bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
working in 8.2)
Thomas Johnson
tom at claimlynx.com
Tue Dec 20 19:10:09 UTC 2011
>Number: 163487
>Category: bin
>Synopsis: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 20 19:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Thomas Johnson
>Release: FreeBSD 9.0-RC3 amd64
>Organization:
ClaimLynx, Inc.
>Environment:
System: FreeBSD blackbox-1.ply.claimlynx.com 9.0-RC3 FreeBSD 9.0-RC3 #1 r228280: Mon Dec 5 18:40:33 PST 2011 root at build9x64.pcbsd.org:/usr/obj/storage/fbsd-sources/9.0/sys/GENERIC amd64
>Description:
When specifying multiple hostnames on a filter line in /etc/syslog.conf, syslogd seems to not correctly log syslog messages sent from the listed hosts (or at least the first-listed). As an example, here is a snippet of the syslog.conf file as configured (and working) on FreeBSD 8.2 i386.
=== syslog.conf snip ===
+shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com
!wan_checker
*.* /var/log/wan_checker.log
+*
!*
=== end snip ===
I recently rebuilt this host, using 9.0-RC3 amd64 (fwiw, PC-BSD install media). I restored the syslog.conf file directly from backups, but with 9.0, messages that correspond to this combination of host/prog filters are never logged to the file. When running syslogd manually with debugging, I get the following output. It appears that the message is received from the remote host, but not written to the log file.
=== debug output ===
cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 12:57:38 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 12:57:38 2011
=== end debug ====
>How-To-Repeat:
Add multiple hostnames to a filter, per the syntax in syslog.conf(5).
>Fix:
By rewriting syslog.conf to avoid multiple host filters, syslogd seems to content to do the right thing. The configuration snippet from the Description has been rewritten like so.
=== syslog.conf snip ===
!wan_checker
+shawshank-2.ply.claimlynx.com
*.* /var/log/wan_checker.log
+*
+shawshank-1.ply.claimlynx.com
*.* /var/log/wan_checker.log
+*
!*
=== end snip ===
This results in a successful write to the log file
=== debug output ===
cvthname(10.0.0.252)
validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com;
accepted in rule 0.
logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 13:04:20 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 13:04:20 2011
Logging to FILE /var/log/wan_checker.log
=== end debug ===
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list