OK, after building and installing from the master branch we are still getting segfaults. Running under Valgrind keeps it alive. The Valgrind errors and debug output look the same as with the binaries built from the master/elasticsearch branch.
Is it possible we broke something by adding the new plugin? We see the same behavior when not loading the plugin and just using the omfile actions with the expression-based filters. Another observation: no segfaults when using property-based filtering. Are we running into some limitation on the number of messages that can be processed when using the expression-based filters? Like I said earlier, it runs fine if its idle (by blocking the incoming remote UDP messages). We're receiving around 20,000 msgs/minute. Thanks -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Lars Peterson Sent: Friday, June 08, 2012 11:11 AM To: rsyslog-users Subject: Re: [rsyslog] rsyslog 6.3.8 - expression-based filters causing Segmentation fault Interesting...rsyslogd does not segfault when running under valgrind. Is this expected? The output I see from stderr is a bit lengthy to post, but here's what's at the top: ==8994== Memcheck, a memory error detector ==8994== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==8994== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info ==8994== Command: /opt/rsyslog_TEST/sbin/rsyslogd -f /etc/rsyslog.conf -c 6 -x -n -d ==8994== rsyslogd: warning: selector line without actions will be discarded ==8994== Thread 11: ==8994== Conditional jump or move depends on uninitialised value(s) ==8994== at 0x418315: cnfexprEval (rainerscript.c:1179) ==8994== by 0x4190DE: cnfexprEvalBool (rainerscript.c:1208) ==8994== by 0x43A82B: processBatch (rule.c:181) ==8994== by 0x4398AD: processBatchDoRules (ruleset.c:147) ==8994== by 0x428D0E: llExecFunc (linkedlist.c:389) ==8994== by 0x439C55: processBatch (ruleset.c:229) ==8994== by 0x40CBC0: msgConsumer (syslogd.c:608) ==8994== by 0x43936D: ConsumerReg (queue.c:1791) ==8994== by 0x4344B0: wtiWorker (wti.c:313) ==8994== by 0x433FF9: wtpWorker (wtp.c:387) ==8994== by 0x504A7F0: start_thread (in /lib64/libpthread-2.12.so) ==8994== by 0x116646FF: ??? ==8994== ==8994== Conditional jump or move depends on uninitialised value(s) ==8994== at 0x418315: cnfexprEval (rainerscript.c:1179) ==8994== by 0x4182E5: cnfexprEval (rainerscript.c:1121) ==8994== by 0x4189D0: cnfexprEval (rainerscript.c:1149) ==8994== by 0x4190DE: cnfexprEvalBool (rainerscript.c:1208) ==8994== by 0x43A82B: processBatch (rule.c:181) ==8994== by 0x4398AD: processBatchDoRules (ruleset.c:147) ==8994== by 0x428D0E: llExecFunc (linkedlist.c:389) ==8994== by 0x439C55: processBatch (ruleset.c:229) ==8994== by 0x40CBC0: msgConsumer (syslogd.c:608) ==8994== by 0x43936D: ConsumerReg (queue.c:1791) ==8994== by 0x4344B0: wtiWorker (wti.c:313) ==8994== by 0x433FF9: wtpWorker (wtp.c:387) ==8994== ... We'll be trying out the master head branch shortly. Thanks -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rainer Gerhards Sent: Friday, June 08, 2012 10:46 AM To: rsyslog-users Subject: Re: [rsyslog] rsyslog 6.3.8 - expression-based filters causing Segmentation fault > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Lars Peterson > Sent: Friday, June 08, 2012 5:19 PM > To: [email protected] > Subject: [rsyslog] rsyslog 6.3.8 - expression-based filters causing > Segmentation fault > > Hello, > > My team is currently working on a new plugin off of the master- > elasticsearch branch. There very well could be something faulty in our > config but for some reason whenever we define expression-based filters > rsyslogd segfaults. > > The rules do work for the brief period of time rsyslog runs. When we > block inbound syslog traffic (via iptables rules) it stays running. > When we run rsyslog with the rules commented out it stays running as > well. > > Here are a few rules we have defined in rsyslog.conf: > > # Linux Tomcat logs > if ( ( $programname == 'local4' ) and ( $hostname contains_i '-int' or > $hostname contains_i '-uat' ) ) then { action(type="omfile" file="/v > ar/log/preprod/log4j") } > & ~ > if ( ( $programname == 'local4' ) and not ( $hostname contains_i '-int' > or $hostname contains_i '-uat' or $hostname contains_i 'logstore1' > ) ) then { action(type="omfile" file="/var/log/prod/log4j") } > > We're running CentOS 6.2 with 4 cpus & 4 GB of ram. Could you run it under valgrind control? If it is mis-adressing, valgrind is usually extremely helpful. Also, can you try git master branch head? Or is there anything specific in the elasticsearch branch that you need for your plugin? Rainer > > We have debug output too if that'd be useful. > > Thanks! > > -Lars > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
