* Sent full debug log to Rainer * On Dec 18, 2008, at 4:44 PM, Rainer Gerhards wrote:
> would it be possible that you mail me (privately) a full debug log > from > such a run. Not sure if there is too much confidential data in it... > > Rainer > > On Thu, 2008-12-18 at 16:35 +0100, William Tisäter wrote: >> Yes, I could reproduce my error, the same way as described earlier. >> >> My /etc/rsyslog.conf: >> >> $template DirByTagFileByDay,"/log/%programname%/%timegenerated: >> 1:10:date-rfc3339%.log" >> $template CritByDay,"/log/CRIT/%timegenerated:1:10:date-rfc3339%.log" >> >> # Discard all but local0 >> :syslogfacility-text, !isequal, "local0" ~ >> >> $umask 0000 >> $FileCreateMode 0644 >> $DirCreateMode 0755 >> $CreateDirs off >> >> # Discard strange tags >> :programname, !regex, "^[a-zA-Z_][a-zA-Z_]*$" /log/badtags/ >> badtags.log >> :programname, !regex, "^[a-zA-Z_][a-zA-Z_]*$" ~ >> >> # Collect all crits in one log >> local0.crit ?CritByDay >> :msg, contains, "(CRIT)" ?CritByDay >> >> # All local0's buffered to their own dirs >> local0.* -?DirByTagFileByDay >> >> >> / William >> >> On Dec 18, 2008, at 4:12 PM, Rainer Gerhards wrote: >> >>> mmhhhh... I can not reproduce the issue with my state of the code. >> Can >>> you verify that it still occurs? A git snapshot is available here: >>> >>> >> http://git.adiscon.com/?p=rsyslog.git;a=snapshot;h=3c236053cf87a16dfd7449f729e477dffd6e2fae;sf=tgz >>> >>> Thanks, >>> Rainer >>> >>> On Thu, 2008-12-18 at 15:22 +0100, William Tisäter wrote: >>>> I've debugged some more, this only happens when you trigger the >>>> repeat- >>>> loop to the missing directory. >>>> >>>> E.g: >>>> >>>> # logger -t non_existent_dir -p local0.crit test >>>> # logger -t non_existent_dir -p local0.crit test >>>> # logger -t existing_dir -p local0.crit test >>>> >>>> Debug output from last command: >>>> >>>> Filter: check for property 'programname' (value 'existing_dir') NOT >>>> regex '^[a-zA-Z_][a-zA-Z_]*$': FALSE >>>> 1092925760: Called fprintlog, logging to builtin-file (CritByDay) >>>> 1092925760: Called fprintlog, logging to builtin-file (CritByDay) >>>> Filter: check for property 'msg' (value ' test') contains '(CRIT)': >>>> FALSE >>>> 1092925760: Called fprintlog, logging to builtin-file >>>> (DirByTagFileByDay) >>>> 1092925760: Called logerr, msg: Could not open dynamic file '/log/ >>>> non_existent_dir/2008-12-18.log' - discarding message >>>> 1092925760: logmsg: syslog.err<43>, flags 5, from '', msg Could not >>>> open dynamic file '/log/non_existent_dir/2008-12-18.log' - >> discarding >>>> message: No such file or directory >>>> 1092925760: Message has legacy syslog format. >>>> 1092925760: EnqueueMsg signaled condition (0) >>>> 1092925760: Removed entry 2 for file '[OPEN FAILED]' from >> dynaCache. >>>> 1092925760: Lone worker is running... >>>> 1092925760: msg repeated 1 times, 10 sec of 30. >>>> Filter: check for property 'syslogfacility-text' (value 'syslog') >> NOT >>>> isequal 'local0': TRUE >>>> 1092925760: Called fprintlog, logging to >> builtin-discardsingleWorker: >>>> queue EMPTY, waiting for next message. >>>> >>>> >>>> William Tisäter >>>> >>>> Blocket.se - Sveriges största Köp & Sälj marknad >>>> http://www.blocket.se/ >>>> >>>> On Dec 18, 2008, at 2:35 PM, William Tisäter wrote: >>>> >>>>> Hi, >>>>> >>>>> Lets see if I can get this right: >>>>> >>>>> My modification in prepareFile() will return with (pData->fd = -1) >>>>> if the log file can't be created. >>>>> In prepareDynFile() we run prepareFile() and return with -1 if >>>> pData- >>>>>> fd is set to -1. >>>>> In writeFile() we run prepareDynFile() and return RS_RET_ERR if >>>>> prepareDynFile() is not returned with 0. >>>>> >>>>> writeFile() is wrapped in doAction(). >>>>> >>>>> doAction() is exectued in fprintlog() where RS_RET_ERR never will >>>> be >>>>> catched. I discard the log message and sets the error flag to tell >>>>> the "msg repeated"-check to not log this message ("msg repeated" >> is >>>>> executed before we try to open the file if the message content >>>> match >>>>> the previous message). >>>>> >>>>> I tried without this catch in the first attempt, but I could see >>>> the >>>>> message stuck in the loop, every action to rsyslog tried to open >>>> the >>>>> file. This and some traffic volume caused rsyslog to hang (and use >>>> a >>>>> lot of i/o). >>>>> >>>>> >>>>> William Tisäter >>>>> >>>>> Blocket.se - Sveriges största Köp & Sälj marknad >>>>> http://www.blocket.se/ >>>>> >>>>> On Dec 18, 2008, at 12:01 PM, Rainer Gerhards wrote: >>>>> >>>>>> Hi William, >>>>>> >>>>>> thanks for the bug report and the patch. I have now looked into >> the >>>>>> issue and could reproduce the situation. The patch obviously >>>> resolves >>>>>> it. >>>>>> >>>>>> There is one thing, though: I do not fully understand why you >> have >>>>>> patched syslogd.c (RS_RET_ERR). I would appreciate if you could >>>>>> provide >>>>>> a bit more insight into the problem you intend to solve. So far, >> I >>>>>> can >>>>>> not see why this part of the patch is actually needed. >>>>>> >>>>>> I'll integrate the omfile part now. I will also see that I apply >>>>>> this to >>>>>> the other official branches. >>>>>> >>>>>> Thanks, >>>>>> Rainer >>>>>> >>>>>> On Tue, 2008-12-16 at 17:39 +0100, William Tisäter wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I don't know if this is an intended feature or not, but when >>>>>>> CreateDirs is set to off, rsyslog can no longer create files >> (time >>>>>>> stamp file names). Lets say you have a template for writing >>>> files: / >>>>>>> log/<tag>/<date>.log, this will let anybody to create >> directories >>>>>>> in / >>>>>>> log when CreateDirs is on. This may cause a lot of directories >>>> and >>>>>>> can >>>>>>> be abused by regular users. >>>>>>> >>>>>>> I've patched 2.0.2 to separate file and directory creation here: >>>>>>> https://bugzilla.redhat.com/attachment.cgi?id=327100 >>>>>>> >>>>>>> And steps to reproduce this can be found here: >>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=473419 >>>>>>> >>>>>>> Comments anyone? >>>>>>> >>>>>>> >>>>>>> William Tisäter >>>>>>> >>>>>>> Blocket.se - Sveriges största Köp & Sälj marknad >>>>>>> http://www.blocket.se/ >>>>>>> _______________________________________________ >>>>>>> rsyslog mailing list >>>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>>> http://www.rsyslog.com >>>>>> >>>>>> _______________________________________________ >>>>>> rsyslog mailing list >>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>> http://www.rsyslog.com >>>> >>>> >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com >>>> >>>> >>> >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >> >> >> William Tisäter >> >> Cell: +46 (0)76 3377182 >> Mail: [email protected] >> >> Blocket.se - Sveriges största Köp & Sälj marknad >> http://www.blocket.se/ >> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com >> >> > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com William Tisäter Cell: +46 (0)76 3377182 Mail: [email protected] Blocket.se - Sveriges största Köp & Sälj marknad http://www.blocket.se/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
