[syslog-ng] [Bug 190] New: syslog-ng with TCP source, fails to shutdown properly, and generates core dump
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Tue Aug 28 17:19:47 CEST 2012
https://bugzilla.balabit.com/show_bug.cgi?id=190
Summary: syslog-ng with TCP source, fails to shutdown properly,
and generates core dump
Product: syslog-ng
Version: 3.3.x
Platform: PC
OS/Version: Solaris
Status: NEW
Severity: major
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: marvin.nipper at stream.com
Type of the Report: bug
Estimated Hours: 0.0
OK. I decided to jump to 3.3.6, so that I could get rid of the source patching that I was doing to fix the address spoofing bug in 3.3.5. It compiled
cleanly, and I was hoping that I was finally going to be on an "unpatched" version of 3.3.x!!
However, there is now a completely new bug that has apparently been introduced into 3.3.6, related to TCP sources.
My environment is Solaris 10 U10 x86.
What I am seeing:
The daemon starts fine, and starts collecting log data just fine;
When I execute the standard /etc/init.d script to stop the daemon (using the kill of the PID):
I now instantly get a core dump;
I find that both of the syslog-ng processes are still running;
I find that syslog-ng no longer appears to be processing any of the UDP input (as the files that should grow, because of UDP input, are no longer growing); and
I find that the one file that I generate from TCP input, is still continuing to grow.
Put simply, it appears that the "kill" does not clearly shutdown the TCP source, and so syslog-ng just continues to run, and continues to "eat" TCP packets,
and feed them to their designated target file.
I end up having to do a kill -9 on both of the syslog-ng daemons, in order to get them to stop.
The relevant statements are fairly trivial, and they work flawlessly in 3.3.5 (as well as all previous releases):
source any_tcp { tcp(port(601) max-connections(40)
flags("store-legacy-msghdr", "threaded") use_dns(no)
log_fetch_limit(100) log_iw_size(250)); };
destination workstation_log {
file("/var/adm/log/workstation.log" create_dirs(yes)
flags("threaded")); };
log { source(any_tcp); destination(workstation_log); flags(final); };
Anyway, I'm hoping that you will possibly have some clue as to a particular bit of code that might have been changed between 3.3.5 and 3.3.6, that might be
causing this behavior(??).
Let me know what all you might want/need from me, to assist in sorting this out. SORRY for the bad news (really). I was really hoping that 3.3.6 would be
"painless", and I'm sure that you were hoping for the same thing.
As with the spoofing bug in 3.3.5, I am ALWAYS more than happy to try out a patch, to see if that fixes the problem. I know that it may not be easy to try out
Solaris-related changes (and maybe this issue is just something in Solaris).
As always, THANKS for your time and help.
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list