[syslog-ng] syslog-ng-3.4.0alpha2 syslog-ng binary failure for server instance.

anju.raveendrannair at wipro.com anju.raveendrannair at wipro.com
Fri Jun 8 13:46:18 CEST 2012 

Hi,

We are using syslog-ng-3.4.0alpha2 binary and trying to run the syslog-ng server configuration file, but its not starting the syslog ng server.
We are getting the following error  incase of f__nonconsole_access filter when we ran the syslog-ng binary in debug mode.

Filter rule evaluation result; result='match', rule='f_nonconsole_access', location='/ne_data/conf/syslogng/syslog-ng_server.conf:58:29'
**
ERROR:logmsg.c:535:log_msg_set_value_indirect: assertion failed: (!log_msg_is_write_protected(self))
Abort (core dumped)

PFA the debug.log

The server conf is having the following line for the above mentioned filter,

template ltemgr_msg_template { template("$S_ISODATE $HOST $FACILITY_NUM/$LEVEL_NUM $MSG\n"); };

#To  strip of the msg_id introduced by syslogd
rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};

source s_LTEMGR_SYSLOG_CLIENTS{ tcp (ip (27.132.98.69) port(6515) max-connections(4)
            tls(
                key_file("/ne_data/conf/certificates/MOCM/MOCM_key.pem")
                cert_file("/ne_data/conf/certificates/MOCM/MOCM_SB_server.pem")
                ca_dir("/ne_data/conf/certificates/SYSLOGNG")
                cipher_suite("ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2")
                peer_verify(optional-untrusted)
            )
        );
};
.......

destination d_ltemgr_nonconsoleaccess_log  {file("/ne_data/syslog/ems" perm(0644) template(ltemgr_msg_template)); };
......
filter f_nonconsole_access { level(info..notice) and facility(auth) and ( match("Accepted password for" value("MESSAGE")) or match("Failed password for"  value("MESSAGE")) ); };
.....
log { source(s_LTEMGR_SYSLOG_CLIENTS); filter(f_nonconsole_access); rewrite(rw_msg);  destination(d_ltemgr_nonconsoleaccess_log);  };

Without debug mode, we were able to run the server but central logging is not happening when tried with logger command.

Thanks,
Anju



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120608/6db66f35/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.log
Type: application/octet-stream
Size: 14675 bytes
Desc: debug.log
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120608/6db66f35/attachment-0001.obj

More information about the syslog-ng mailing list