bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
working in 8.2)
Mark Johnston
markjdb at gmail.com
Sat Jun 2 05:00:34 UTC 2012
The following reply was made to PR bin/163487; it has been noted by GNATS.
From: Mark Johnston <markjdb at gmail.com>
To: bug-followup at FreeBSD.org, root at claimlynx.com
Cc:
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
working in 8.2)
Date: Sat, 2 Jun 2012 00:55:38 -0400
Hm, it's not really clear to me how this could have worked on FreeBSD
8.2 - the problem's been around for a while, based on a quick look
through the history of syslogd.c.
There's a bug in the way that domain info gets trimmed off the host
filters. When syslogd sees a line like
+shawshank-1.ply.claimlynx.com
it trims it to "shawshank-1" and uses that string to match incoming
messages - you can see in the debug output that the incoming message
comes with a hostname of "shawshank-1" rather than the FQDN.
syslogd uses trimdomain(3) to get a hostname out of the host filter, and
in your case it passes
"shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com"
to trimdomain(3), which has no effect. Then when the message from
"shawshank-1" comes it, it doesn't get matched against either of the
FQDNs and thus isn't logged.
You can try to verify this by changing your filter to
+shawshank-1,shawshank-2
I haven't actually tried to reproduce this - it's based on a reading of
the syslogd code. I'll post a patch soon.
Thanks,
-Mark
More information about the freebsd-bugs
mailing list