[syslog-ng] 3.3.x conditional rewrite bug
Martin Holste
mcholste at gmail.com
Thu Nov 10 19:50:33 CET 2011
Excellent! Any estimate as to when it will be in the release tarball?
On Wed, Nov 9, 2011 at 2:18 PM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Mon, 2011-11-07 at 01:45 -0600, Martin Holste wrote:
>> The following will not work in the 3.3.x branch:
>>
>> filter f_rewrite_cisco_program {
>> match('^(%(?:ASA|PIX|FWSM)\-\d\-\d{6}): ([^\n]+)' value("MESSAGE")
>> type("pcre") flags("store-matches" "nobackref")); };
>> rewrite r_cisco_program {
>> set("$1", value("PROGRAM") condition(filter(f_rewrite_cisco_program)));
>> set("$2", value("MESSAGE") condition(filter(f_rewrite_cisco_program)));
>> };
>>
>> It will process a few lines and then hang indefinitely. It will
>> process ok if the condition is taken off of the filter, so I am
>> assuming this is a PCRE issue, though I found it made no difference to
>> remove the PCRE requirement and use a simpler matching expression.
>
> Thanks for catching this, this patch fixes that:
>
> commit fc744aae608a9848cb13fe8098b11423e941c41b
> Author: Balazs Scheidler <bazsi at balabit.hu>
> Date: Wed Nov 9 21:17:34 2011 +0100
>
> logrewrite: fixed conditional rewrite
>
> In case condition() was specified for a rewrite rule and the condition
> didn't match, the log_rewrite_queue() method erroneously returned without
> either dropping the message or sending it on the log message pipeline.
>
> Since rewrite rules may not drop messages, we should
> always call log_pipe_forward_msg().
>
> Reported-By: Martin Holste <mcholste at gmail.com>
> Cc: <syslog-ng-stable at balabit.hu>
> Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
>
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list