Date: Tue, 20 Dec 2011 13:06:28 -0600 (CST) From: Thomas Johnson <tom@claimlynx.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2) Message-ID: <20111220190628.F2335358D0F@leopard.claimlynx.com> Resent-Message-ID: <201112201910.pBKJA8je038465@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163487 >Category: bin >Synopsis: syslog.conf filtering syntax broken in 9.0-RC3 (was working in 8.2) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 20 19:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Thomas Johnson >Release: FreeBSD 9.0-RC3 amd64 >Organization: ClaimLynx, Inc. >Environment: System: FreeBSD blackbox-1.ply.claimlynx.com 9.0-RC3 FreeBSD 9.0-RC3 #1 r228280: Mon Dec 5 18:40:33 PST 2011 root@build9x64.pcbsd.org:/usr/obj/storage/fbsd-sources/9.0/sys/GENERIC amd64 >Description: When specifying multiple hostnames on a filter line in /etc/syslog.conf, syslogd seems to not correctly log syslog messages sent from the listed hosts (or at least the first-listed). As an example, here is a snippet of the syslog.conf file as configured (and working) on FreeBSD 8.2 i386. === syslog.conf snip === +shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com !wan_checker *.* /var/log/wan_checker.log +* !* === end snip === I recently rebuilt this host, using 9.0-RC3 amd64 (fwiw, PC-BSD install media). I restored the syslog.conf file directly from backups, but with 9.0, messages that correspond to this combination of host/prog filters are never logged to the file. When running syslogd manually with debugging, I get the following output. It appears that the message is received from the remote host, but not written to the log file. === debug output === cvthname(10.0.0.252) validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com; accepted in rule 0. logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 12:57:38 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 12:57:38 2011 === end debug ==== >How-To-Repeat: Add multiple hostnames to a filter, per the syntax in syslog.conf(5). >Fix: By rewriting syslog.conf to avoid multiple host filters, syslogd seems to content to do the right thing. The configuration snippet from the Description has been rewritten like so. === syslog.conf snip === !wan_checker +shawshank-2.ply.claimlynx.com *.* /var/log/wan_checker.log +* +shawshank-1.ply.claimlynx.com *.* /var/log/wan_checker.log +* !* === end snip === This results in a successful write to the log file === debug output === cvthname(10.0.0.252) validate: dgram from IP 10.0.0.252, port 514, name shawshank-1.ply.claimlynx.com; accepted in rule 0. logmsg: pri 206, flags 0, from shawshank-1, msg Dec 20 13:04:20 wan_checker[35617]: WAN checking loop wakes up at Tue Dec 20 13:04:20 2011 Logging to FILE /var/log/wan_checker.log === end debug === >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111220190628.F2335358D0F>