner(news) group(news)); };

destination d_sshguard  { program("/usr/sbin/sshguard -a 6"); };
#destination d_sshguard  { program("/bin/sh -c read"); };

# Filters for standard syslog(3) facilities
#filter f_audit		{ facility(audit); };
filter f_authpriv	{ facility(authpriv, auth); };
filter f_cron		{ facility(cron); };
filter f_daemon		{ facility(daemon); };
filter f_ftp		{ facility(ftp); };
filter f_kern		{ facility(kern); };
filter f_lpr		{ facility(lpr); };
filter f_mail		{ facility(mail); };
filter f_news		{ facility(news); };
filter f_syslog		{ facility(syslog); };
filter f_user		{ facility(user); };
filter f_uucp		{ facility(uucp); };
filter f_local0		{ facility(local0); };
filter f_local1		{ facility(local1); };
filter f_local2		{ facility(local2); };
filter f_local3		{ facility(local3); };
filter f_local4		{ facility(local4); };
filter f_local5		{ facility(local5); };
filter f_local6		{ facility(local6); };
filter f_local7		{ facility(local7); };

# Filters for standard syslog(3) priorities
filter p_debug		{ level(debug); };
filter p_info		{ level(info); };
filter p_notice		{ level(notice); };
filter p_warn		{ level(warn); };
filter p_err		{ level(err); };
filter p_alert		{ level(alert); };
filter p_crit		{ level(crit); };
filter p_emergency	{ level(emerg); };

# Additional filters for specific programs/use
filter f_freshclam	{ program(freshclam); };
filter f_ppp		{ program(pppd) or program(chat); };
filter f_postgres	{ program(postgres); };
filter f_iptables	{ match("IN=[A-Za-z0-9\.]* OUT=[A-Za-z0-9\.]*" value("MESSAGE")); };

log { source(s_sys); filter(f_authpriv);	destination(d_authlog); };
log { source(s_sys); filter(f_cron);		destination(d_cron); };
log { source(s_sys); filter(f_daemon);		destination(d_daemon); };
log { source(s_sys); filter(f_ftp);		destination(d_ftp); };
log { source(s_sys); filter(f_kern);		destination(d_kern); };
log { source(s_sys); filter(f_lpr);		destination(d_lpr); };
log { source(s_sys); filter(f_mail);			destination(d_mail); };
log { source(s_sys); filter(f_news); filter(p_crit);	destination(d_uucp); };
log { source(s_sys); filter(f_news); filter(p_crit);	destination(d_newscrit); };
log { source(s_sys); filter(f_news); filter(p_err);	destination(d_newserr); };
log { source(s_sys); filter(f_news); filter(p_warn);	destination(d_newsnotice); };
log { source(s_sys); filter(f_news); filter(p_notice);	destination(d_newsnotice); };
log { source(s_sys); filter(f_news); filter(p_info);	destination(d_newsnotice); };
log { source(s_sys); filter(f_news); filter(p_debug);	destination(d_newsnotice); };
log { source(s_sys); filter(f_syslog);		destination(d_syslog); };
log { source(s_sys); filter(f_user);		destination(d_user); };
log { source(s_sys); filter(f_uucp);		destination(d_uucp); };

log { source(s_sys); filter(p_debug);		destination(d_debug); };

log { source(s_sys); filter(f_daemon); filter(f_ppp);		destination(d_ppp); };
log { source(s_sys); filter(f_local6); filter(f_freshclam);	destination(d_freshclam); };
log { source(s_sys); filter(f_local0); filter(f_postgres);	destination(d_postgres); };
#log { source(s_sys); filter(f_iptables);	destination(d_iptables); };

log { source(s_sys); filter(p_emergency);	destination(d_console); };
log { source(s_sys); destination(d_console_all); };

log { source(s_sys); destination(d_sshguard); };

#  This is a catchall statement, and should catch all messages which were not
#  accepted any of the previous statements.
log { source(s_sys); destination(d_messages); flags(fallback); };

# Network syslogging
#log { source(s_sys); destination(d_loghost); };
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-strace.gz
Type: application/x-gzip
Size: 7703 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090424/41bd290e/attachment.bin

More information about the syslog-ng mailing list