Bug#367256: marked as done (syslog-ng: some pppd output is misdirected to all logged-in users)

[Debian Bug Tracking System]

Your message dated Thu, 25 May 2006 03:17:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#367256: fixed in syslog-ng 1.9.11-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: syslog-ng
Version: 1.9.9-1
Severity: normal

Hi,

Since I upgraded syslog-ng from 1.6.5-2.2 to 1.9.9-1, I have not
modified the "syslog-ng.conf" file, and now syslog-ing output is
printed from pppd to all logged-in users.

This output is (incorrectly) printed to all logged-in users:

    May  2 19:59:17 l1 pppd[23973]: Script /etc/ppp/ip-down started (pid 6786)
    May  2 19:59:17 l1 pppd[23973]: sent [LCP TermReq id=0x2 "User request"]
    May  2 19:59:18 l1 pppd[23973]: Script /etc/ppp/ip-down finished (pid 
6786), status = 0x0

This output is (correctly) printed to the xconsole:

    May  2 19:59:17 l1 pppd[23973]: Terminating on signal 15
    May  2 19:59:17 l1 pppd[23973]: Connect time 406.4 minutes.
    May  2 19:59:17 l1 pppd[23973]: Sent 2836657 bytes, received 33425573 bytes.
    May  2 19:59:17 l1 pppd[23973]: Script /etc/ppp/ip-down started (pid 6786)
    May  2 19:59:17 l1 pppd[23973]: sent [LCP TermReq id=0x2 "User request"]
    May  2 19:59:18 l1 pppd[23973]: Script /etc/ppp/ip-down finished (pid 
6786), status = 0x0
    May  2 19:59:18 l1 pppd[23973]: Hangup (SIGHUP)
    May  2 19:59:18 l1 pppd[23973]: Modem hangup
    May  2 19:59:18 l1 pppd[23973]: Connection terminated.

Here is a in-line copy of my "syslog-ng.conf",

#
# Configuration file for syslog-ng under Debian
#

# Facilities: auth, authpriv, cron, daemon, kern, lpr, mail, mark,
#             news, syslog, user, uucp and local0 through local7.
#
# Priorities: debug, info, notice, warning (warn), err (error),
#             crit, alert, emerg (panic).


######
# options

options {
        # disable the chained hostname format in logs
        # (default is enabled)
        chain_hostnames(0);

        # the time to wait before a died connection is re-established
        # (default is 60)
        time_reopen(10);

        # the time to wait before an idle destination file is closed
        # (default is 60)
        time_reap(360);

        # the number of lines buffered before written to file
        # you might want to increase this if your disk isn't catching with
        # all the log messages you get or if you want less disk activity
        # (say on a laptop)
        # (default is 0)
        #sync(0);

        # the number of lines fitting in the output queue
        log_fifo_size(2048);

        # enable or disable directory creation for destination files
        create_dirs(yes);

        # default owner, group, and permissions for log files
        # (defaults are 0, 0, 0600)
        #owner(root);
        group(adm);
        perm(0640);

        # default owner, group, and permissions for created directories
        # (defaults are 0, 0, 0700)
        #dir_owner(root);
        #dir_group(root);
        dir_perm(0755);

        # enable or disable DNS usage
        # syslog-ng blocks on DNS queries, so enabling DNS may lead to
        # a Denial of Service attack
        # (default is yes)
        use_dns(no);

        # maximum length of message in bytes
        # this is only limited by the program listening on the /dev/log Unix
        # socket, glibc can handle arbitrary length log messages, but -- for
        # example -- syslogd accepts only 1024 bytes
        # (default is 2048)
        #log_msg_size(2048);
};


######
# sources

# all known message sources
source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the following line if you want to receive remote UDP logging 
messages
        # (this is equivalent to the "-r" syslogd flag)
        # udp();
};


######
# destinations

# some standard log files
destination df_auth { file("/var/log/auth.log"); };
destination df_syslog { file("/var/log/syslog"); };
destination df_cron { file("/var/log/cron.log"); };
destination df_daemon { file("/var/log/daemon.log"); };
destination df_kern { file("/var/log/kern.log"); };
destination df_lpr { file("/var/log/lpr.log"); };
destination df_mail { file("/var/log/mail.log"); };
destination df_user { file("/var/log/user.log"); };
destination df_uucp { file("/var/log/uucp.log"); };

# these files are meant for the mail system log files
# and provide re-usable destinations for {mail,cron,...}.info,
# {mail,cron,...}.notice, etc.
destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };

# these files are meant for the news system, and are kept separated
# because they should be owned by "news" instead of "root"
destination df_news_dot_notice { file("/var/log/news/news.notice" 
owner("news")); };
destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };

# some more classical and useful files found in standard syslog configurations
destination df_debug { file("/var/log/debug"); };
destination df_messages { file("/var/log/messages"); };
destination df_info { file("/var/log/info.log"); };
destination df_xconsole { file("/var/log/xcons.log"); };
destination df_ppp { file("/var/log/ppp.log"); };
destination df_iptables { file("/var/log/iptables.log"); };
destination df_vc8 {
    file("/dev/tty8"
    owner("-1")
    group("-1")
    perm(01000));
};

# pipes
# a console to view log messages under X
destination dp_xconsole { pipe("/dev/xconsole" group("xlocal")); };

# consoles
# this will send messages to everyone logged in
destination du_all { usertty("*"); };

# the sysadmin users
destination du_root { usertty("root"); };
destination du_jsroot { usertty("jsroot"); };
destination du_jeff { usertty("jeff"); };
destination du_jss { usertty("jss"); };


######
# filters

# all messages from the auth and authpriv facilities
filter f_auth { facility(auth, authpriv); };

# only the mark facility
filter f_mark { not 
facility(auth,authpriv,cron,daemon,kern,lpr,mail,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7);
 };

# all messages except from the mark facility and pppd echo responses
filter f_syslog { not filter(f_mark) and not filter(f_pppd_echo); };

# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
# and uucp facilities
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };

# some filters to select messages of priority greater or equal to info, warn,
# and err
# (equivalents of syslogd's *.info, *.warn, and *.err)
filter f_at_least_info { level(info..emerg); };
filter f_at_least_notice { level(notice..emerg); };
filter f_at_least_warn { level(warn..emerg); };
filter f_at_least_err { level(err..emerg); };
filter f_at_least_crit { level(crit..emerg); };

# messages with priority debug
filter f_debug { level(debug); };

# all messages of info, notice, or warn priority not coming form the auth,
# authpriv, cron, daemon, mail, and news facilities
filter f_messages {
        level(info,notice,warn)
            and not facility(auth,authpriv,cron,daemon,mail,news);
};

# messages with priority info
filter f_info { level(info); };

# messages with priority emerg
filter f_emerg { level(emerg); };

# note - regexps are EREs, however thay are always anchored at the
#        beginning of the string, thus "^" is treated as an ordinary
#        character.  I haven't checked if "$" is also treated as an
#        ordinary character.  Be aware that "\" is also treated as an
#        ordinary character.

# xconsole - filter in rules.
filter f_in_xconsole {
    (  facility(authpriv,kern)
    or ( level(debug..emerg) and
         facility(auth) )
    or ( level(debug..emerg) and
         facility(cron,daemon,lpr,mail,news,syslog,user,uucp) )
    or ( level(debug..emerg) and
         facility(local0,local1,local2,local3,local4,local5,local6,local7) )
    );
};

# xconsole - positive selections that will be dropped by f_out_xconsole.
filter fs_atd {
    ( program("atd")
      and
      match("[(]pam_unix[)] session (open|clos)ed for user")
    );
};

filter fs_comsat {
    ( program("in.comsat")
      and
      match("connect from localhost")
    );
};

filter fs_cron {
    ( program("/USR/SBIN/CRON")
      and
      ( match("[(]smmsp[)] CMD [(]test -x /usr/share/sendmail/sendmail &&")
        or
        match("[(]root[)] CMD [(]test -x /usr/share/sendmail/sendmail &&")
        or
        match("[(]root[)] CMD [(]test -x /usr/lib/atsar/atsa1 &&")
        or
        match("[(]root[)] CMD [(] +run-parts --report /etc/cron.hourly")
      )
    );
};

filter fs_iptables {
    ( program("kernel")
      and
      ( match("IP_NF IN=ppp0 OUT= .+ DST=224.0.0.1 LEN=28")
        or
        match("IP_NF IN=ppp0 OUT= .+ PROTO=ICMP TYPE=8 CODE=0")
        or
        match("IP_NF IN=ppp0 OUT= .+ PROTO=TCP .+ 
DPT=(111|137|138|139|445|1214|1433) .+ SYN URGP=0")
        or
        match("IP_NF IN=ppp0 OUT= .+ PROTO=UDP .+ DPT=(111|137|138|139) LEN=")
      )
    );
};

filter fs_pam_unix {
    ( ( program("cron[(]pam_unix[)]")
        and
        match("session (opened|closed) for user") )
      or
      ( program("CRON")
        and
        match("[(]pam_unix[)] session (opened|closed) for user") )
    );
};

filter fs_pppd {
    filter(f_pppd_echo);
};

filter f_pppd_echo {
    ( program("pppd")
      and
      ( match("sent [[]LCP EchoReq id=0x[0-9a-f][0-9a-f]? magic=0x")
        or
        match("rcvd [[]LCP EchoRep id=0x[0-9a-f][0-9a-f]? magic=0x") )
    );
};

filter fs_qmail {
    ( program("qmail")
      and
      ( match("[0-9]{10}[.][0-9]{6} ((new|info|end) msg|starting delivery)")
        or
        match("[0-9]{10}[.][0-9]{6} status:")
        or
        match("[0-9]{10}[.][0-9]{6} delivery [0-9]+: success") )
    );
};

filter fs_sendmail {
    ( ( program("sm-mta")
        or
        program("sm-msp-queue")
        or
        program("sendmail") )
      and
      ( match("[0-9a-fA-Z]+: (from|to)=")
        or
        match("STARTTLS=(server|client),") )
    );
};

filter fs_syslog_ng {
    ( program("syslog-ng")
      and
      ( match("STATS: dropped 0")
        or
        match("Log statistics; processed=") )
    );
};

# xconsole - filter out rules.
filter f_out_xconsole {
    not (
      filter(fs_atd)
      or
      filter(fs_comsat)
      or
      filter(fs_cron)
      or
      filter(fs_iptables)
      or
      filter(fs_pam_unix)
      or
      filter(fs_pppd)
      or
      filter(fs_qmail)
      or
      filter(fs_sendmail)
      or
      filter(fs_syslog_ng)
    );
};

# sysadmin - gets crit to alert, with emerg handled by du_all, minus junk
# from genpowerd, kernel packet filter, and smartd.
filter f_genpowerd {
    ( program("/sbin/genpowerd")
      and
      match("Line power ")
    );
};

filter f_iptables {
    ( program("kernel")
      and
      match("IP_NF ")
    );
};

filter f_smartmontools {
    ( program("smartd")
      and
      ( match("smartd received signal 15: Terminated")
        or
        match("smartd is exiting")
        or
        match("Configuration file /etc/smartd.conf parsed")
      )
    );
};

filter f_sysadmin {
    ( level(crit..alert)
      and not
      ( filter(f_genpowerd)
        or
        filter(f_iptables)
        or
        filter(f_smartmontools)
      )
    );
};

# pppd logs to facility local2
filter f_ppp { facility(local2); };


######
# logs
# order matters if you use "flags(final);" to mark the end of processing in a
# "log" statement

# these rules provide the same behavior as the commented syslogd rules,
# except that some of the filters cannot be expressed in syslogd syntax!

# auth,authpriv.*                 /var/log/auth.log
log {
        source(s_all);
        filter(f_auth);
        destination(df_auth);
};

# *.*                             -/var/log/syslog
log {
        source(s_all);
        filter(f_syslog);
        destination(df_syslog);
        destination(df_vc8);
};

# cron.*                         /var/log/cron.log
log {
        source(s_all);
        filter(f_cron);
        destination(df_cron);
};

# daemon.*                        -/var/log/daemon.log
log {
        source(s_all);
        filter(f_daemon);
        destination(df_daemon);
};

# kern.*                          -/var/log/kern.log
log {
        source(s_all);
        filter(f_kern);
        destination(df_kern);
};

# lpr.*                           -/var/log/lpr.log
log {
        source(s_all);
        filter(f_lpr);
        destination(df_lpr);
};

# mail.*                          -/var/log/mail.log
log {
        source(s_all);
        filter(f_mail);
        destination(df_mail);
};

# user.*                          -/var/log/user.log
log {
        source(s_all);
        filter(f_user);
        destination(df_user);
};

# uucp.*                          /var/log/uucp.log
log {
        source(s_all);
        filter(f_uucp);
        destination(df_uucp);
};

# mail.info                       -/var/log/mail.info
log {
        source(s_all);
        filter(f_mail);
        filter(f_at_least_info);
        destination(df_facility_dot_info);
};

# mail.warn                       -/var/log/mail.warn
log {
        source(s_all);
        filter(f_mail);
        filter(f_at_least_warn);
        destination(df_facility_dot_warn);
};

# mail.err                        /var/log/mail.err
log {
        source(s_all);
        filter(f_mail);
        filter(f_at_least_err);
        destination(df_facility_dot_err);
};

# news.crit                       /var/log/news/news.crit
log {
        source(s_all);
        filter(f_news);
        filter(f_at_least_crit);
        destination(df_news_dot_crit);
};

# news.err                        /var/log/news/news.err
log {
        source(s_all);
        filter(f_news);
        filter(f_at_least_err);
        destination(df_news_dot_err);
};

# news.notice                     /var/log/news/news.notice
log {
        source(s_all);
        filter(f_news);
        filter(f_at_least_notice);
        destination(df_news_dot_notice);
};


# *.=debug                        -/var/log/debug
log {
        source(s_all);
        filter(f_debug);
        destination(df_debug);
};


# *.=info                         -/var/log/info.log
log {
        source(s_all);
        filter(f_debug);
        destination(df_debug);
};


# *.=info;*.=notice;*.=warn;\
#         auth,authpriv.none;\
#         cron,daemon.none;\
#         mail,news.none          -/var/log/messages
log {
        source(s_all);
        filter(f_messages);
        destination(df_messages);
};

# *.emerg                         *
log {
        source(s_all);
        filter(f_emerg);
        destination(du_all);
};


#                                 |/dev/xconsole
#                                 /var/log/xcons.log
log {
        source(s_all);
        filter(f_in_xconsole);
        filter(f_out_xconsole);
        destination(dp_xconsole);
        destination(df_xconsole);
};

# local2.*                        /var/log/ppp.log
log {
    source(s_all);
    filter(f_ppp);
    destination(df_ppp);
};

# only kernel packet filter generated messages
#                                 /var/log/iptables.log
log {
    source(s_all);
    filter(f_iptables);
    destination(df_iptables);
};

# all the sysadmin users
log {
    source(s_all);
    filter(f_sysadmin);
    destination(du_root);
    destination(du_jsroot);
    destination(du_jeff);
    destination(du_jss);
};

# Local Variables:
# mode: Shell-script
# End:

# /etc/syslog-ng/syslog-ng.conf - end of file.


Thanks,
-- 
Jeffrey Sheinberg


-- System Information:
Debian Release: testing/etch
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i586)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.15-1-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages syslog-ng depends on:
ii  libc6                         2.3.6-7    GNU C Library: Shared libraries
ii  util-linux                    2.12r-8    Miscellaneous system utilities

Versions of packages syslog-ng recommends:
ii  logrotate                     3.7.1-3    Log rotation utility

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: syslog-ng
Source-Version: 1.9.11-1

We believe that the bug you reported is fixed in the latest version of
syslog-ng, which is due to be installed in the Debian FTP archive:

syslog-ng_1.9.11-1.diff.gz
  to pool/main/s/syslog-ng/syslog-ng_1.9.11-1.diff.gz
syslog-ng_1.9.11-1.dsc
  to pool/main/s/syslog-ng/syslog-ng_1.9.11-1.dsc
syslog-ng_1.9.11-1_i386.deb
  to pool/main/s/syslog-ng/syslog-ng_1.9.11-1_i386.deb
syslog-ng_1.9.11.orig.tar.gz
  to pool/main/s/syslog-ng/syslog-ng_1.9.11.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
SZALAY Attila <[EMAIL PROTECTED]> (supplier of updated syslog-ng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 25 May 2006 11:21:50 +0200
Source: syslog-ng
Binary: syslog-ng
Architecture: source i386
Version: 1.9.11-1
Distribution: unstable
Urgency: low
Maintainer: SZALAY Attila <[EMAIL PROTECTED]>
Changed-By: SZALAY Attila <[EMAIL PROTECTED]>
Description: 
 syslog-ng  - Next generation logging daemon
Closes: 350120 350344 357071 367256 368765
Changes: 
 syslog-ng (1.9.11-1) unstable; urgency=low
 .
   * New upstream version
     - Fixed log facility and priority detecting. (Closes: #350120, #350344, 
#357071, #367256)
   * Added bison to Build-Dependency. (Closes: #368765)
Files: 
 fa7df7f59b5adca2f68909a03edd5a49 622 admin extra syslog-ng_1.9.11-1.dsc
 595882ee38767710d5910961633dd01e 314717 admin extra 
syslog-ng_1.9.11.orig.tar.gz
 60e8579f413791ffc41f4d34c06c21a7 8369 admin extra syslog-ng_1.9.11-1.diff.gz
 3680db0dd249162c1f1634a473ac445e 165560 admin extra syslog-ng_1.9.11-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdYFA23Gu/Kug6LIRAnEGAJ9qHz9y9lCli4vQ/WcyGat1pmUdrwCgm91H
yziWKpQIJgX+INwNy/z5WLk=
=8OKQ
-----END PGP SIGNATURE-----

--- End Message ---