[syslog-ng] syslog-ng 3.6.2 using stomp
Tusa Viktor
tusavik at gmail.com
Fri Jan 30 00:25:47 CET 2015
Hi Ole!
You are totally right, this is a bug in afstomp module. There is a missing
g_sockaddr_set_port() call in stomp.c. I can create a patch for you at the
weekend, or you can patch it manually by inserting the line:
g_sockaddr_set_port(conn->remote_sa, (uint16) port); into
modules/afstomp/stomp.c in line 118.
Thanks for the detailed bug report!
HtH,
Viktor
On Thu, Jan 29, 2015 at 6:39 PM, Ole Jørgensen <oleide at gmail.com> wrote:
> Hi,
>
> I'm testing the stomp destination using syslog-ng ose 3.6.2, and as the
> process starts it logs:
> # /opt/syslog-ng-3.6.2/sbin/syslog-ng -f
> /opt/syslog-ng-3.6.2/etc/syslog-ng.conf -F -d -v -t 2>&1 | grep -i stomp
> [2015-01-29T18:29:45.323518] Reading shared object for a candidate module;
> path='/opt/syslog-ng-3.6.2/lib/syslog-ng', fname='afstomp.so',
> module='afstomp'
> [2015-01-29T18:29:45.323629] Registering candidate plugin;
> module='afstomp', context='destination', name='stomp', preference='0'
> [2015-01-29T18:29:45.343833] Module loaded and initialized successfully;
> module='afstomp'
> [2015-01-29T18:29:45.344725] Compiling d_stomp reference [destination]
> at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:70:2]
> [2015-01-29T18:29:45.344728] Compiling d_stomp sequence [destination]
> at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:32:1]
> [2015-01-29T18:29:45.345092] Initializing STOMP destination;
> host='localhost', port='61613', destination='/topic/syslog'
> [2015-01-29T18:29:45.345368] Worker thread started; driver='d_stomp#0'
> [2015-01-29T18:29:45.346854] Stomp connection failed; host='localhost'
>
> Relevant parts of my configuration:
> destination d_stomp {
> stomp(
> host("localhost")
> port(61613)
> body("testing")
> ack(yes)
> retries(9)
> value-pairs(scope(everything))
> );
> };
>
> The strange thing is that when I'm starting syslog-ng I am running tcpdump
> -i lo -s0 -nn -v port 61613, and cannot see any packets. I would expect at
> least a syn connection since it claims to fail. SELinux does not log any
> denies during the startup, so I suspect the problem to be elsewhere.
>
> If i do a tcpdump -i lo -s0 -nn -v -X and start syslog-ng this is captured:
> 18:33:26.833330 IP (tos 0x0, ttl 64, id 5652, offset 0, flags [DF], proto
> TCP (6), length 60)
> 127.0.0.1.35340 > 127.0.0.1.0: Flags [S], cksum 0xd601 (correct), seq
> 801587243, win 65495, options [mss 65495,sackOK,TS val 700601919 ecr
> 0,nop,wscale 7], length 0
> 0x0000: 4500 003c 1614 4000 4006 26a6 7f00 0001 E..<.. at .@.&.....
> 0x0010: 7f00 0001 8a0c 0000 2fc7 402b 0000 0000 ......../. at +....
> 0x0020: a002 ffd7 d601 0000 0204 ffd7 0402 080a ................
> 0x0030: 29c2 563f 0000 0000 0103 0307 ).V?........
> 18:33:26.833412 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP
> (6), length 40)
> 127.0.0.1.0 > 127.0.0.1.35340: Flags [R.], cksum 0xb7ce (correct), seq
> 0, ack 801587244, win 0, length 0
> 0x0000: 4500 0028 0000 4000 4006 3cce 7f00 0001 E..(.. at .@.<.....
> 0x0010: 7f00 0001 0000 8a0c 0000 0000 2fc7 402c ............/.@,
> 0x0020: 5014 0000 b7ce 0000 P.......
>
> So we get a syn to port 0 and answer with reset. Could there be a port
> parsing error for stomp in syslog-ng OSE 3.6.2? Any suggestions?
>
> Also: syslog-ng spawns another thread to do the stomp connection, any
> suggestions on how I can strace this thread during startup to see what is
> actually going on? Would love to know if in fact this connection is made to
> port 0.
>
> Thanks,
> Ole
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150130/40d3a0c2/attachment.htm
More information about the syslog-ng
mailing list