bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)

Thomas Johnson tom at claimlynx.com
Tue Dec 20 19:10:09 UTC 2011 

>Number:         163487
>Category:       bin
>Synopsis:       syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 20 19:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Johnson
>Release:        FreeBSD 9.0-RC3 amd64
>Organization:
ClaimLynx, Inc.
>Environment:
System: FreeBSD blackbox-1.ply.claimlynx.com 9.0-RC3 FreeBSD 9.0-RC3 #1 r228280: Mon Dec 5 18:40:33 PST 2011 root at build9x64.pcbsd.org:/usr/obj/storage/fbsd-sources/9.0/sys/GENERIC amd64


>Description:
	When specifying multiple hostnames on a filter line in /etc/syslog.conf, syslogd seems to not correctly log syslog messages sent from the listed hosts (or at least the first-listed). As an example, here is a snippet of the syslog.conf file as configured (and working) on FreeBSD 8.2 i386.

=== syslog.conf snip ===

+shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com
!wan_checker
*.*                                             /var/log/wan_checker.log
+*
!*

=== end snip ===

I recently rebuilt this host, using 9.0-RC3 amd64 (fwiw, PC-BSD install media). I restored the syslog.conf file directly from backups, but with 9.0, messages that correspond to this combination of host/prog filters are never logged to the file. When running syslogd manually with debugging, I get the following output. It appears that the message is received from the remote host, but not written to the log file.

=== debug output ===

cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 12:57:38 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 12:57:38 2011

=== end debug ====

>How-To-Repeat:

Add multiple hostnames to a filter, per the syntax in syslog.conf(5).

>Fix:

By rewriting syslog.conf to avoid multiple host filters, syslogd seems to content to do the right thing. The configuration snippet from the Description has been rewritten like so.

=== syslog.conf snip ===

!wan_checker
+shawshank-2.ply.claimlynx.com
*.*                                             /var/log/wan_checker.log
+*
+shawshank-1.ply.claimlynx.com
*.*                                             /var/log/wan_checker.log
+*
!*

=== end snip ===

This results in a successful write to the log file

=== debug output ===

cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 13:04:20 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 13:04:20 2011
Logging to FILE /var/log/wan_checker.log

=== end debug ===

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list