[syslog-ng] udp6 source declaration causes syslog+tls to fail

Jan Schaumann jschauma at netmeister.org
Sun Nov 15 20:40:06 CET 2009 

Hello,

I'm seeing what appears to be an odd interaction between the declaration
of an udp6 source and trying to forward messages via tls to another
host.

I have the following configuration:

# UDP will use the regular port 514 as per /etc/services.
source s_udp {
        udp(log_fetch_limit(400000000));

        # UDP6 definition requires an explicit port statement.
        # See upstream bug
        # https://bugzilla.balabit.com/show_bug.cgi?id=58
#       udp6(
#               port(514)
#               log_fetch_limit(400000000)
#       );
};

destination d_amslog {
        syslog("<hostname>"
                port(6514)
                suppress(30)
                transport("tls")
                tls(
                        ca_dir("<dir>")
                        cert_file("<cert>")
                        key_file("<key>")
                        trusted_keys("<fp>")
                )
        );
};

log {
        source(s_udp);
        destination(d_amslog);
        flags(final);
};


Now this works just fine with the "udp6" part commented out as above.
However, if I uncomment the udp6 part, I get the following error:

ERROR:gsockaddr.h:86:g_sockaddr_inet_get_sa: assertion failed:
(g_sockaddr_inet_check(s)) failed!


Note that if I remove the destination from the log directive (ie comment
out the line "destination(d_amslog);", I still get the same error.

If I comment out the entire syslog directive and replace it with a file
destination, there is no problem (even though the udp6 source definition
is there).

It seems as if -- and I'm guessing here -- the udp6 declaration causes
syslog-ng to try to treat the subsequent "syslog" directive to be an
IPv6 type connection, which fails since the host does not (currently)
have IPv6 configured.  Ie, I believe syslog-ng assumes that just by the
existence of an IPv6 source all connections will be IPv6 (which, if
correct, seems like a bug to me).


The version of syslog-ng here is:

syslog-ng 3.0.3
Revision:
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#08c9bf9d98e4e021756adc12c42605840140ba8b
Compile-Date: Sep 12 2009 02:43:20
Enable-Threads: off
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps: off
Enable-Pcre: on


Any suggestion on how to fix this would be appreciated.
Thanks in advance,
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091115/1102b224/attachment.pgp

More information about the syslog-ng mailing list