From owner-freebsd-bugs@FreeBSD.ORG  Sat Jun  2 05:00:34 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4CE1A1065677
	for <freebsd-bugs@hub.freebsd.org>;
	Sat,  2 Jun 2012 05:00:32 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 9134F8FC0A
	for <freebsd-bugs@hub.freebsd.org>;
	Sat,  2 Jun 2012 05:00:32 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5250WB4043972
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 2 Jun 2012 05:00:32 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5250W2k043971;
	Sat, 2 Jun 2012 05:00:32 GMT (envelope-from gnats)
Date: Sat, 2 Jun 2012 05:00:32 GMT
Message-Id: <201206020500.q5250W2k043971@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Mark Johnston <markjdb@gmail.com>
Cc: 
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Mark Johnston <markjdb@gmail.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 05:00:34 -0000

The following reply was made to PR bin/163487; it has been noted by GNATS.

From: Mark Johnston <markjdb@gmail.com>
To: bug-followup@FreeBSD.org, root@claimlynx.com
Cc:  
Subject: Re: bin/163487: syslog.conf filtering syntax broken in 9.0-RC3 (was
 working in 8.2)
Date: Sat, 2 Jun 2012 00:55:38 -0400

 Hm, it's not really clear to me how this could have worked on FreeBSD
 8.2 - the problem's been around for a while, based on a quick look
 through the history of syslogd.c.
 
 There's a bug in the way that domain info gets trimmed off the host
 filters. When syslogd sees a line like
 
 +shawshank-1.ply.claimlynx.com
 
 it trims it to "shawshank-1" and uses that string to match incoming
 messages - you can see in the debug output that the incoming message
 comes with a hostname of "shawshank-1" rather than the FQDN.
 
 syslogd uses trimdomain(3) to get a hostname out of the host filter, and
 in your case it passes
 
 "shawshank-1.ply.claimlynx.com,shawshank-2.ply.claimlynx.com"
 
 to trimdomain(3), which has no effect. Then when the message from
 "shawshank-1" comes it, it doesn't get matched against either of the
 FQDNs and thus isn't logged.
 
 You can try to verify this by changing your filter to
 
 +shawshank-1,shawshank-2
 
 I haven't actually tried to reproduce this - it's based on a reading of
 the syslogd code. I'll post a patch soon.
 
 Thanks,
 -Mark