[syslog-ng] syslog-ng 3.6.2 using stomp

Scheidler, Balázs balazs.scheidler at balabit.com
Fri Jan 30 10:50:01 CET 2015


Hi,

I have pushed an untested but compiled commit on f/stomp-port-fix. Could
you pls test whether it solves your problem?

It was broken here:

Author: Balazs Scheidler <bazsi at balabit.hu>  2013-10-31 08:17:02
Committer: Balazs Scheidler <bazsi at balabit.hu>  2013-11-10 19:04:35
Parent: ebb82d15f586829e478e51e7c33d6bb69dc7c3d8 (stomp: rearrange headers
to match syslog-ng conventions)
Branches: master, nisz, remotes/origin/master and many more (82)
Follows: v3.5.1
Precedes: syslog-ng-3.6.0alpha1

    host-resolve: always return a new GSockAddr instance from
resolve_hostname_to_sockaddr()

    Instead of trying to _change_ an existing GSockAddr instance, always
return
    a new one. This makes the API easier to use, as well as makes
    the implementation simpler. The original prototype probably dates back
    to times when the afsocket driver stored ip/port parameters in an
    existing GSockAddr instance and creating a new one was not good.

    These times, we basically create the GSockAddr instance in the drivers
    just to satisfy this requirement. So this patch simplifies call-sites
    as well.

    The only reason the input GSockAddr was used to determine the target
address
    family, but I introduced a new parameter for that.

    Also the patch adds coverage for IPv6 in the testsuite.

    Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>

-- 
Bazsi

On Fri, Jan 30, 2015 at 12:25 AM, Tusa Viktor <tusavik at gmail.com> wrote:

> Hi Ole!
>
> You are totally right, this is a bug in afstomp module. There is a missing
> g_sockaddr_set_port() call in stomp.c. I can create a patch for you at the
> weekend, or you can patch it manually by inserting the line:
> g_sockaddr_set_port(conn->remote_sa, (uint16) port);  into
> modules/afstomp/stomp.c in line 118.
>
> Thanks for the detailed bug report!
>
> HtH,
> Viktor
>
> On Thu, Jan 29, 2015 at 6:39 PM, Ole Jørgensen <oleide at gmail.com> wrote:
>
>> Hi,
>>
>> I'm testing the stomp destination using syslog-ng ose 3.6.2, and as the
>> process starts it logs:
>> # /opt/syslog-ng-3.6.2/sbin/syslog-ng -f
>> /opt/syslog-ng-3.6.2/etc/syslog-ng.conf -F -d -v -t 2>&1 | grep -i stomp
>> [2015-01-29T18:29:45.323518] Reading shared object for a candidate
>> module; path='/opt/syslog-ng-3.6.2/lib/syslog-ng', fname='afstomp.so',
>> module='afstomp'
>> [2015-01-29T18:29:45.323629] Registering candidate plugin;
>> module='afstomp', context='destination', name='stomp', preference='0'
>> [2015-01-29T18:29:45.343833] Module loaded and initialized successfully;
>> module='afstomp'
>> [2015-01-29T18:29:45.344725]   Compiling d_stomp reference [destination]
>> at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:70:2]
>> [2015-01-29T18:29:45.344728]     Compiling d_stomp sequence
>> [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:32:1]
>> [2015-01-29T18:29:45.345092] Initializing STOMP destination;
>> host='localhost', port='61613', destination='/topic/syslog'
>> [2015-01-29T18:29:45.345368] Worker thread started; driver='d_stomp#0'
>> [2015-01-29T18:29:45.346854] Stomp connection failed; host='localhost'
>>
>> Relevant parts of my configuration:
>> destination d_stomp {
>>         stomp(
>>                 host("localhost")
>>                 port(61613)
>>                 body("testing")
>>                 ack(yes)
>>                 retries(9)
>>                 value-pairs(scope(everything))
>>         );
>> };
>>
>> The strange thing is that when I'm starting syslog-ng I am running
>> tcpdump -i lo -s0 -nn -v port 61613, and cannot see any packets. I would
>> expect at least a syn connection since it claims to fail. SELinux does not
>> log any denies during the startup, so I suspect the problem to be elsewhere.
>>
>> If i do a tcpdump -i lo -s0 -nn -v -X and start syslog-ng this is
>> captured:
>> 18:33:26.833330 IP (tos 0x0, ttl 64, id 5652, offset 0, flags [DF],
>> proto TCP (6), length 60)
>>     127.0.0.1.35340 > 127.0.0.1.0: Flags [S], cksum 0xd601 (correct), seq
>> 801587243, win 65495, options [mss 65495,sackOK,TS val 700601919 ecr
>> 0,nop,wscale 7], length 0
>>         0x0000:  4500 003c 1614 4000 4006 26a6 7f00 0001  E..<.. at .@.&.....
>>         0x0010:  7f00 0001 8a0c 0000 2fc7 402b 0000 0000  ......../. at +....
>>         0x0020:  a002 ffd7 d601 0000 0204 ffd7 0402 080a  ................
>>         0x0030:  29c2 563f 0000 0000 0103 0307            ).V?........
>> 18:33:26.833412 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
>> TCP (6), length 40)
>>     127.0.0.1.0 > 127.0.0.1.35340: Flags [R.], cksum 0xb7ce (correct),
>> seq 0, ack 801587244, win 0, length 0
>>         0x0000:  4500 0028 0000 4000 4006 3cce 7f00 0001  E..(.. at .@.<.....
>>         0x0010:  7f00 0001 0000 8a0c 0000 0000 2fc7 402c  ............/.@,
>>         0x0020:  5014 0000 b7ce 0000                      P.......
>>
>> So we get a syn to port 0 and answer with reset. Could there be a port
>> parsing error for stomp in syslog-ng OSE 3.6.2? Any suggestions?
>>
>> Also: syslog-ng spawns another thread to do the stomp connection, any
>> suggestions on how I can strace this thread during startup to see what is
>> actually going on? Would love to know if in fact this connection is made to
>> port 0.
>>
>> Thanks,
>> Ole
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150130/a81a5f08/attachment-0001.htm 


More information about the syslog-ng mailing list