Ok. Just as a quick overview (I haven't analyzed enough of the debugging information that I collected to submit a bug report), rsyslog becomes unstable when omruleset is called from within a ruleset. Crashes were a mix of segfaults and malloc/realloc errors. With my original config (complex mix of multiple ommysql calls per if statement, etc.) triggered a crash within the first few seconds of running, every time. I created a much smaller sample config (one ruleset bound to imudp/imtcp, two rulesets called from there each with two if statement rules) and it runs for about 30 seconds before dieing.
Perhaps there's some interaction somewhere between omruleset and other output modules?? If I remove the omruleset calls and put everything from them in the main ruleset (bound to imudp and imtcp), it runs without any problems. I'm running 5.6.2 on CentOS 5.5 x86_64. Thanks, Jason Sample config that segfaults is below: ====== BEGIN CODE==== #### GLOBAL DIRECTIVES #### $FileOwner root $FileGroup root $FileCreateMode 0640 $DirOwner root $DirGroup root $DirCreateMode 0750 # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $WorkDirectory /var/rsyslog/work # Provides logging to MySQL - define before any rules that use it $ModLoad ommysql $ModLoad omruleset # templates - include first $IncludeConfig /etc/rsyslog.d/templates.conf $IncludeConfig /etc/rsyslog.d/dhcp-templates.conf #### Imports - ORDER MATTERS HERE #### $RuleSet BSC-ruleset *.* /var/log/TESTING/rules-BSC-ruleset if $msg contains 'user_login_suc' then /var/log/TESTING/rules-BSC-ruleset-logout_suc & :ommysql:localhost,wireless_logs,syslogger,syslogger;BSC-login & :ommysql:localhost,wireless_logs,syslogger,syslogger;BSC-login-web & ~ $RuleSet DHCP-parsing *.* /var/log/TESTING/rules-DHCP-parsing :msg, startswith, " DHCPREQUEST for" /var/log/TESTING/rules-DHCP-parsing-requestfor & :ommysql:localhost,test,syslogger,syslogger;DHCPREQUESTMAC & :ommysql:localhost,test,syslogger,syslogger;DHCPREQUESTIP & ~ ### DISCARD if $msg startswith ' DHCPACK to' and ( not ( $msg contains 'no client hardware address' ) ) then /var/log/TESTING/rules-DHCP-parsing-ackto \ & :ommysql:localhost,test,syslogger,syslogger;DHCPACKtoMAC & :ommysql:localhost,test,syslogger,syslogger;DHCPACKtoIP & ~ ### DISCARD $RuleSet remote *.* /var/log/TESTING/rules-remote $ActionOmrulesetRulesetName BSC-ruleset if $fromhost-ip == '128.6.30.195' or $fromhost-ip == '128.6.30.196' \ then /var/log/TESTING/rules-remote-BSC & :omruleset: & ~ $ActionOmrulesetRulesetName DHCP-parsing if ( $fromhost-ip == '172.16.25.114' ) or ( $fromhost-ip == '172.16.25.116' ) or ( $fromhost-ip == '128.6.17.217' ) then /var/log/TESTING/rules-remote-dhcp & :omruleset: $RuleSet local *.* /var/log/TESTING/local ##### END IMPORTS #### Default Ruleset #### # since we bind TCP and UDP to remote, this should only handle local $DefaultRuleset local #### MODULES #### $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability #### BIND INPUTS #### # Provides UDP syslog reception $ModLoad imudp.so $UDPServerAddress * $InputUDPServerBindRuleset remote # bind UDP to the remote ruleset $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp.so $InputTCPServerBindRuleset remote # bind tcp to the remote ruleset $InputTCPServerRun 514 ====== END CODE ==== Champ Clark III [Softwink] wrote: > On Fri, Jan 07, 2011 at 09:13:49AM -0500, Jason Antman wrote: > >> Since I haven't gotten any response to this... can anyone at least give >> me a yes or no answer: >> > > I think Rainer might still be on vacation. It might be a bit > before he can look at it. Hopefully someone else might have a answer > for you. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
