From janfrode at tanso.net Mon Sep 3 10:47:26 2007 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Mon, 3 Sep 2007 10:47:26 +0200 Subject: [rsyslog] v1.19.1 is crashing References: <46D81432.1090302@redhat.com> Message-ID: Another one of these, this time with v1.19.3: *** glibc detected *** rsyslogd: corrupted double-linked list: 0xae3fa998 *** ======= Backtrace: ========= /lib/libc.so.6[0x4152ce3e] /lib/libc.so.6(cfree+0x90)[0x415305d0] rsyslogd(MsgDestruct+0x73)[0x8057393] rsyslogd[0x804de0a] rsyslogd(llExecFunc+0x3f)[0x805ea3f] rsyslogd[0x804d86a] rsyslogd[0x804d997] /lib/libpthread.so.0[0x416112db] /lib/libc.so.6(clone+0x5e)[0x4159414e] And I didn't get any core-file, maybe because the v1.19.3 overwrote my "ulimit -c unlimited" change to the initscript... Ooops :-) -jf From rgerhards at hq.adiscon.com Tue Sep 4 17:57:55 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 4 Sep 2007 17:57:55 +0200 Subject: [rsyslog] rsyslog 1.19.4 released Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27890E@grfint2.intern.adiscon.com> Hi all, rsyslog 1.19.4 is a bug fixing release. It contains no new features, but stability updates. Most importantly, it addresses some bugs that have lead to program aborts. 1.19.4 is a recommended update for all users. Changelog: http://www.rsyslog.com/Article123.phtml Download: http://www.rsyslog.com/Downloads-req-getit-lid-56.phtml As always, feedback is very appreciated. Rainer Gerhards From rgerhards at hq.adiscon.com Tue Sep 4 17:58:39 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 4 Sep 2007 17:58:39 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: References: <46D81432.1090302@redhat.com> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> Hi, I have just release 1.19.4 and hope that the fixes also address your problem. I'd appreciate if you could try it out. Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Jan-Frode Myklebust > Sent: Monday, September 03, 2007 10:47 AM > To: rsyslog at lists.adiscon.com > Subject: Re: [rsyslog] v1.19.1 is crashing > > > Another one of these, this time with v1.19.3: > > *** glibc detected *** rsyslogd: corrupted double-linked list: > 0xae3fa998 *** > ======= Backtrace: ========= > /lib/libc.so.6[0x4152ce3e] > /lib/libc.so.6(cfree+0x90)[0x415305d0] > rsyslogd(MsgDestruct+0x73)[0x8057393] > rsyslogd[0x804de0a] > rsyslogd(llExecFunc+0x3f)[0x805ea3f] > rsyslogd[0x804d86a] > rsyslogd[0x804d997] > /lib/libpthread.so.0[0x416112db] > /lib/libc.so.6(clone+0x5e)[0x4159414e] > > And I didn't get any core-file, maybe because the v1.19.3 overwrote my > "ulimit -c unlimited" change to the initscript... Ooops :-) > > > -jf > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From rgerhards at hq.adiscon.com Tue Sep 4 18:58:48 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 4 Sep 2007 18:58:48 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> References: <46D81432.1090302@redhat.com> <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> Hi, I noticed that one problem I received patches for (and that are now included in 1.19.4) is rooted in something that is not fully patched. I think I've found that root cause now (thanks to the info with that patches). The bottom line, however, is that 1.19.4 may still have some stability issues. However, they should surface now only in very obscure cases (but what is obscure...). I'd still appreciate if you could apply 1.19.4 and tell me the outcome. I am now working on fixing the root cause. That might take a short while, as I am thinking about the best *design* to fix the issue. Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > Sent: Tuesday, September 04, 2007 5:59 PM > To: rsyslog-users > Subject: Re: [rsyslog] v1.19.1 is crashing > > Hi, > > I have just release 1.19.4 and hope that the fixes also address your > problem. I'd appreciate if you could try it out. > > Rainer > > > -----Original Message----- > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > > bounces at lists.adiscon.com] On Behalf Of Jan-Frode Myklebust > > Sent: Monday, September 03, 2007 10:47 AM > > To: rsyslog at lists.adiscon.com > > Subject: Re: [rsyslog] v1.19.1 is crashing > > > > > > Another one of these, this time with v1.19.3: > > > > *** glibc detected *** rsyslogd: corrupted double-linked list: > > 0xae3fa998 *** > > ======= Backtrace: ========= > > /lib/libc.so.6[0x4152ce3e] > > /lib/libc.so.6(cfree+0x90)[0x415305d0] > > rsyslogd(MsgDestruct+0x73)[0x8057393] > > rsyslogd[0x804de0a] > > rsyslogd(llExecFunc+0x3f)[0x805ea3f] > > rsyslogd[0x804d86a] > > rsyslogd[0x804d997] > > /lib/libpthread.so.0[0x416112db] > > /lib/libc.so.6(clone+0x5e)[0x4159414e] > > > > And I didn't get any core-file, maybe because the v1.19.3 overwrote > my > > "ulimit -c unlimited" change to the initscript... Ooops :-) > > > > > > -jf > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From janfrode at tanso.net Wed Sep 5 10:15:26 2007 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Wed, 5 Sep 2007 10:15:26 +0200 Subject: [rsyslog] v1.19.1 is crashing References: <46D81432.1090302@redhat.com> <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> <577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> Message-ID: On 2007-09-04, Rainer Gerhards wrote: > > I'd still appreciate if you could apply 1.19.4 and tell me the outcome. > I am now working on fixing the root cause. That might take a short > while, as I am thinking about the best *design* to fix the issue. OK, thanks. I've upgraded my loghost to 1.19.4 now, will let you know if it fails again. -jf From theinric at redhat.com Wed Sep 5 11:53:10 2007 From: theinric at redhat.com (theinric@redhat.com) Date: Wed, 05 Sep 2007 11:53:10 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: References: <46D81432.1090302@redhat.com> Message-ID: <46DE7C86.1040308@redhat.com> You have an error in your config file, but it's probably harmless: %timegenerated::fulltime% The option fulltime doesn't exist and it looks like it never did. Additionally, a colon is missing. I've noticed that this definition is actually present in sample.conf, so you've probably picked it up there. (It looks like it has been there at least from 0.8.1) I've did some testing and it probably doesn't have any impact except for a warning message in debug mode. Jan-Frode Myklebust wrote: > On 2007-08-31, theinric at redhat.com wrote: >> could you please provide some more info on your configuration? >> Configuration file, > > ################################################################################# > $ grep -v ^# /etc/rsyslog.conf|grep -v ^$ > $template DailyPerHostLogs,"/var/log/syslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%.log" > *.* -?DailyPerHostLogs > $template MaillogTemplate,"%timegenerated::fulltime% %HOSTNAME% %syslogtag%: %msg%\n" > $template HourlyMaillog,"/var/log/syslog/maillog/%$YEAR%/%$MONTH%/%$DAY%/maillog-%$YEAR%%$MONTH%%$DAY%%$HOUR%.log" > mail.* -?HourlyMaillog;MaillogTemplate > $template precise,"%timegenerated::fulltime% %HOSTNAME% %syslogfacility-text%/%syslogseverity-text% %syslogtag% %msg%\n" > *.* -/var/log/syslog/everything;precise > mail.* ~ > $template PerAppLogs,"/var/log/syslog/apps/%programname%.log" > *.* -?PerAppLogs > :msg, contains, "ServeRAID" -/var/log/syslog/apps/serveraid.log > :HOSTNAME, !isequal, "loghost1" ~ > *.info;mail.none;authpriv.none;cron.none /var/log/messages > authpriv.* /var/log/secure > mail.* -/var/log/maillog > cron.* /var/log/cron > *.emerg * > uucp,news.crit /var/log/spooler > local7.* /var/log/boot.log > ################################################################################# > > >> options used, > > $ grep -v ^# /etc/sysconfig/rsyslog > SYSLOGD_OPTIONS="-m 0 -r514" > KLOGD_OPTIONS="-x" > SYSLOG_UMASK=077 > >> log entries preceding the crash, ... > > It's a quite busy log server, with about 70 active old style syslog servers > sending logs to it. The second it crashed it wrote 111 log-messages.. (273 > the second before), mostly various postfix daemons, and I'd need to anonymize > them before sharing.. Can't see anything special. > >> If logging forwarded messages, is the remote logger also rsyslog? > > No, all are RHEL3/4/5 with their default syslogd server. > > > -jf > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From rgerhards at hq.adiscon.com Wed Sep 5 12:25:48 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 5 Sep 2007 12:25:48 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: <46DE7C86.1040308@redhat.com> References: <46D81432.1090302@redhat.com> <46DE7C86.1040308@redhat.com> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278919@grfint2.intern.adiscon.com> I have checked on fulltime, it is an error in sample.conf - there is no need for this option and I think it was actually not present. I'll remove that sample. Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of theinric at redhat.com > Sent: Wednesday, September 05, 2007 11:53 AM > To: rsyslog-users > Subject: Re: [rsyslog] v1.19.1 is crashing > > You have an error in your config file, but it's probably harmless: > %timegenerated::fulltime% > > The option fulltime doesn't exist and it looks like it never did. > Additionally, > a colon is missing. I've noticed that this definition is actually > present in > sample.conf, so you've probably picked it up there. (It looks like it > has been > there at least from 0.8.1) > I've did some testing and it probably doesn't have any impact except > for a > warning message in debug mode. > > Jan-Frode Myklebust wrote: > > On 2007-08-31, theinric at redhat.com wrote: > >> could you please provide some more info on your configuration? > >> Configuration file, > > > > > ####################################################################### > ########## > > $ grep -v ^# /etc/rsyslog.conf|grep -v ^$ > > $template > DailyPerHostLogs,"/var/log/syslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%.lo > g" > > *.* -?DailyPerHostLogs > > $template MaillogTemplate,"%timegenerated::fulltime% %HOSTNAME% > %syslogtag%: %msg%\n" > > $template > HourlyMaillog,"/var/log/syslog/maillog/%$YEAR%/%$MONTH%/%$DAY%/maillog- > %$YEAR%%$MONTH%%$DAY%%$HOUR%.log" > > mail.* -?HourlyMaillog;MaillogTemplate > > $template precise,"%timegenerated::fulltime% %HOSTNAME% > %syslogfacility-text%/%syslogseverity-text% %syslogtag% %msg%\n" > > *.* -/var/log/syslog/everything;precise > > mail.* ~ > > $template PerAppLogs,"/var/log/syslog/apps/%programname%.log" > > *.* -?PerAppLogs > > :msg, contains, "ServeRAID" - > /var/log/syslog/apps/serveraid.log > > :HOSTNAME, !isequal, "loghost1" ~ > > *.info;mail.none;authpriv.none;cron.none > /var/log/messages > > authpriv.* > /var/log/secure > > mail.* - > /var/log/maillog > > cron.* /var/log/cron > > *.emerg * > > uucp,news.crit > /var/log/spooler > > local7.* > /var/log/boot.log > > > ####################################################################### > ########## > > > > > >> options used, > > > > $ grep -v ^# /etc/sysconfig/rsyslog > > SYSLOGD_OPTIONS="-m 0 -r514" > > KLOGD_OPTIONS="-x" > > SYSLOG_UMASK=077 > > > >> log entries preceding the crash, ... > > > > It's a quite busy log server, with about 70 active old style syslog > servers > > sending logs to it. The second it crashed it wrote 111 log-messages.. > (273 > > the second before), mostly various postfix daemons, and I'd need to > anonymize > > them before sharing.. Can't see anything special. > > > >> If logging forwarded messages, is the remote logger also rsyslog? > > > > No, all are RHEL3/4/5 with their default syslogd server. > > > > > > -jf > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From hagen at rz.uni-karlsruhe.de Wed Sep 5 12:29:55 2007 From: hagen at rz.uni-karlsruhe.de (Patrick von der Hagen) Date: Wed, 05 Sep 2007 12:29:55 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> References: <46D81432.1090302@redhat.com> <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> <577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> Message-ID: <1188988195.3362.17.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Am Dienstag, den 04.09.2007, 18:58 +0200 schrieb Rainer Gerhards: > Hi, > > I noticed that one problem I received patches for (and that are now > included in 1.19.4) is rooted in something that is not fully patched. I > think I've found that root cause now (thanks to the info with that > patches). The bottom line, however, is that 1.19.4 may still have some > stability issues. However, they should surface now only in very obscure > cases (but what is obscure...). Well, at least it was running for almost two hours..... I'm running RHEL5. Here is my config: $AllowedSender UDP, 1.2.3.0/24 $AllowedSender TCP, 1.2.3.0/24 $ModLoad MySQL $template clamavFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME %/clamav" $template eximFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME %/exim" $template avFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/av" *.* /home/local/log/all !rsyslogd :programname, contains, "rsyslogd" /home/local/log/rsyslogd !spamd :msg, contains, "prefork: child states" ~ :msg, contains, "spamd: got connection over /opt/antispam/var/socket/spamd" ~ :msg, contains, "spamd: checking message (unknown) for exim:427" ~ :msg, contains, "spamd: handled cleanup of child pid" ~ mail.* /home/local/log/mail !clamd :msg, contains, "No stats for Database check - forcing reload" ~ :msg, contains, "Reading databases from /var/clamav" ~ :msg, contains, "Database correctly reloaded" ~ :msg, contains, "SelfCheck: Database status OK." ~ local5.* ?clamavFile !exim *.* ?eximFile :msg, contains, "malware detected" ?avFile -- CU, Patrick. From rgerhards at hq.adiscon.com Thu Sep 6 17:58:56 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Thu, 6 Sep 2007 17:58:56 +0200 Subject: [rsyslog] rsyslog config file format - please provide feedback Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278931@grfint2.intern.adiscon.com> Hi all, We are nearing the point where a decision about the future config file format needs to be made. I have blogged the details: http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html I would deeply appreciate any feedback on the samples and format suggestions. Best regards, Rainer Gerhards From janfrode at tanso.net Fri Sep 7 08:51:13 2007 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 7 Sep 2007 08:51:13 +0200 Subject: [rsyslog] v1.19.1 is crashing References: <46D81432.1090302@redhat.com> <577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com> <577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> Message-ID: On 2007-09-05, Jan-Frode Myklebust wrote: > On 2007-09-04, Rainer Gerhards wrote: >> >> I'd still appreciate if you could apply 1.19.4 and tell me the outcome. >> I am now working on fixing the root cause. That might take a short >> while, as I am thinking about the best *design* to fix the issue. > > OK, thanks. I've upgraded my loghost to 1.19.4 now, will let you > know if it fails again. It failed again yesterday: *** glibc detected *** rsyslogd: corrupted double-linked list: 0xb7209028 *** ======= Backtrace: ========= /lib/libc.so.6[0x4152ce3e] /lib/libc.so.6(cfree+0x90)[0x415305d0] rsyslogd(MsgDestruct+0x73)[0x8057e93] rsyslogd[0x804de4a] rsyslogd(llExecFunc+0x3f)[0x805eb0f] rsyslogd[0x804d8aa] rsyslogd[0x804d9d7] /lib/libpthread.so.0[0x416112db] /lib/libc.so.6(clone+0x5e)[0x4159414e] I have "mon" monitoring that rsyslogd is running, and restart it when it fails. "mon" restarted rsyslogd twice (Thu Sep 6 20:38, and Fri Sep 7 03:27), but I can't find any backtrace from the second crash.. -jf From rgerhards at hq.adiscon.com Fri Sep 7 09:50:32 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Fri, 7 Sep 2007 09:50:32 +0200 Subject: [rsyslog] v1.19.1 is crashing In-Reply-To: References: <46D81432.1090302@redhat.com><577465F99B41C842AAFBE9ED71E70ABA27890F@grfint2.intern.adiscon.com><577465F99B41C842AAFBE9ED71E70ABA278912@grfint2.intern.adiscon.com> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278936@grfint2.intern.adiscon.com> Thanks for the feedback. I will probably release a new version today. It has an important fix, which hopefully solves this issue. The bad thing is that I can not reproduce the problem in my lab, so I am basically back to reviewing code and listening to your feedback ;) I have one more area (in the same class) under suspicion. But maybe I do not change that before trying out the current code change. As a side-note, the *actual* root cause was a too-complex internal API, which lead to wrong calling sequences in some parts of the code. I have now re-structured the API and revisited all places where it was called. There is another similar API and this is what I am currently reviewing. I am not sure I like to change that API without real need, because it is used a lot and any such change of course has new bug potential. Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Jan-Frode Myklebust > Sent: Friday, September 07, 2007 8:51 AM > To: rsyslog at lists.adiscon.com > Subject: Re: [rsyslog] v1.19.1 is crashing > > On 2007-09-05, Jan-Frode Myklebust wrote: > > On 2007-09-04, Rainer Gerhards wrote: > >> > >> I'd still appreciate if you could apply 1.19.4 and tell me the > outcome. > >> I am now working on fixing the root cause. That might take a short > >> while, as I am thinking about the best *design* to fix the issue. > > > > OK, thanks. I've upgraded my loghost to 1.19.4 now, will let you > > know if it fails again. > > It failed again yesterday: > > *** glibc detected *** rsyslogd: corrupted double-linked list: > 0xb7209028 *** > ======= Backtrace: ========= > /lib/libc.so.6[0x4152ce3e] > /lib/libc.so.6(cfree+0x90)[0x415305d0] > rsyslogd(MsgDestruct+0x73)[0x8057e93] > rsyslogd[0x804de4a] > rsyslogd(llExecFunc+0x3f)[0x805eb0f] > rsyslogd[0x804d8aa] > rsyslogd[0x804d9d7] > /lib/libpthread.so.0[0x416112db] > /lib/libc.so.6(clone+0x5e)[0x4159414e] > > I have "mon" monitoring that rsyslogd is running, and restart it when > it fails. "mon" restarted rsyslogd twice (Thu Sep 6 20:38, and Fri > Sep 7 03:27), but I can't find any backtrace from the second crash.. > > > -jf > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From janfrode at tanso.net Fri Sep 7 13:32:13 2007 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Fri, 7 Sep 2007 13:32:13 +0200 Subject: [rsyslog] rsyslog config file format - please provide feedback References: <577465F99B41C842AAFBE9ED71E70ABA278931@grfint2.intern.adiscon.com> Message-ID: On 2007-09-06, Rainer Gerhards wrote: > > http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html > > I would deeply appreciate any feedback on the samples and format > suggestions. /me thinks you're getting way too little feedback on the blog, or this list. Unfortunately I don't have much more than simple preference to contribute here.. XML-based format: Yikes, you'll need an additional human readable frontend format that's converted to XML for it to be usable. You can't expect us poor sysadmins to be editing XML directly to configure rsyslogd.. syslog-ng like: Fair enough.. It works for my usage. Metalog like: No experience.. Apache like: Not sure I understand this.. Seems like a mix of option/value and xml'ish for some functionality. Programming like..: Of the samples in the wiki, I most prefer the BASIC-like. It resembles python to me, and also "mon"'s config format. Very readable. http://mon.wiki.kernel.org/index.php/Mon_Manual The c-like with functions seems too complex: if1: { if(%severity < "debug" && lower(substr(%msg, 5, 3)) != "err") } action1() { action(type=filewrite, file="/var/log/mail.log") } rule1() { if1() action1() action(type=filewrite, file="/var/log/messages.log") } rule(if1,action1) ruleset(rule1, rule(if1, action(type=filewrite, file="/var/log/messages.log"))) rule(action1(),input="$all") input(type=udp, bind="127.0.0.1") I can't parse this.. Does rule1() break out of if1() is false? Then I guess writes to /var/log/messages.log woun't happen if action1 for some reason failed ? Contrast it to mon's config translated to syslogging: # Define some groups of servers: hostgroup mailservers server1 server2 server3 hostgroup webservers server4 server5 watch mailservers severity > debug SUBMSG = lower(substr(%msg, 5, 3)) SUBMSG != "err" logwrite /var/log/mail.log logwrite /var/log/messages.log SUBMSG == "err" logwrite /var/log/err.log watch webservers programname == httpd severity == crit cmd wall "httpd critical: $msg" logwrite /var/log/crit.log severity < crit logwrite /var/log/httpd.log Each indentation means it's depending on the previous statement being true. You might need to be drinking the python Kool-Aid to see the beauty :-) -jf From skvidal at fedoraproject.org Fri Sep 7 13:40:59 2007 From: skvidal at fedoraproject.org (seth vidal) Date: Fri, 07 Sep 2007 07:40:59 -0400 Subject: [rsyslog] rsyslog config file format - please provide feedback In-Reply-To: References: <577465F99B41C842AAFBE9ED71E70ABA278931@grfint2.intern.adiscon.com> Message-ID: <1189165259.16157.114.camel@cutter> On Fri, 2007-09-07 at 13:32 +0200, Jan-Frode Myklebust wrote: > On 2007-09-06, Rainer Gerhards wrote: > > > > http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html > > > > I would deeply appreciate any feedback on the samples and format > > suggestions. > > /me thinks you're getting way too little feedback on the blog, > or this list. Unfortunately I don't have much more than simple > preference to contribute here.. > > XML-based format: > > Yikes, you'll need an additional human readable frontend > format that's converted to XML for it to be usable. You > can't expect us poor sysadmins to be editing XML > directly to configure rsyslogd.. The nice piece of this is that it is machine parseable easily which enables lots of useful editors. > > syslog-ng like: > > Fair enough.. It works for my usage. The syntax is okay but at that point what distinguishes b/t syslog-ng and rsyslog? > Apache like: > > Not sure I understand this.. Seems like a mix of option/value > and xml'ish for some functionality. This one I'm more interested in. If you think of each log like a vhost and you define the qualities that are added to that inside the definition Destination /path/to/silly.log DestinationMode 0640 DestinationOwner root DestinationGroup log-readers Include mail.info kern.debug cron.emerg etc, etc, etc maybe that doesn't make sense, maybe it does - it is pretty easy to read, though. -sv From rgerhards at hq.adiscon.com Fri Sep 7 14:08:02 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Fri, 7 Sep 2007 14:08:02 +0200 Subject: [rsyslog] rsyslog config file format - please provide feedback In-Reply-To: <1189165259.16157.114.camel@cutter> References: <577465F99B41C842AAFBE9ED71E70ABA278931@grfint2.intern.adiscon.com> <1189165259.16157.114.camel@cutter> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27893E@grfint2.intern.adiscon.com> I am replying here, but without a real reply. All feedback is deeply appreciate, but I'd like to keep silent for the time being to avoid bringing in my personal bias. Please keep commenting. I'll do a wrap-up later. Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of seth vidal > Sent: Friday, September 07, 2007 1:41 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog config file format - please provide > feedback > > > On Fri, 2007-09-07 at 13:32 +0200, Jan-Frode Myklebust wrote: > > On 2007-09-06, Rainer Gerhards wrote: > > > > > > http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html > > > > > > I would deeply appreciate any feedback on the samples and format > > > suggestions. > > > > /me thinks you're getting way too little feedback on the blog, > > or this list. Unfortunately I don't have much more than simple > > preference to contribute here.. > > > > XML-based format: > > > > Yikes, you'll need an additional human readable frontend > > format that's converted to XML for it to be usable. You > > can't expect us poor sysadmins to be editing XML > > directly to configure rsyslogd.. > > The nice piece of this is that it is machine parseable easily which > enables lots of useful editors. > > > > > syslog-ng like: > > > > Fair enough.. It works for my usage. > > The syntax is okay but at that point what distinguishes b/t syslog-ng > and rsyslog? > > > > Apache like: > > > > Not sure I understand this.. Seems like a mix of option/value > > and xml'ish for some functionality. > > This one I'm more interested in. If you think of each log like a vhost > and you define the qualities that are added to that inside the > definition > > > Destination /path/to/silly.log > DestinationMode 0640 > DestinationOwner root > DestinationGroup log-readers > Include mail.info kern.debug cron.emerg > > > etc, etc, etc > > maybe that doesn't make sense, maybe it does - it is pretty easy to > read, though. > > -sv > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From rgerhards at hq.adiscon.com Fri Sep 7 18:14:34 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Fri, 7 Sep 2007 18:14:34 +0200 Subject: [rsyslog] rsyslog 1.19.5 released Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> Hi all, Rsyslog 1.19.5 has been released. It is primarily targeted at fixing rare situations in which a segfault could occur. These have not consistently been able to reproduce in lab. Release 1.19.5 may still have a problem or may hang where previous versions segfaulted. We are actively looking for feedback from the field. Feature-wise, the $ModDir config directive has been added and $ModLoad has been enhanced. We recommend upgrading only for those that experience the problem with earlier versions or those actively interested in helping to solve the bug. If you experience a bug, please report it. Changelog: http://www.rsyslog.com/Article125.phtml Download: http://www.rsyslog.com/Downloads-req-getit-lid-57.phtml As always, feedback is appreciated. Rainer Gerhards From hagen at rz.uni-karlsruhe.de Fri Sep 7 19:20:12 2007 From: hagen at rz.uni-karlsruhe.de (Patrick von der Hagen) Date: Fri, 07 Sep 2007 19:20:12 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> Message-ID: <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Am Freitag, den 07.09.2007, 18:14 +0200 schrieb Rainer Gerhards: > Hi all, > > Rsyslog 1.19.5 has been released. It is primarily targeted at fixing > rare situations in which a segfault could occur. These have not > consistently been able to reproduce in lab. Release 1.19.5 may still The way I see it everyone reporting segfaults so far has been using RHEL5. So perhaps everybody seeing problems could comment on the operating-system? That might ease reproducing the problem in a test-lab. > have a problem or may hang where previous versions segfaulted. We are > actively looking for feedback from the field. Feature-wise, the $ModDir > config directive has been added and $ModLoad has been enhanced. We > recommend upgrading only for those that experience the problem with > earlier versions or those actively interested in helping to solve the > bug. If you experience a bug, please report it. Crash of 1.19.5 after less than 30 minutes. Stack-trace seems to be quite "normal", however, I've been lucky and captured some strace-information. Not sure wheter that could be helpful. poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "P*\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129\7in-a"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "P*\205\200\0\1\0\1\0\6\0\7\00282\003185\00213\003129 \7"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>exim[14623]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.82")}, [16]) = 165 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "\236\222\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "\236\222\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>exim[14099]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.82")}, [16]) = 243 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "\377\251\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "\377\251\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>spamd[16561]: spamd: identif"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 94 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "\202\24\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "\202\24\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>spamd[16561]: spamd: result:"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 463 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "\33\\\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "\33\\\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>exim[15976]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 143 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "I\27\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7in"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "I\27\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \003129"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>exim[15583]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "v\325\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "v\325\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<21>exim[15583]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 futex(0x3627949960, FUTEX_WAKE, 1) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "+\330\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "+\330\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<13>greylistd: Socket error: Bro"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 41 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "+\366\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "+\366\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<21>exim[15583]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "\233A\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "\233A\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) recvfrom(5, "<22>exim[14536]: 2007-09-07 18:3"..., 2047, 0, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("129.13.185.82")}, [16]) = 171 rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 open("/etc/hosts", O_RDONLY) = 17 fcntl(17, F_GETFD) = 0 fcntl(17, F_SETFD, FD_CLOEXEC) = 0 fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaab4000000 read(17, "# Do not remove the following li"..., 4096) = 234 read(17, "", 4096) = 0 close(17) = 0 munmap(0x2aaab4000000, 4096) = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 connect(17, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, 28) = 0 fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 sendto(17, "M\243\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129\7i"..., 44, MSG_NOSIGNAL, NULL, 0) = 44 poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 ioctl(17, FIONREAD, [344]) = 0 recvfrom(17, "M\243\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 close(17) = 0 socket(PF_NETLINK, SOCK_RAW, 0) = 17 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, [4294967308]) = 0 sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(17) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 select(6, [0 4 5], [], NULL, NULL) = ? ERESTARTNOHAND (To be restarted) trace: ptrace(PTRACE_SYSCALL, ...): No such process Process 22923 detached -- CU, Patrick. From infofarmer at FreeBSD.org Fri Sep 7 19:48:14 2007 From: infofarmer at FreeBSD.org (Andrew Pantyukhin) Date: Fri, 7 Sep 2007 21:48:14 +0400 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <20070907174813.GE56443@amilo.cenkes.org> On Fri, Sep 07, 2007 at 07:20:12PM +0200, Patrick von der Hagen wrote: > Am Freitag, den 07.09.2007, 18:14 +0200 schrieb Rainer Gerhards: > > Hi all, > > > > Rsyslog 1.19.5 has been released. It is primarily targeted at fixing > > rare situations in which a segfault could occur. These have not > > consistently been able to reproduce in lab. Release 1.19.5 may still > The way I see it everyone reporting segfaults so far has been using > RHEL5. So perhaps everybody seeing problems could comment on the > operating-system? That might ease reproducing the problem in a > test-lab. I experience segfaults with 1.19.1 or 1.19.2 on FreeBSD, but 1.19.3 has been up for a week on end now. From mic at npgx.com.au Sat Sep 8 00:20:37 2007 From: mic at npgx.com.au (Michael Mansour) Date: Sat, 8 Sep 2007 08:20:37 +1000 Subject: [rsyslog] rsyslog config file format - please provide feedback In-Reply-To: <1189165259.16157.114.camel@cutter> References: <577465F99B41C842AAFBE9ED71E70ABA278931@grfint2.intern.adiscon.com> <1189165259.16157.114.camel@cutter> Message-ID: <20070907221314.M7794@npgx.com.au> Hi, > > > http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html > > > > > > I would deeply appreciate any feedback on the samples and format > > > suggestions. > > > > /me thinks you're getting way too little feedback on the blog, > > or this list. Unfortunately I don't have much more than simple > > preference to contribute here.. > > > > XML-based format: > > > > Yikes, you'll need an additional human readable frontend > > format that's converted to XML for it to be usable. You > > can't expect us poor sysadmins to be editing XML > > directly to configure rsyslogd.. > > The nice piece of this is that it is machine parseable easily which > enables lots of useful editors. I don't agree with the original posters comment there also. As an example, I have been using linuxha.net now for quite some years on many clusters and from day one, linuxha.net has used XML for all it's configuration files. I personally find the "standard" that brings to config files much better than the myriad of conf files I've dealt with the many more years I've been using UNIX and Linux. > > syslog-ng like: > > > > Fair enough.. It works for my usage. > > The syntax is okay but at that point what distinguishes b/t syslog-ng > and rsyslog? I've personally never been a fan of the syntax used in this. Sure I know it now after years for admin work, but I remember the times I needed to learn it thoroughly, it wasn't as easy as other conf files. > > Apache like: > > > > Not sure I understand this.. Seems like a mix of option/value > > and xml'ish for some functionality. > > This one I'm more interested in. If you think of each log like a > vhost and you define the qualities that are added to that inside the > definition > > > Destination /path/to/silly.log > DestinationMode 0640 > DestinationOwner root > DestinationGroup log-readers > Include mail.info kern.debug cron.emerg > > > etc, etc, etc > > maybe that doesn't make sense, maybe it does - it is pretty easy to > read, though. I think every sysadmin has setup a web server and delved into the apache-like configurations with software like apache, proftpd, etc. It's a nice and easy to understand format which has also proved the test of time. I'd be happy with either XML or Apache-like, but my bias is towards XML. Regards, Michael. > -sv > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog ------- End of Original Message ------- From theinric at redhat.com Sat Sep 8 22:07:30 2007 From: theinric at redhat.com (Tomas Heinrich) Date: Sat, 08 Sep 2007 22:07:30 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <46E30102.20508@redhat.com> Patrick von der Hagen wrote: > Am Freitag, den 07.09.2007, 18:14 +0200 schrieb Rainer Gerhards: >> Hi all, >> >> Rsyslog 1.19.5 has been released. It is primarily targeted at fixing >> rare situations in which a segfault could occur. These have not >> consistently been able to reproduce in lab. Release 1.19.5 may still > The way I see it everyone reporting segfaults so far has been using > RHEL5. So perhaps everybody seeing problems could comment on the > operating-system? That might ease reproducing the problem in a > test-lab. > >> have a problem or may hang where previous versions segfaulted. We are >> actively looking for feedback from the field. Feature-wise, the $ModDir >> config directive has been added and $ModLoad has been enhanced. We >> recommend upgrading only for those that experience the problem with >> earlier versions or those actively interested in helping to solve the >> bug. If you experience a bug, please report it. > Crash of 1.19.5 after less than 30 minutes. Stack-trace seems to be > quite "normal", however, I've been lucky and captured some > strace-information. Not sure wheter that could be helpful. Thanks for the info. It will be very useful if someone can provide a core dump for 1.19.5. From rgerhards at hq.adiscon.com Mon Sep 10 11:34:17 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 10 Sep 2007 11:34:17 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27896C@grfint2.intern.adiscon.com> Hhmmm... Besides a core-dump (which would definitely be useful), could those of you experiencing this problem try to run rsyslog with debug code enabled? This is NOT debug mode (-d). You enable it via ./configure --enable-debug This will generate additional debug checks in the rsyslog code. The resulting code will probably run 5 to 10 times SLOWER than production code. But it will catch many obscure errors and at least provide a hint to where the problem is (at least I hope so). If you could do that, that would be great. Thanks, Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Patrick von der Hagen > Sent: Friday, September 07, 2007 7:20 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog 1.19.5 released > > Am Freitag, den 07.09.2007, 18:14 +0200 schrieb Rainer Gerhards: > > Hi all, > > > > Rsyslog 1.19.5 has been released. It is primarily targeted at fixing > > rare situations in which a segfault could occur. These have not > > consistently been able to reproduce in lab. Release 1.19.5 may still > The way I see it everyone reporting segfaults so far has been using > RHEL5. So perhaps everybody seeing problems could comment on the > operating-system? That might ease reproducing the problem in a > test-lab. > > > have a problem or may hang where previous versions segfaulted. We are > > actively looking for feedback from the field. Feature-wise, the > $ModDir > > config directive has been added and $ModLoad has been enhanced. We > > recommend upgrading only for those that experience the problem with > > earlier versions or those actively interested in helping to solve the > > bug. If you experience a bug, please report it. > Crash of 1.19.5 after less than 30 minutes. Stack-trace seems to be > quite "normal", however, I've been lucky and captured some > strace-information. Not sure wheter that could be helpful. > > > > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "P*\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129\7in-a"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "P*\205\200\0\1\0\1\0\6\0\7\00282\003185\00213\003129 > \7"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>exim[14623]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.82")}, [16]) = 165 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "\236\222\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "\236\222\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 > \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>exim[14099]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.82")}, [16]) = 243 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "\377\251\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "\377\251\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 > \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>spamd[16561]: spamd: identif"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 94 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, > "\202\24\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "\202\24\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \003"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>spamd[16561]: spamd: result:"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 463 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "\33\\\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "\33\\\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>exim[15976]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 143 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "I\27\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7in"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "I\27\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \003129"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>exim[15583]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "v\325\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "v\325\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<21>exim[15583]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > futex(0x3627949960, FUTEX_WAKE, 1) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "+\330\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "+\330\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<13>greylistd: Socket error: Bro"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 41 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "+\366\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "+\366\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<21>exim[15583]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.81")}, [16]) = 318 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "\233A\1\0\0\1\0\0\0\0\0\0\00281\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "\233A\205\200\0\1\0\1\0\6\0\7\00281\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = 1 (in [5]) > recvfrom(5, "<22>exim[14536]: 2007-09-07 18:3"..., 2047, 0, > {sa_family=AF_INET, sin_port=htons(514), > sin_addr=inet_addr("129.13.185.82")}, [16]) = 171 > rt_sigprocmask(SIG_BLOCK, [HUP], [], 8) = 0 > open("/etc/hosts", O_RDONLY) = 17 > fcntl(17, F_GETFD) = 0 > fcntl(17, F_SETFD, FD_CLOEXEC) = 0 > fstat(17, {st_mode=S_IFREG|0644, st_size=234, ...}) = 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) > = 0x2aaab4000000 > read(17, "# Do not remove the following li"..., 4096) = 234 > read(17, "", 4096) = 0 > close(17) = 0 > munmap(0x2aaab4000000, 4096) = 0 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 17 > connect(17, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, 28) = 0 > fcntl(17, F_GETFL) = 0x2 (flags O_RDWR) > fcntl(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > poll([{fd=17, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1 > sendto(17, "M\243\1\0\0\1\0\0\0\0\0\0\00282\003185\00213\003129\7i"..., > 44, MSG_NOSIGNAL, NULL, 0) = 44 > poll([{fd=17, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 > ioctl(17, FIONREAD, [344]) = 0 > recvfrom(17, "M\243\205\200\0\1\0\1\0\6\0\7\00282\003185\00213 > \00312"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), > sin_addr=inet_addr("129.13.96.2")}, [16]) = 344 > close(17) = 0 > socket(PF_NETLINK, SOCK_RAW, 0) = 17 > bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 > getsockname(17, {sa_family=AF_NETLINK, pid=22923, groups=00000000}, > [4294967308]) = 0 > sendto(17, "\24\0\0\0\26\0\1\3\213~\341F\0\0\0\0\0\0\0\0", 20, 0, > {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"<\0\0\0\24\0\2\0\213~\341F\213Y\0\0\2\10 > \200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\213~\341F\213Y\0\0\n > \200\200\376\1\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = > 128 > recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, > groups=00000000}, > msg_iov(1)=[{"\24\0\0\0\3\0\2\0\213~\341F\213Y\0\0\0\0 > \0\0\1\0\0\0\24"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 > close(17) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > futex(0x192fd054, 0x5 /* FUTEX_??? */, 1) = 1 > select(6, [0 4 5], [], NULL, NULL) = ? ERESTARTNOHAND (To be > restarted) > trace: ptrace(PTRACE_SYSCALL, ...): No such process > Process 22923 detached > > -- > CU, > Patrick. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From hagen at rz.uni-karlsruhe.de Mon Sep 10 14:38:58 2007 From: hagen at rz.uni-karlsruhe.de (Patrick von der Hagen) Date: Mon, 10 Sep 2007 14:38:58 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Am Freitag, den 07.09.2007, 19:20 +0200 schrieb Patrick von der Hagen: [...] > Crash of 1.19.5 after less than 30 minutes. Stack-trace seems to be > quite "normal", however, I've been lucky and captured some > strace-information. Not sure wheter that could be helpful. I compiled 1.19.5 with "--enable-debug" now and got the following problems: Sep 10 14:24:26 mail11 rsyslogd:could not load module '/usr/local/lib/rsyslog/ommysql.so', dlopen: /usr/local/lib/rsyslog/ommysql.so: cannot open shared object file: No such file or directory Sep 10 14:24:26 mail11 rsyslogd:the last error occured in /etc/rsyslog.conf, line 29 No idea why it tries "/usr/local/lib", the lib has been installed to "/lib" or "/opt/rsyslog/lib/rsyslog/". Hmmm, "/lib" is from 1.18.something, I didn't tidy up properly. Anyway, I currently don't use logging to MySQL, so I uncommented "$ModLoad MySQL". Next try: [root at mail11 log]# /opt/rsyslog/sbin/rsyslogd -r514 -d [...] 1084229952: Lone worker is running... 1084229952: Called fprintlog, logging to builtin-file (/home/local/log/all) 1084229952: programname filter 'rsyslogd' does not match 'spamd' Filter: check for property 'msg' (value ' prefork: child states: BBBBBBBIIBBBBBBB ') contains 'prefork: child states': TRUE 1084229952: Called fprintlog, logging to builtin-discardrsyslogd: omdiscard.c:70: doAction: Assertion `ppString != ((void *)0)' failed. Aborted That's getting a little bit strange now, it has been caused by this rsyslog.conf-lines: !spamd :msg, contains, "prefork: child states" ~ Some other crashes relate to other lines, all of them end with "~". So I uncommented all of them. Those problems are strange, but if those issues were related to my "normal" rsyslog-crashes, rsyslog would not have been able to run up to two hours and would certainly have crashed almost instantly. It's been running for several minutes now... -- CU, Patrick. From rgerhards at hq.adiscon.com Mon Sep 10 14:50:12 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 10 Sep 2007 14:50:12 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com><1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278979@grfint2.intern.adiscon.com> I agree, it looks strange (very strange indeed). I am checking if it could be related to the root cause (or just be a debug-level artifact that slipped through - that may be the case, because discard is the only action which does NOT have any strings at all). Anyhow, it provides me at least another clue where to look at. Thanks Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Patrick von der Hagen > Sent: Monday, September 10, 2007 2:39 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog 1.19.5 released > > Am Freitag, den 07.09.2007, 19:20 +0200 schrieb Patrick von der Hagen: > [...] > > Crash of 1.19.5 after less than 30 minutes. Stack-trace seems to be > > quite "normal", however, I've been lucky and captured some > > strace-information. Not sure wheter that could be helpful. > I compiled 1.19.5 with "--enable-debug" now and got the following > problems: > > Sep 10 14:24:26 mail11 rsyslogd:could not load module > '/usr/local/lib/rsyslog/ommysql.so', > dlopen: /usr/local/lib/rsyslog/ommysql.so: cannot open shared object > file: No such file or directory > Sep 10 14:24:26 mail11 rsyslogd:the last error occured > in /etc/rsyslog.conf, line 29 > > No idea why it tries "/usr/local/lib", the lib has been installed to > "/lib" or "/opt/rsyslog/lib/rsyslog/". Hmmm, "/lib" is from > 1.18.something, I didn't tidy up properly. > > Anyway, I currently don't use logging to MySQL, so I uncommented > "$ModLoad MySQL". > > > Next try: > [root at mail11 log]# /opt/rsyslog/sbin/rsyslogd -r514 -d > [...] > 1084229952: Lone worker is running... > 1084229952: Called fprintlog, logging to builtin-file > (/home/local/log/all) > 1084229952: programname filter 'rsyslogd' does not match 'spamd' > Filter: check for property 'msg' (value ' prefork: child states: > BBBBBBBIIBBBBBBB ') contains 'prefork: child states': TRUE > 1084229952: Called fprintlog, logging to builtin-discardrsyslogd: > omdiscard.c:70: doAction: Assertion `ppString != ((void *)0)' failed. > Aborted > > > That's getting a little bit strange now, it has been caused by this > rsyslog.conf-lines: > !spamd > :msg, contains, "prefork: child states" ~ > > > Some other crashes relate to other lines, all of them end with "~". So > I > uncommented all of them. > > Those problems are strange, but if those issues were related to my > "normal" rsyslog-crashes, rsyslog would not have been able to run up to > two hours and would certainly have crashed almost instantly. > > It's been running for several minutes now... > > -- > CU, > Patrick. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From hagen at rz.uni-karlsruhe.de Mon Sep 10 15:17:49 2007 From: hagen at rz.uni-karlsruhe.de (Patrick von der Hagen) Date: Mon, 10 Sep 2007 15:17:49 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <1189430269.9930.4.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Am Montag, den 10.09.2007, 14:38 +0200 schrieb Patrick von der Hagen: [...] > It's been running for several minutes now... Now I captured the "real" crash. First, my config: $AllowedSender UDP, 1.2.3.0/24 $AllowedSender TCP, 1.2.3.0/24 $template clamavFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME %/clamav" $template eximFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME %/exim" $template avFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/av" *.* /home/local/log/all !rsyslogd :programname, contains, "rsyslogd" /home/local/log/rsyslogd !spamd mail.* /home/local/log/mail !clamd local5.* ?clamavFile !exim *.* ?eximFile :msg, contains, "malware detected" ?avFile Here the output of "rsyslog -r514 -d" Successful select, descriptor count = 1, Activity on: 1084229952: -1431504256: 8 Called fprintlog, logging to builtin-file1084229952: (eximFile) Filter: check for property 'msg' (value ' 2007-09-10 14:56:03 1IUio2-00054R-EA H=X (Y) [1.2.3.4] Warning: X-Spam-Status: yes, hits=13.9, size=32842') contains 'malware detected': FALSE 1084229952: singleWorker: queue EMPTY, waiting for next message. -1431504256: Message from inetd socket: #8, host: mailin3 -1431504256: Message length: 200, File descriptor: 8. -1431504256: logmsg: mail.info<22>, flags 2, from 'mailin3', msg exim[18550]: 2007-09-10 14:56:03 H=(a.b.c.d) [2.3.4.5] F= temporarily rejected RCPT : greylisted. -1431504256: Message has legacy syslog format. -1431504256: HOSTNAME contains invalid characters, assuming it to be a TAG. -1431504256: EnqueueMsg signaled condition (0) -1431504256: 1084229952: Listening on UDP syslogd socket 7 (IPv6/port 514). -1431504256: Lone worker is running... 1084229952: Called fprintlog, logging to builtin-file (/home/local/log/all) Listening on UDP syslogd socket 8 (IPv4/port 514). -1431504256: ---------------------------------------- -1431504256: Calling select, active file descriptors (max 8): 3 7 8 1084229952: programname filter 'rsyslogd' does not match 'exim' 1084229952: programname filter 'spamd' does not match 'exim' 1084229952: programname filter 'clamd' does not match 'exim' 1084229952: Called fprintlog, logging to builtin-file (eximFile) Filter: check for property 'msg' (value ' 2007-09-10 14:56:03 H=(domain) [1.2.3.4] F= temporarily rejected RCPT : greylisted.') contains 'malware detected': FALSE 1084229952: singleWorker: queue EMPTY, waiting for next message. -1431504256: Successful select, descriptor count = 1, Activity on: 8 *** glibc detected *** /opt/rsyslog/sbin/rsyslogd: corrupted double-linked list: 0x00002aaaac001230 *** ======= Backtrace: ========= /lib64/libc.so.6[0x362766cb43] /lib64/libc.so.6[0x362766eea2] /lib64/libc.so.6(__libc_malloc+0x7d)[0x36276706dd] /lib64/libc.so.6[0x362765eb4a] /lib64/libnss_files.so.2[0x2aaaaaad445a] /lib64/libnss_files.so.2(_nss_files_gethostbyaddr_r +0x57)[0x2aaaaaad4b47] /lib64/libc.so.6(gethostbyaddr_r+0xf2)[0x36276e2b42] /lib64/libc.so.6(getnameinfo+0x3ad)[0x36276eb07d] /opt/rsyslog/sbin/rsyslogd(cvthname+0x154)[0x410e64] /opt/rsyslog/sbin/rsyslogd[0x40bec9] /opt/rsyslog/sbin/rsyslogd(main+0x630)[0x40c990] /lib64/libc.so.6(__libc_start_main+0xf4)[0x362761d8a4] /opt/rsyslog/sbin/rsyslogd[0x405899] ======= Memory map: ======== 00400000-00424000 r-xp 00000000 08:03 688189 /opt/rsyslog/sbin/rsyslogd 00624000-00626000 rw-p 00024000 08:03 688189 /opt/rsyslog/sbin/rsyslogd 1c204000-1c249000 rw-p 1c204000 00:00 0 40000000-40001000 ---p 40000000 00:00 0 40001000-40a01000 rw-p 40001000 00:00 0 3627200000-362721a000 r-xp 00000000 08:03 4260124 /lib64/ld-2.5.so 3627419000-362741a000 r--p 00019000 08:03 4260124 /lib64/ld-2.5.so 362741a000-362741b000 rw-p 0001a000 08:03 4260124 /lib64/ld-2.5.so 3627600000-3627744000 r-xp 00000000 08:03 4260125 /lib64/libc-2.5.so 3627744000-3627944000 ---p 00144000 08:03 4260125 /lib64/libc-2.5.so 3627944000-3627948000 r--p 00144000 08:03 4260125 /lib64/libc-2.5.so 3627948000-3627949000 rw-p 00148000 08:03 4260125 /lib64/libc-2.5.so 3627949000-362794e000 rw-p 3627949000 00:00 0 3627e00000-3627e02000 r-xp 00000000 08:03 4260128 /lib64/libdl-2.5.so 3627e02000-3628002000 ---p 00002000 08:03 4260128 /lib64/libdl-2.5.so 3628002000-3628003000 r--p 00002000 08:03 4260128 /lib64/libdl-2.5.so 3628003000-3628004000 rw-p 00003000 08:03 4260128 /lib64/libdl-2.5.so 3628200000-3628215000 r-xp 00000000 08:03 4260022 /lib64/libpthread-2.5.so 3628215000-3628414000 ---p 00015000 08:03 4260022 /lib64/libpthread-2.5.so 3628414000-3628415000 r--p 00014000 08:03 4260022 /lib64/libpthread-2.5.so 3628415000-3628416000 rw-p 00015000 08:03 4260022 /lib64/libpthread-2.5.so 3628416000-362841a000 rw-p 3628416000 00:00 0 3628600000-3628614000 r-xp 00000000 08:03 4547586 /usr/lib64/libz.so.1.2.3 3628614000-3628813000 ---p 00014000 08:03 4547586 /usr/lib64/libz.so.1.2.3 3628813000-3628814000 rw-p 00013000 08:03 4547586 /usr/lib64/libz.so.1.2.3 362d200000-362d207000 r-xp 00000000 08:03 4260133 /lib64/librt-2.5.so 362d207000-362d407000 ---p 00007000 08:03 4260133 /lib64/librt-2.5.so 362d407000-362d408000 r--p 00007000 08:03 4260133 /lib64/librt-2.5.so 362d408000-362d409000 rw-p 00008000 08:03 4260133 /lib64/librt-2.5.so 362ee00000-362ee11000 r-xp 00000000 08:03 4260134 /lib64/libresolv-2.5.so 362ee11000-362f011000 ---p 00011000 08:03 4260134 /lib64/libresolv-2.5.so 362f011000-362f012000 r--p 00011000 08:03 4260134 /lib64/libresolv-2.5.so 362f012000-362f013000 rw-p 00012000 08:03 4260134 /lib64/libresolv-2.5.so 362f013000-362f015000 rw-p 362f013000 00:00 0 3815400000-381540d000 r-xp 00000000 08:03 4259862 /lib64/libgcc_s-4.1.1-20070105.so.1 381540d000-381560c000 ---p 0000d000 08:03 4259862 /lib64/libgcc_s-4.1.1-20070105.so.1 381560c000-381560d000 rw-p 0000c000 08:03 4259862 /libAborted -- CU, Patrick. From rgerhards at hq.adiscon.com Mon Sep 10 18:26:10 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 10 Sep 2007 18:26:10 +0200 Subject: [rsyslog] rsyslog segfaults was: rsyslog 1.19.5 released In-Reply-To: <1189430269.9930.4.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <1189427938.3136.29.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <1189430269.9930.4.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Message-ID: <1189441571.2659.56.camel@localhost.localdomain> Patrick, thanks for this report, it is useful. Unfortunately, I had hoped that an assertion failed, which was obviously not the case. I have looked at the code in question, but the root cause seems to be different. It looks like the code that actually aborted was "just" affected by something that happened earlier (the earlier code destroyed the list, which was then detected in cvthname() processing). The assert on discard was a bug in the debug code. I have fixed that in the current CVS (I do not yet want to release a version because of this minor thing - if you like, you can pull it from anon CVS). We have some other things under review. In the mean time, I am asking myself if the problem may be related to a threading issue. Rsyslog can be compiled in single-threading mode. You can do that by: ./configure --disable-pthreads [--enable-debug (if you like)] There is a drawback, though: as message processing and reception is no longer de-coupled, messages in bursts are more likely to be lost. Also, TCP messages sent to an unresponsive server may be lost, as the priority is on reception (there is code that discards messages that block rsyslgogd). However, sysklogd always works in that mode, so I think it is worth giving a try. It would be very helpful to know if the problem persists in single threading mode - or not. Thanks, Rainer On Mon, 2007-09-10 at 15:17 +0200, Patrick von der Hagen wrote: > Am Montag, den 10.09.2007, 14:38 +0200 schrieb Patrick von der Hagen: > [...] > > It's been running for several minutes now... > Now I captured the "real" crash. > > First, my config: > $AllowedSender UDP, 1.2.3.0/24 > $AllowedSender TCP, 1.2.3.0/24 > $template clamavFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME > %/clamav" > $template eximFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME > %/exim" > $template avFile,"/home/local/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/av" > *.* /home/local/log/all > !rsyslogd > :programname, contains, "rsyslogd" /home/local/log/rsyslogd > !spamd > mail.* /home/local/log/mail > !clamd > local5.* ?clamavFile > !exim > *.* ?eximFile > :msg, contains, "malware detected" ?avFile > > > Here the output of "rsyslog -r514 -d" > Successful select, descriptor count = 1, Activity on: 1084229952: > -1431504256: 8 > Called fprintlog, logging to builtin-file1084229952: (eximFile) > Filter: check for property 'msg' (value ' 2007-09-10 14:56:03 > 1IUio2-00054R-EA H=X (Y) [1.2.3.4] Warning: X-Spam-Status: yes, > hits=13.9, size=32842') contains 'malware detected': FALSE > 1084229952: singleWorker: queue EMPTY, waiting for next message. > -1431504256: Message from inetd socket: #8, host: mailin3 > -1431504256: Message length: 200, File descriptor: 8. > -1431504256: logmsg: mail.info<22>, flags 2, from 'mailin3', msg > exim[18550]: 2007-09-10 14:56:03 H=(a.b.c.d) [2.3.4.5] F= > temporarily rejected RCPT : greylisted. > -1431504256: Message has legacy syslog format. > -1431504256: HOSTNAME contains invalid characters, assuming it to be a > TAG. > -1431504256: EnqueueMsg signaled condition (0) > -1431504256: 1084229952: Listening on UDP syslogd socket 7 (IPv6/port > 514). > -1431504256: Lone worker is running... > 1084229952: Called fprintlog, logging to builtin-file > (/home/local/log/all) > Listening on UDP syslogd socket 8 (IPv4/port 514). > -1431504256: ---------------------------------------- > -1431504256: Calling select, active file descriptors (max 8): 3 7 8 > 1084229952: programname filter 'rsyslogd' does not match 'exim' > 1084229952: programname filter 'spamd' does not match 'exim' > 1084229952: programname filter 'clamd' does not match 'exim' > 1084229952: Called fprintlog, logging to builtin-file (eximFile) > Filter: check for property 'msg' (value ' 2007-09-10 14:56:03 H=(domain) > [1.2.3.4] F= temporarily rejected RCPT > : greylisted.') contains 'malware detected': FALSE > 1084229952: singleWorker: queue EMPTY, waiting for next message. > -1431504256: > Successful select, descriptor count = 1, Activity on: 8 > *** glibc detected *** /opt/rsyslog/sbin/rsyslogd: corrupted > double-linked list: 0x00002aaaac001230 *** > ======= Backtrace: ========= > /lib64/libc.so.6[0x362766cb43] > /lib64/libc.so.6[0x362766eea2] > /lib64/libc.so.6(__libc_malloc+0x7d)[0x36276706dd] > /lib64/libc.so.6[0x362765eb4a] > /lib64/libnss_files.so.2[0x2aaaaaad445a] > /lib64/libnss_files.so.2(_nss_files_gethostbyaddr_r > +0x57)[0x2aaaaaad4b47] > /lib64/libc.so.6(gethostbyaddr_r+0xf2)[0x36276e2b42] > /lib64/libc.so.6(getnameinfo+0x3ad)[0x36276eb07d] > /opt/rsyslog/sbin/rsyslogd(cvthname+0x154)[0x410e64] > /opt/rsyslog/sbin/rsyslogd[0x40bec9] > /opt/rsyslog/sbin/rsyslogd(main+0x630)[0x40c990] > /lib64/libc.so.6(__libc_start_main+0xf4)[0x362761d8a4] > /opt/rsyslog/sbin/rsyslogd[0x405899] > ======= Memory map: ======== > 00400000-00424000 r-xp 00000000 08:03 > 688189 /opt/rsyslog/sbin/rsyslogd > 00624000-00626000 rw-p 00024000 08:03 > 688189 /opt/rsyslog/sbin/rsyslogd > 1c204000-1c249000 rw-p 1c204000 00:00 0 > 40000000-40001000 ---p 40000000 00:00 0 > 40001000-40a01000 rw-p 40001000 00:00 0 > 3627200000-362721a000 r-xp 00000000 08:03 > 4260124 /lib64/ld-2.5.so > 3627419000-362741a000 r--p 00019000 08:03 > 4260124 /lib64/ld-2.5.so > 362741a000-362741b000 rw-p 0001a000 08:03 > 4260124 /lib64/ld-2.5.so > 3627600000-3627744000 r-xp 00000000 08:03 > 4260125 /lib64/libc-2.5.so > 3627744000-3627944000 ---p 00144000 08:03 > 4260125 /lib64/libc-2.5.so > 3627944000-3627948000 r--p 00144000 08:03 > 4260125 /lib64/libc-2.5.so > 3627948000-3627949000 rw-p 00148000 08:03 > 4260125 /lib64/libc-2.5.so > 3627949000-362794e000 rw-p 3627949000 00:00 0 > 3627e00000-3627e02000 r-xp 00000000 08:03 > 4260128 /lib64/libdl-2.5.so > 3627e02000-3628002000 ---p 00002000 08:03 > 4260128 /lib64/libdl-2.5.so > 3628002000-3628003000 r--p 00002000 08:03 > 4260128 /lib64/libdl-2.5.so > 3628003000-3628004000 rw-p 00003000 08:03 > 4260128 /lib64/libdl-2.5.so > 3628200000-3628215000 r-xp 00000000 08:03 > 4260022 /lib64/libpthread-2.5.so > 3628215000-3628414000 ---p 00015000 08:03 > 4260022 /lib64/libpthread-2.5.so > 3628414000-3628415000 r--p 00014000 08:03 > 4260022 /lib64/libpthread-2.5.so > 3628415000-3628416000 rw-p 00015000 08:03 > 4260022 /lib64/libpthread-2.5.so > 3628416000-362841a000 rw-p 3628416000 00:00 0 > 3628600000-3628614000 r-xp 00000000 08:03 > 4547586 /usr/lib64/libz.so.1.2.3 > 3628614000-3628813000 ---p 00014000 08:03 > 4547586 /usr/lib64/libz.so.1.2.3 > 3628813000-3628814000 rw-p 00013000 08:03 > 4547586 /usr/lib64/libz.so.1.2.3 > 362d200000-362d207000 r-xp 00000000 08:03 > 4260133 /lib64/librt-2.5.so > 362d207000-362d407000 ---p 00007000 08:03 > 4260133 /lib64/librt-2.5.so > 362d407000-362d408000 r--p 00007000 08:03 > 4260133 /lib64/librt-2.5.so > 362d408000-362d409000 rw-p 00008000 08:03 > 4260133 /lib64/librt-2.5.so > 362ee00000-362ee11000 r-xp 00000000 08:03 > 4260134 /lib64/libresolv-2.5.so > 362ee11000-362f011000 ---p 00011000 08:03 > 4260134 /lib64/libresolv-2.5.so > 362f011000-362f012000 r--p 00011000 08:03 > 4260134 /lib64/libresolv-2.5.so > 362f012000-362f013000 rw-p 00012000 08:03 > 4260134 /lib64/libresolv-2.5.so > 362f013000-362f015000 rw-p 362f013000 00:00 0 > 3815400000-381540d000 r-xp 00000000 08:03 > 4259862 /lib64/libgcc_s-4.1.1-20070105.so.1 > 381540d000-381560c000 ---p 0000d000 08:03 > 4259862 /lib64/libgcc_s-4.1.1-20070105.so.1 > 381560c000-381560d000 rw-p 0000c000 08:03 > 4259862 /libAborted > > > From janfrode at tanso.net Sun Sep 9 11:43:58 2007 From: janfrode at tanso.net (Jan-Frode Myklebust) Date: Sun, 9 Sep 2007 11:43:58 +0200 Subject: [rsyslog] rsyslog 1.19.5 released References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <46E30102.20508@redhat.com> Message-ID: On 2007-09-08, Tomas Heinrich wrote: > > Thanks for the info. It will be very useful if someone can provide a > core dump for 1.19.5. I haven't had the chance to upgrade yet, but any hints for how to get a core dump if it fails ? I've tried this in the init-script: ulimit -c unlimited cd /var/log/syslog echo -n $"Starting system logger (rsyslog): " daemon rsyslogd $SYSLOGD_OPTIONS but haven't gotten any core-dumps in any of the crashes I've had.. -jf From hagen at rz.uni-karlsruhe.de Tue Sep 11 10:25:08 2007 From: hagen at rz.uni-karlsruhe.de (Patrick von der Hagen) Date: Tue, 11 Sep 2007 10:25:08 +0200 Subject: [rsyslog] rsyslog 1.19.5 released In-Reply-To: References: <577465F99B41C842AAFBE9ED71E70ABA278954@grfint2.intern.adiscon.com> <1189185612.15694.6.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> <46E30102.20508@redhat.com> Message-ID: <1189499108.3872.5.camel@rzm-hagen-lt.rz.uni-karlsruhe.de> Am Sonntag, den 09.09.2007, 11:43 +0200 schrieb Jan-Frode Myklebust: > On 2007-09-08, Tomas Heinrich wrote: > > > > Thanks for the info. It will be very useful if someone can provide a > > core dump for 1.19.5. > > I haven't had the chance to upgrade yet, but any hints for how to get > a core dump if it fails ? I've tried this in the init-script: > > ulimit -c unlimited > cd /var/log/syslog > echo -n $"Starting system logger (rsyslog): " > daemon rsyslogd $SYSLOGD_OPTIONS > > but haven't gotten any core-dumps in any of the crashes I've had.. Hmmm. I did "ulimit -c 50000; /opt/rsyslog/sbin/rsyslogd -r514" yesterday evening and found a nice coredump this morning. I sent it to Rainer a minute ago. -- CU, Patrick. From rgerhards at hq.adiscon.com Tue Sep 11 17:09:38 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 11 Sep 2007 17:09:38 +0200 Subject: [rsyslog] rsyslog 1.19.6 released Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27899A@grfint2.intern.adiscon.com> Release 1.19.6 is a code cleanup and bug fixing release. It provides a number of fixes, cleans up compiler warnings and has some doc improvements. We are still investigating a problem that causes rsyslog to segfault in some constellations and are looking for active feedback. Those that help in this effort are kindly requested to update to this release, as it contains the latest code. The upgrade is recommended only for people who experience problems or would like to help with bugfixing. From rgerhards at hq.adiscon.com Tue Sep 11 17:15:32 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 11 Sep 2007 17:15:32 +0200 Subject: [rsyslog] rsyslog 1.19.6 and segfaults Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27899B@grfint2.intern.adiscon.com> Hi all, I accidently hit the send button, so my release note for 1.19.6 already went on to the list. Anyhow, I guess you can find the relevant links yourself ;) But one important thing: I would appreciate if those of you that experienced the segfaults could try out the new version. I currently think it will *NOT* fix the problem, but I would like to verify that (and I have to admit I am not angry if I am wrong...). If it fails, it would be even greater if you could try it in single-threaded mode: ./configure --disable-pthreads I currently think the problem might be related to a threading and would like to see if that theory has some substance. Also, a test with ./configure --enable-debug Would be useful - but I have not added any asserts so if you already did this, there is no value in re-doing it with 1.9.6. Thanks for all your help. Looking forward to hear back from you. Rainer From rgerhards at hq.adiscon.com Tue Sep 11 17:46:54 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 11 Sep 2007 17:46:54 +0200 Subject: [rsyslog] 1.19.6 updated Message-ID: <577465F99B41C842AAFBE9ED71E70ABA27899D@grfint2.intern.adiscon.com> Just for your info: I detected one bug that occurred during bug fixing. I fixed it and re-published 1.19.6 with the same version number because I saw now downloads until then. But maybe my counter is wrong. If you have downloaded rsyslog before I sent this message, please re-download it. Sorry for the hassle, but that fix was probably worth it. Thanks, Rainer From infofarmer at FreeBSD.org Tue Sep 11 18:04:40 2007 From: infofarmer at FreeBSD.org (Andrew Pantyukhin) Date: Tue, 11 Sep 2007 20:04:40 +0400 Subject: [rsyslog] 1.19.6 updated In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA27899D@grfint2.intern.adiscon.com> References: <577465F99B41C842AAFBE9ED71E70ABA27899D@grfint2.intern.adiscon.com> Message-ID: <20070911160439.GB83726@amilo.cenkes.org> On Tue, Sep 11, 2007 at 05:46:54PM +0200, Rainer Gerhards wrote: > Just for your info: I detected one bug that occurred during bug fixing. > I fixed it and re-published 1.19.6 with the same version number because > I saw now downloads until then. But maybe my counter is wrong. If you > have downloaded rsyslog before I sent this message, please re-download > it. > > Sorry for the hassle, but that fix was probably worth it. I had to run 's/sigaction_t/sigaction/' over rfc3195d.c in order to compile it on FreeBSD. Otherwise it seems to work. Thanks! From rgerhards at hq.adiscon.com Tue Sep 11 18:40:12 2007 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 11 Sep 2007 18:40:12 +0200 Subject: [rsyslog] 1.19.6 updated In-Reply-To: <20070911160439.GB83726@amilo.cenkes.org> References: <577465F99B41C842AAFBE9ED71E70ABA27899D@grfint2.intern.adiscon.com> <20070911160439.GB83726@amilo.cenkes.org> Message-ID: <577465F99B41C842AAFBE9ED71E70ABA2789A1@grfint2.intern.adiscon.com> Ahhh... I have to admit that I currently do not really care about rfc3195d. Currently, RFC 3195 is a failure - nobody uses it and nobody asks for it. I've stopped testing it until I receive at least one real-world implementation note. Thanks for the info, will apply a patch. And, yes, I do not think that 3195 is totally dead. There is a new revision planned, and that may be very interesting. This is why I am not ditching it... Rainer > -----Original Message----- > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog- > bounces at lists.adiscon.com] On Behalf Of Andrew Pantyukhin > Sent: Tuesday, September 11, 2007 6:05 PM > To: rsyslog-users > Subject: Re: [rsyslog] 1.19.6 updated > > On Tue, Sep 11, 2007 at 05:46:54PM +0200, Rainer Gerhards wrote: > > Just for your info: I detected one bug that occurred during bug > fixing. > > I fixed it and re-published 1.19.6 with the same version number > because > > I saw now downloads until then. But maybe my counter is wrong. If you > > have downloaded rsyslog before I sent this message, please re- > download > > it. > > > > Sorry for the hassle, but that fix was probably worth it. > > I had to run 's/sigaction_t/sigaction/' over rfc3195d.c in order > to compile it on FreeBSD. Otherwise it seems to work. Thanks! > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog From r.bhatia at ipax.at Thu Sep 13 12:31:50 2007 From: r.bhatia at ipax.at (Raoul Bhatia [IPAX]) Date: Thu, 13 Sep 2007 12:31:50 +0200 Subject: [rsyslog] some logged lines end with #000 Message-ID: <46E91196.301@ipax.at> hello, today i merged michael biebls debian package source rsyslog_1.19.3-1 with the current upstream rsyslog-1.19.6.tar.gz. the compilation went smooth and i installed the package on a host where there used to by klogd/sysklogd under debian etch. however, i noticed that now a lot of logged lines end with #000. it used to be: > Sep 13 09:27:02 xxx heartbeat: [2454]: info: Configuration validated. Starting heartbeat 2.1.2 > Sep 13 09:27:02 xxx heartbeat: [2455]: info: heartbeat: version 2.1.2 > Sep 13 09:27:02 xxx heartbeat: [2455]: info: Heartbeat generation: 193 > ... > Sep 13 11:08:52 xxx apache[24790]: INFO: 11:08:52 URL:http://localhost:80/server-status [1735/1735] -> "-" [1] > Sep 13 11:09:02 xxx apache[24872]: INFO: 11:09:02 URL:http://localhost:80/server-status [1735/1735] -> "-" [1] it now is: > Sep 13 12:12:30 xxx heartbeat: [5096]: info: Configuration validated. Starting heartbeat 2.1.2#000 > Sep 13 12:12:30 xxx heartbeat: [5097]: info: heartbeat: version 2.1.2#000 > Sep 13 12:12:30 xxx heartbeat: [5097]: info: Heartbeat generation: 194#000 > ... > Sep 13 12:28:35 xxx apache[18033]: INFO: 12:28:35 URL:http://localhost:80/server-status [1728/1728] -> "-" [1] > Sep 13 12:28:46 xxx apache[18243]: INFO: 12:28:46 URL:http://localhost:80/server-status [1727/1727] -> "-" [1] you will find my configuration file attached. do you have any ideas what might cause this behaviour? cheers, raoul bhatia -- ____________________________________________________________________ DI (FH) Raoul Bhatia M.Sc. email. r.bhatia at ipax.at Technischer Leiter IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at Barawitzkagasse 10/2/2/11 email. office at ipax.at 1190 Wien tel. +43 1 3670030 FN 277995t HG Wien fax. +43 1 3670030 15 ____________________________________________________________________ -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: etc_default_rsyslog Url: http://lists.adiscon.net/pipermail/rsyslog/attachments/20070913/41c0d4fb/etc_default_rsyslog.pot -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: rsyslog.conf Url: http://lists.adiscon.net/pipermail/rsyslog/attachments/20070913/41c0d4fb/rsyslog.asc From theinric at redhat.com Thu Sep 13 15:01:09 2007 From: theinric at redhat.com (Tomas Heinrich) Date: Thu, 13 Sep 2007 15:01:09 +0200 Subject: [rsyslog] some logged lines end with #000 In-Reply-To: <46E91196.301@ipax.at> References: <46E91196.301@ipax.at> Message-ID: <46E93495.8010603@redhat.com> Raoul Bhatia [IPAX] wrote: > hello, > > today i merged michael biebls debian package source rsyslog_1.19.3-1 > with the current upstream rsyslog-1.19.6.tar.gz. > > the compilation went smooth and i installed the package on a host where > there used to by klogd/sysklogd under debian etch. > > however, i noticed that now a lot of logged lines end with #000. > > it used to be: >> Sep 13 09:27:02 xxx heartbeat: [2454]: info: Configuration validated. >> Starting heartbeat 2.1.2 >> Sep 13 09:27:02 xxx heartbeat: [2455]: info: heartbeat: version 2.1.2 >> Sep 13 09:27:02 xxx heartbeat: [2455]: info: Heartbeat generation: 193 >> ... >> Sep 13 11:08:52 xxx apache[24790]: INFO: 11:08:52 >> URL:http://localhost:80/server-status [1735/1735] -> "-" [1] >> Sep 13 11:09:02 xxx apache[24872]: INFO: 11:09:02 >> URL:http://localhost:80/server-status [1735/1735] -> "-" [1] > > it now is: >> Sep 13 12:12:30 xxx heartbeat: [5096]: info: Configuration validated. >> Starting heartbeat 2.1.2#000 >> Sep 13 12:12:30 xxx heartbeat: [5097]: info: heartbeat: version 2.1.2#000 >> Sep 13 12:12:30 xxx heartbeat: [5097]: info: Heartbeat generation: >> 194#000 >> ... >> Sep 13 12:28:35 xxx apache[18033]: INFO: 12:28:35 >> URL:http://localhost:80/server-status [1728/1728] -> "-" [1] >> Sep 13 12:28:46 xxx apache[18243]: INFO: 12:28:46 >> URL:http://localhost:80/server-status [1727/1727] -> "-" [1] > > you will find my configuration file attached. > do you have any ideas what might cause this behaviour? > > cheers, > raoul bhatia > > > ------------------------------------------------------------------------ > > # Options to rsyslogd > # -m 0 disables 'MARK' messages. > # -r enables logging from remote machines > # -x disables DNS lookups on messages recieved with -r > # See rsyslogd(8) for more details > RSYSLOGD_OPTIONS="-m 0" > > # Options to rklogd > # -2 prints all kernel oops messages twice; once for klogd to decode, and > # once for processing with 'ksymoops' > # -x disables all klogd processing of oops messages entirely > # See rklogd(8) for more details > RKLOGD_OPTIONS="-x" > > > > ------------------------------------------------------------------------ > > # /etc/rsyslog.conf Configuration file for rsyslogd. > # > # For more information see > # /usr/share/doc/rsyslog/html/rsyslog_conf.html > > # > # First some standard logfiles. Log by facility. > # > > auth,authpriv.* /var/log/auth.log > *.*;auth,authpriv.none -/var/log/syslog > #cron.* /var/log/cron.log > daemon.* -/var/log/daemon.log > kern.* -/var/log/kern.log > lpr.* -/var/log/lpr.log > mail.* -/var/log/mail.log > user.* -/var/log/user.log > > # > # Logging for the mail system. Split it up so that > # it is easy to write scripts to parse these files. > # > mail.info -/var/log/mail.info > mail.warn -/var/log/mail.warn > mail.err /var/log/mail.err > > # > # Logging for INN news system > # > news.crit /var/log/news/news.crit > news.err /var/log/news/news.err > news.notice -/var/log/news/news.notice > > # > # Some `catch-all' logfiles. > # > *.=debug;\ > auth,authpriv.none;\ > news.none;mail.none -/var/log/debug > *.=info;*.=notice;*.=warn;\ > auth,authpriv.none;\ > cron,daemon.none;\ > mail,news.none -/var/log/messages > > # > # Emergencies are sent to everybody logged in. > # > *.emerg * > > # > # I like to have messages displayed on the console, but only on a virtual > # console I usually leave idle. > # > #daemon,mail.*