[syslog-ng] 3.3.x conditional rewrite bug
Balazs Scheidler
bazsi at balabit.hu
Wed Nov 9 21:18:55 CET 2011
On Mon, 2011-11-07 at 01:45 -0600, Martin Holste wrote:
> The following will not work in the 3.3.x branch:
>
> filter f_rewrite_cisco_program {
> match('^(%(?:ASA|PIX|FWSM)\-\d\-\d{6}): ([^\n]+)' value("MESSAGE")
> type("pcre") flags("store-matches" "nobackref")); };
> rewrite r_cisco_program {
> set("$1", value("PROGRAM") condition(filter(f_rewrite_cisco_program)));
> set("$2", value("MESSAGE") condition(filter(f_rewrite_cisco_program)));
> };
>
> It will process a few lines and then hang indefinitely. It will
> process ok if the condition is taken off of the filter, so I am
> assuming this is a PCRE issue, though I found it made no difference to
> remove the PCRE requirement and use a simpler matching expression.
Thanks for catching this, this patch fixes that:
commit fc744aae608a9848cb13fe8098b11423e941c41b
Author: Balazs Scheidler <bazsi at balabit.hu>
Date: Wed Nov 9 21:17:34 2011 +0100
logrewrite: fixed conditional rewrite
In case condition() was specified for a rewrite rule and the condition
didn't match, the log_rewrite_queue() method erroneously returned without
either dropping the message or sending it on the log message pipeline.
Since rewrite rules may not drop messages, we should
always call log_pipe_forward_msg().
Reported-By: Martin Holste <mcholste at gmail.com>
Cc: <syslog-ng-stable at balabit.hu>
Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
--
Bazsi
More information about the syslog-ng
mailing list