[syslog-ng] syslog-ng 3.6.2 using stomp

Scheidler, Balázs balazs.scheidler at balabit.com
Fri Jan 30 10:52:41 CET 2015 

Here's the pull request:

https://github.com/balabit/syslog-ng/pull/376

Could you pls report success with this patch there? Thanks.


-- 
Bazsi

On Fri, Jan 30, 2015 at 10:50 AM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

> Hi,
>
> I have pushed an untested but compiled commit on f/stomp-port-fix. Could
> you pls test whether it solves your problem?
>
> It was broken here:
>
> Author: Balazs Scheidler <bazsi at balabit.hu>  2013-10-31 08:17:02
> Committer: Balazs Scheidler <bazsi at balabit.hu>  2013-11-10 19:04:35
> Parent: ebb82d15f586829e478e51e7c33d6bb69dc7c3d8 (stomp: rearrange headers
> to match syslog-ng conventions)
> Branches: master, nisz, remotes/origin/master and many more (82)
> Follows: v3.5.1
> Precedes: syslog-ng-3.6.0alpha1
>
>     host-resolve: always return a new GSockAddr instance from
> resolve_hostname_to_sockaddr()
>
>     Instead of trying to _change_ an existing GSockAddr instance, always
> return
>     a new one. This makes the API easier to use, as well as makes
>     the implementation simpler. The original prototype probably dates back
>     to times when the afsocket driver stored ip/port parameters in an
>     existing GSockAddr instance and creating a new one was not good.
>
>     These times, we basically create the GSockAddr instance in the drivers
>     just to satisfy this requirement. So this patch simplifies call-sites
>     as well.
>
>     The only reason the input GSockAddr was used to determine the target
> address
>     family, but I introduced a new parameter for that.
>
>     Also the patch adds coverage for IPv6 in the testsuite.
>
>     Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
>
> --
> Bazsi
>
> On Fri, Jan 30, 2015 at 12:25 AM, Tusa Viktor <tusavik at gmail.com> wrote:
>
>> Hi Ole!
>>
>> You are totally right, this is a bug in afstomp module. There is a
>> missing g_sockaddr_set_port() call in stomp.c. I can create a patch for you
>> at the weekend, or you can patch it manually by inserting the line:
>> g_sockaddr_set_port(conn->remote_sa, (uint16) port);  into
>> modules/afstomp/stomp.c in line 118.
>>
>> Thanks for the detailed bug report!
>>
>> HtH,
>> Viktor
>>
>> On Thu, Jan 29, 2015 at 6:39 PM, Ole Jørgensen <oleide at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm testing the stomp destination using syslog-ng ose 3.6.2, and as the
>>> process starts it logs:
>>> # /opt/syslog-ng-3.6.2/sbin/syslog-ng -f
>>> /opt/syslog-ng-3.6.2/etc/syslog-ng.conf -F -d -v -t 2>&1 | grep -i stomp
>>> [2015-01-29T18:29:45.323518] Reading shared object for a candidate
>>> module; path='/opt/syslog-ng-3.6.2/lib/syslog-ng', fname='afstomp.so',
>>> module='afstomp'
>>> [2015-01-29T18:29:45.323629] Registering candidate plugin;
>>> module='afstomp', context='destination', name='stomp', preference='0'
>>> [2015-01-29T18:29:45.343833] Module loaded and initialized
>>> successfully; module='afstomp'
>>> [2015-01-29T18:29:45.344725]   Compiling d_stomp reference
>>> [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:70:2]
>>> [2015-01-29T18:29:45.344728]     Compiling d_stomp sequence
>>> [destination] at [/opt/syslog-ng-3.6.2/etc/syslog-ng.conf:32:1]
>>> [2015-01-29T18:29:45.345092] Initializing STOMP destination;
>>> host='localhost', port='61613', destination='/topic/syslog'
>>> [2015-01-29T18:29:45.345368] Worker thread started; driver='d_stomp#0'
>>> [2015-01-29T18:29:45.346854] Stomp connection failed; host='localhost'
>>>
>>> Relevant parts of my configuration:
>>> destination d_stomp {
>>>         stomp(
>>>                 host("localhost")
>>>                 port(61613)
>>>                 body("testing")
>>>                 ack(yes)
>>>                 retries(9)
>>>                 value-pairs(scope(everything))
>>>         );
>>> };
>>>
>>> The strange thing is that when I'm starting syslog-ng I am running
>>> tcpdump -i lo -s0 -nn -v port 61613, and cannot see any packets. I would
>>> expect at least a syn connection since it claims to fail. SELinux does not
>>> log any denies during the startup, so I suspect the problem to be elsewhere.
>>>
>>> If i do a tcpdump -i lo -s0 -nn -v -X and start syslog-ng this is
>>> captured:
>>> 18:33:26.833330 IP (tos 0x0, ttl 64, id 5652, offset 0, flags [DF],
>>> proto TCP (6), length 60)
>>>     127.0.0.1.35340 > 127.0.0.1.0: Flags [S], cksum 0xd601 (correct),
>>> seq 801587243, win 65495, options [mss 65495,sackOK,TS val 700601919 ecr
>>> 0,nop,wscale 7], length 0
>>>         0x0000:  4500 003c 1614 4000 4006 26a6 7f00 0001
>>>  E..<.. at .@.&.....
>>>         0x0010:  7f00 0001 8a0c 0000 2fc7 402b 0000 0000
>>>  ......../. at +....
>>>         0x0020:  a002 ffd7 d601 0000 0204 ffd7 0402 080a
>>>  ................
>>>         0x0030:  29c2 563f 0000 0000 0103 0307            ).V?........
>>> 18:33:26.833412 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
>>> TCP (6), length 40)
>>>     127.0.0.1.0 > 127.0.0.1.35340: Flags [R.], cksum 0xb7ce (correct),
>>> seq 0, ack 801587244, win 0, length 0
>>>         0x0000:  4500 0028 0000 4000 4006 3cce 7f00 0001
>>>  E..(.. at .@.<.....
>>>         0x0010:  7f00 0001 0000 8a0c 0000 0000 2fc7 402c
>>>  ............/.@,
>>>         0x0020:  5014 0000 b7ce 0000                      P.......
>>>
>>> So we get a syn to port 0 and answer with reset. Could there be a port
>>> parsing error for stomp in syslog-ng OSE 3.6.2? Any suggestions?
>>>
>>> Also: syslog-ng spawns another thread to do the stomp connection, any
>>> suggestions on how I can strace this thread during startup to see what is
>>> actually going on? Would love to know if in fact this connection is made to
>>> port 0.
>>>
>>> Thanks,
>>> Ole
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150130/49d25406/attachment.htm

More information about the syslog-ng mailing list