[syslog-ng] FreeBSD core dump

Alexandre Biancalana biancalana at gmail.com
Mon Oct 7 23:14:59 CEST 2013 

On Thu, Sep 26, 2013 at 3:34 PM, Alexandre Biancalana
<biancalana at gmail.com>wrote:

>
>
> Testing on linux it goes a little further but also crashes:
>
> # gdb syslog-ng/.libs/syslog-ng
>
> GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6)
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <
> http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /tmp/syslog-ng-3.4/syslog-ng/.libs/syslog-ng...done.
>
> (gdb) run -d -f /usr/local/etc/syslog-ng.conf
> Starting program: /tmp/syslog-ng-3.4/syslog-ng/.libs/syslog-ng -d -f
> /usr/local/etc/syslog-ng.conf
>
> [Thread debugging using libthread_db enabled]
> Reading path for candidate modules; path='/usr/local/lib/syslog-ng'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='confgen.so', module='confgen'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='dbparser.so', module='dbparser'
> Registering candidate plugin; module='dbparser', context='parser',
> name='db-parser', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afamqp.so', module='afamqp'
> Registering candidate plugin; module='afamqp', context='destination',
> name='amqp', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='cryptofuncs.so',
> module='cryptofuncs'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='uuid', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='hash', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='sha1', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='sha256', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='sha512', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='md4', preference='0'
> Registering candidate plugin; module='cryptofuncs',
> context='template-func', name='md5', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='basicfuncs.so', module='basicfuncs'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='grep', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='if', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='echo', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='length', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='substr', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='strip', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='sanitize', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='+', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='-', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='*', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='/', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='%', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='ipv4-to-int', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='indent-multi-line', preference='0'
> Registering candidate plugin; module='basicfuncs',
> context='template-func', name='context-length', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afuser.so', module='afuser'
> Registering candidate plugin; module='afuser', context='destination',
> name='usertty', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afsocket-notls.so',
> module='afsocket-notls'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='unix-stream', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='unix-stream', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='unix-dgram', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='unix-dgram', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='tcp', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='tcp', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='tcp6', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='tcp6', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='udp', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='udp', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='udp6', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='udp6', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='syslog', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='syslog', preference='0'
> Registering candidate plugin; module='afsocket-notls', context='source',
> name='network', preference='0'
> Registering candidate plugin; module='afsocket-notls',
> context='destination', name='network', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afsocket.so', module='afsocket'
> Registering candidate plugin; module='afsocket', context='source',
> name='unix-stream', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='unix-stream', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='unix-dgram', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='unix-dgram', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='tcp', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='tcp', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='tcp6', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='tcp6', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='udp', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='udp', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='udp6', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='udp6', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='syslog', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='syslog', preference='100'
> Registering candidate plugin; module='afsocket', context='source',
> name='network', preference='100'
> Registering candidate plugin; module='afsocket', context='destination',
> name='network', preference='100'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='affile.so', module='affile'
> Registering candidate plugin; module='affile', context='source',
> name='file', preference='0'
> Registering candidate plugin; module='affile', context='source',
> name='pipe', preference='0'
> Registering candidate plugin; module='affile', context='destination',
> name='file', preference='0'
> Registering candidate plugin; module='affile', context='destination',
> name='pipe', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='csvparser.so', module='csvparser'
> Registering candidate plugin; module='csvparser', context='parser',
> name='csv-parser', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afprog.so', module='afprog'
> Registering candidate plugin; module='afprog', context='source',
> name='program', preference='0'
> Registering candidate plugin; module='afprog', context='destination',
> name='program', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='syslog-ng-crypto.so',
> module='syslog-ng-crypto'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='syslogformat.so',
> module='syslogformat'
> Registering candidate plugin; module='syslogformat', context='format',
> name='syslog', preference='0'
> Registering candidate plugin; module='syslogformat', context='parser',
> name='syslog-parser', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afmongodb.so', module='afmongodb'
> Registering candidate plugin; module='afmongodb', context='destination',
> name='mongodb', preference='0'
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='system-source.so',
> module='system-source'
>
> Reading shared object for a candidate module;
> path='/usr/local/lib/syslog-ng', fname='afsocket-tls.so',
> module='afsocket-tls'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='unix-stream', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='unix-stream', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='unix-dgram', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='unix-dgram', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='tcp', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='tcp', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='tcp6', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='tcp6', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='udp', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='udp', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='udp6', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='udp6', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='syslog', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='syslog', preference='100'
> Registering candidate plugin; module='afsocket-tls', context='source',
> name='network', preference='100'
> Registering candidate plugin; module='afsocket-tls',
> context='destination', name='network', preference='100'
> Compiling #unnamed sequence [log] at [/usr/local/etc/syslog-ng.conf:4]
>   Compiling httpd_error_log reference [source] at
> [/usr/local/etc/syslog-ng.conf:4]
>     Compiling httpd_error_log sequence [source] at
> [/usr/local/etc/syslog-ng.conf:1]
>
>       Compiling #unnamed junction [log] at
> [/usr/local/etc/syslog-ng.conf:1]
>         Compiling #unnamed single [log] at
> [/usr/local/etc/syslog-ng.conf:1]
>   Compiling pattern_db reference [parser] at
> [/usr/local/etc/syslog-ng.conf:4]
>     Compiling pattern_db sequence [parser] at
> [/usr/local/etc/syslog-ng.conf:1]
>
>       Compiling #unnamed single [log] at [/usr/local/etc/syslog-ng.conf:1]
>   Compiling d_amqp reference [destination] at
> [/usr/local/etc/syslog-ng.conf:4]
>     Compiling d_amqp sequence [destination] at
> [/usr/local/etc/syslog-ng.conf:2]
>       Compiling #unnamed junction [log] at
> [/usr/local/etc/syslog-ng.conf:2]
>         Compiling #unnamed single [log] at
> [/usr/local/etc/syslog-ng.conf:2]
> Log pattern database reloaded; file='/home/ale/httpd.xml', version='3',
> pub_date='2013-09-12'
> [New Thread 0x7ffff7fe3700 (LWP 3098)]
>
> Running application hooks; hook='1'
> Running application hooks; hook='3'
> syslog-ng starting up; version='3.4.3'
> Worker thread started; driver='d_amqp#0'
> Connecting to AMQP succeeded; driver='d_amqp#0'
> Incoming log entry; line='[2013-09-07 21:37:18.103339] [-:error] [pid
> 29919:tid 139776059467520] [client 10.10.10.10] ModSecurity: Warning.
> Operator GE matched 4 at TX:outbound_anomaly_score. [file
> "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"]
> [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4):
> The application is not available"] [hostname "www.xxx.com"] [uri
> "/wp/wp-content/themes/musicpro/js/solo-jplayer.min.js"] [unique_id
> "UiucjcCoALkAAHTfttcAAACM"]
> [2013-09-07 21:37:18.131577] [-:error] [pid 29777:tid 139776257115904]
> [client 10.10.10.10] ModSecurity: Warning. Operator GE matched 4 at
> TX:outbound_anomaly_score. [file
> "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"]
> [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4):
> The application is not available"] [hostname "www.xxx.com"] [uri
> "/wp/wp-includes/js/comment-reply.js"] [unique_id
> "UiucjsCoALkAAHRR1KoAAAAA"]'
> patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'
> Advancing patterndb current time because of an incoming message;
> utc='1380220111'
>
> Message parsing complete; result='1'
> Incoming log entry; line='[2013-09-07 21:37:18.135037] [-:error] [pid
> 29777:tid 139776153876224] [client 10.10.10.10] ModSecurity: Warning.
> Operator GE matched 4 at TX:outbound_anomaly_score. [file
> "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"]
> [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4):
> The application is not available"] [hostname "www.xxx.com"] [uri
> "/wp/wp-content/themes/musicpro/js/tooltipsy.js"] [unique_id
> "UiucjsCoALkAAHRR1KgAAAAD"]'
> patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'
> Advancing patterndb current time because of an incoming message;
> utc='1380220111'
>
> Message parsing complete; result='1'
> Incoming log entry; line='[2013-09-07 21:37:18.136092] [-:error] [pid
> 29777:tid 139776132896512] [client 10.10.10.10] ModSecurity: Warning.
> Operator GE matched 4 at TX:outbound_anomaly_score. [file
> "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"]
> [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4):
> The application is not available"] [hostname "www.xxx.com"] [uri
> "/wp/wp-content/themes/musicpro/js/custom.js"] [unique_id
> "UiucjsCoALkAAHRR1KsAAAAF"]'
> patterndb rule matches; rule_id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4'
> Advancing patterndb current time because of an incoming message;
> utc='1380220111'
>
> Message parsing complete; result='1'
> Incoming log entry; line='[2013-09-07 21:37:18.138618] [-:error] [pid
> 29777:tid 139776143386368] [client 10.10.10.10] ModSecurity: Warning.
> Operator GE matched 4 at TX:outbound_anomaly_score. [file
> "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"]
> [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4):
> The application is not available"] [hostname "www.xxx.com"] [uri
> "/wp/wp-content/themes/musicpro/js/izotope.js"] [unique_id
> "UiucjsCoALkAAHRR1KkAAAAE"]'
>
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff7fe3700 (LWP 3098)]
> 0x00007ffff7b8de6e in msg_set_context () from /usr/local/lib/
> libsyslog-ng-3.4.3.so
> Missing separate debuginfos, use: debuginfo-install
> glib2-2.22.5-7.el6.x86_64 glibc-2.12-1.107.el6.x86_64
> keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64
> libcom_err-1.41.12-14.el6.x86_64 libnet-1.1.5-1.el6.x86_64
> libselinux-2.0.94-5.3.el6.x86_64 openssl-1.0.0-27.el6.x86_64
> pcre-7.8-6.el6.x86_64 syslog-ng-3.4.3-1.x86_64 zlib-1.2.3-29.el6.x86_64
> (gdb) bt
> #0  0x00007ffff7b8de6e in msg_set_context () from /usr/local/lib/
> libsyslog-ng-3.4.3.so
> #1  0x00007ffff3e3e995 in ?? () from /usr/local/lib/syslog-ng/libafamqp.so
> #2  0x00007ffff7b8e63b in ?? () from /usr/local/lib/libsyslog-ng-3.4.3.so
> #3  0x00007ffff70a3004 in ?? () from /lib64/libglib-2.0.so.0
> #4  0x00007ffff67f7851 in start_thread () from /lib64/libpthread.so.0
> #5  0x00007ffff654590d in clone () from /lib64/libc.so.6
> (gdb)
>
>
>
Hi List,


Is there anything else that I can do to help to track/solve this ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20131007/4432e3ca/attachment-0001.htm

More information about the syslog-ng mailing list