[syslog-ng] Warnings and error while loading default.xml in syslog-ng-3.25.1
Evan Rempel
erempel at uvic.ca
Sat Feb 15 19:10:10 UTC 2020
I'm not exactly sure what is or is not permitted in the pattern database
but I two comments.
1. you need end your rule tag and your rules tag before you start a new
ruleset tag.
2. What I do in my pattern database is of the form.
<ruleset id="f582419b3baa42d4a57e42b89704e38c" description="">
<pattern>proxysg</pattern>
<rules>
<rule id="f582419b3baa42d4a57e42b89704e38c">
<patterns>
<pattern>foo</pattern>
</patterns>
</rule>
<rule id="bb169f917216467985cc16e28015f5fa">
<patterns>
<pattern>bar</pattern>
</patterns>
</rules>
</ruleset>
Note:
1. the closing tag of </rule> before a new starting tag of <rule>
2. Multiple "rule" entries inside the the "rules" entry.
3. the closing tag of </rule> before the closing tag of </rules>
4. the closing tag of </rules> before the closing tag of </ruleset>
I hope that helps.
Evan.
On 2/15/20 12:43 AM, Nitish Saboo wrote:
> Hi,
>
> After debugging further into the issue looks like there was a fix for
> patterndb rule clash in syslog-ng-3.8 and this is the commit-id
> '12cd960c8f47260b0b0d4154b096994d66fe345'
> for the fix. And for this reason I am getting the following error for
> same default.xml in syslog-ng-3.25.1 version and not in syslog-ng3.6.2
> and syslog-ng3.7.1.
>
> 2020-02-13T10:47:29.631090] Error parsing pattern database file;
> filename='/home/nsaboo/abc/default.xml',
> error='/home/nsaboo/abc/default.xml:17274:22: Joining rulesets with
> mismatching program name sets, program=proxysg'.
>
> Snippet from default.xml
> ==========================
>
> <ruleset id="f582419b3baa42d4a57e42b89704e38c" description="">
> <pattern>proxysg</pattern>
> <rules>
> <rule id="f582419b3baa42d4a57e42b89704e38c">
> <patterns>
> <pattern>foo</pattern>
> </patterns>
>
> <ruleset id="8d633c824e844a559088d803464e507a" description="">
> <pattern>ProxySG</pattern>
> <pattern>proxysg</pattern>
> <rules>
> <rule id="bb169f917216467985cc16e28015f5fa">
> <patterns>
> <pattern>bar</pattern>
> </patterns>
>
> I am not able to understand the error message clearly.
>
> 1) Can someone please help me understand the issue here ?
>
> 2) Is the issue seen because a ruleset has multiple programs in it or
> is it because the same program 'proxysg' is being used in different
> rulesets ?
>
> 3) From the above snippet of default.xml, what changes can I make
> into default.xml to avoid the error ?
>
> 4) Is there a workaround for this issue ?
>
> Thanks,
> Nitish
>
> On Fri, Feb 14, 2020 at 2:40 PM Nitish Saboo <nitish.saboo55 at gmail.com
> <mailto:nitish.saboo55 at gmail.com>> wrote:
>
> Hi Attila,
>
> Thanks for your response.
>
> And what about the following error:
>
> 2020-02-13T10:47:29.631090] Error parsing pattern database file;
> filename='/home/nsaboo/abc/default.xml',
> error='/home/nsaboo/abc/default.xml:17274:22: Joining rulesets
> with mismatching program name sets, program=proxysg'.
>
> The same default.xml file was getting loaded correctly in
> syslog-ng-3.6.2 and syslog-ng-3.7.1 but getting following error
> while loading same default.xml in syslog-ng3.25.1
>
> I came across a similar issue on githib
> 'https://github.com/syslog-ng/syslog-ng/issues/2763' .I see the
> issue is still in open state.Is there a workaround for this issue?
>
> Thanks,
> Nitish
>
> On Fri, Feb 14, 2020 at 1:12 PM Attila Szakacs (aszakacs)
> <Attila.Szakacs at oneidentity.com
> <mailto:Attila.Szakacs at oneidentity.com>> wrote:
>
> Hi!
>
> WARNING: due to a bug in versions before syslog-ng 3.8numeric
> comparison operators like '!=' in filter expressions were
> evaluated as string operators. This is fixed in syslog-ng 3.8.
> As we are operating in compatibility mode, syslog-ng will
> exhibit the buggy behaviour as previous versions until you
> bump the @version value in your configuration file;
>
> ^^^ This refers to the syslog-ng.conf file version.
>
> The correct way to resolve it, and fix the buggy behavior of
> != and ==, should be to change the != operators between
> strings to neq in your filters.
>
> Regards,
> Attila
> ------------------------------------------------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu
> <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of
> Nitish Saboo <nitish.saboo55 at gmail.com
> <mailto:nitish.saboo55 at gmail.com>>
> *Sent:* Thursday, February 13, 2020 12:17 PM
> *To:* Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
> *Subject:* [syslog-ng] Warnings and error while loading
> default.xml in syslog-ng-3.25.1
> Hi,
>
> I am using syslog-ng version 3.25.1.Getting following Warnings
> and error while initialising syslog-ng engine:
>
> [2020-02-13T10:47:29.627899] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
> [2020-02-13T10:47:29.627968] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
> [2020-02-13T10:47:29.628059] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
> [2020-02-13T10:47:29.631090] Error parsing pattern database
> file; filename='/opt/tap-parsing/patterns/default.xml',
> error='/opt/tap-parsing/patterns/default.xml:17274:22: Joining
> rulesets with mismatching program name sets, program=proxysg'
>
>
> 1)For the following warnings, to which version I have to bump
> up the configuration file ?
>
> 2020-02-13T10:47:29.627899] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
> [2020-02-13T10:47:29.627968] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
> [2020-02-13T10:47:29.628059] WARNING: due to a bug in versions
> before syslog-ng 3.8numeric comparison operators like '!=' in
> filter expressions were evaluated as string operators. This is
> fixed in syslog-ng 3.8. As we are operating in compatibility
> mode, syslog-ng will exhibit the buggy behaviour as previous
> versions until you bump the @version value in your
> configuration file;
>
> Currrently the configuration version is the following:
>
> configuration = cfg_new(0x0302)
>
> Do I have to change it to '0x0319' as defined in
> 'lib/versioning.h' ?
>
> 2)The same default.xml file was getting loaded correctly in
> syslog-ng-3.6.2 and syslog-ng-3.7.1 but getting following
> error while loading same default.xml in syslog-ng3.25.1
>
>
> 2020-02-13T10:47:29.631090] Error parsing pattern database
> file; filename='/home/nsaboo/abc/default.xml',
> error='/home/nsaboo/abc/default.xml:17274:22: Joining rulesets
> with mismatching program name sets, program=proxysg'.
>
> What can be the reason for this error ?
>
>
> Thanks,
> Nitish
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200215/8fa88ab9/attachment.html>
More information about the syslog-ng
mailing list