From owner-freebsd-bugs Tue Apr 16 16:40:10 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 13D3A37B405 for ; Tue, 16 Apr 2002 16:40:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3GNe2476550; Tue, 16 Apr 2002 16:40:02 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 93B2537B400 for ; Tue, 16 Apr 2002 16:32:13 -0700 (PDT) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3GNWDi75668; Tue, 16 Apr 2002 16:32:13 -0700 (PDT) (envelope-from nobody) Message-Id: <200204162332.g3GNWDi75668@freefall.freebsd.org> Date: Tue, 16 Apr 2002 16:32:13 -0700 (PDT) From: Jeremy Chadwick To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/37163: syslogd "#!" feature is misleading/can induce unwanted results. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37163 >Category: bin >Synopsis: syslogd "#!" feature is misleading/can induce unwanted results. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Apr 16 16:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jeremy Chadwick >Release: 4.5-STABLE >Organization: Parodius Networking >Environment: FreeBSD pentarou.parodius.com 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Apr 16 15:24:16 PDT 2002 root@pentarou.parodius.com:/usr/obj/usr/src/sys/PARODIUS-SMP i386 >Description: syslogd(8) has a particular "feature" which I feel should be disabled by default. This feature is documented, but due to the obfuscated nature of the syslog.conf(5) manpage, most system administrators would probably miss this. syslogd(8) considers a syslog.conf(5) line starting with "#!" to be synonymous with a line that starts with '!'. This is horrible practice, since '#' means comment, regardless of what's on the rest of the line. In my case, recent changes to the CVS syslog.conf(5) resulted in me commenting out all the defaults and appending my own to the bottom of the file. However, the last 2 lines of the default FreeBSD syslog.conf(5) are "#!ppp" and "*.* /var/log/ppp.log". Beneathe this, I put all of my normal rules -- rules without the '!' specifier. When syslogd(8) started up, it began process-matching all of my below rules with the process name "ppp", which is **NOT** what I wanted. I realise this could be classified as "user error," but let's use some common sense here. A hash mark is a hash mark. It should mean comment, regardless of what else is on the line. >How-To-Repeat: Have the following lines in syslog.conf in this order: #!processname #*.* /var/log/process facility.level /var/log/whatever The result is that the "facility.level" service listed will actually be forced to match "processname", which doesn't make much sense. >Fix: I recommend that a new command-line flag, -C, be added to enable this feature (for those admins who want it). I think most of us use '!' and not "#!", but for those who need "#!", this would suffice. Another solution would be to make "#!" only apply to the line that follows it, rather than all preceeding lines. Either of these solutions might save a people pain in the future. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message