FYI: I have briefly tried to reproduce the issue with a very simple config today, but that didn't work out. It would be great if you could reduce the config somewhat further. A debug log would probably also be useful.
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Jason Antman > Sent: Monday, January 10, 2011 7:13 PM > To: rsyslog-users > Subject: Re: [rsyslog] Multiple rulesets and queues - strange behavior, > problems logging to MySQL > > Haven't given that a try yet. I just finished working up a stable > (albeit slow and very sub-optimal) configuration with everything in one > ruleset, and ran that on my development server for the past 3 days. > Once > I have that migrated to production I'll give one input/one additional > ruleset a try, probably sometime early tomorrow (by east coast US > time). > > Thanks, > Jason > > Rainer Gerhards wrote: > > Jason, > > > > any chance you can reproduce this with a single input and a single > additional > > ruleset? Did you try this? > > > > Rainer > > > > > > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of Jason Antman > >> Sent: Friday, January 07, 2011 8:08 PM > >> To: rsyslog-users > >> Subject: Re: [rsyslog] Multiple rulesets and queues - strange > behavior, > >> problems logging to MySQL > >> > >> Ok. > >> > >> Just as a quick overview (I haven't analyzed enough of the debugging > >> information that I collected to submit a bug report), rsyslog > becomes > >> unstable when omruleset is called from within a ruleset. Crashes > were a > >> mix of segfaults and malloc/realloc errors. With my original config > >> (complex mix of multiple ommysql calls per if statement, etc.) > >> triggered > >> a crash within the first few seconds of running, every time. I > created > >> a > >> much smaller sample config (one ruleset bound to imudp/imtcp, two > >> rulesets called from there each with two if statement rules) and it > >> runs > >> for about 30 seconds before dieing. > >> > >> Perhaps there's some interaction somewhere between omruleset and > other > >> output modules?? > >> > >> If I remove the omruleset calls and put everything from them in the > >> main > >> ruleset (bound to imudp and imtcp), it runs without any problems. > >> > >> I'm running 5.6.2 on CentOS 5.5 x86_64. > >> > >> Thanks, > >> Jason > >> > >> Sample config that segfaults is below: > >> ====== BEGIN CODE==== > >> > >> #### GLOBAL DIRECTIVES #### > >> > >> $FileOwner root > >> $FileGroup root > >> $FileCreateMode 0640 > >> $DirOwner root > >> $DirGroup root > >> $DirCreateMode 0750 > >> > >> # Use default timestamp format > >> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > >> > >> $WorkDirectory /var/rsyslog/work > >> > >> # Provides logging to MySQL - define before any rules that use it > >> $ModLoad ommysql > >> $ModLoad omruleset > >> > >> # templates - include first > >> $IncludeConfig /etc/rsyslog.d/templates.conf > >> $IncludeConfig /etc/rsyslog.d/dhcp-templates.conf > >> > >> #### Imports - ORDER MATTERS HERE #### > >> > >> $RuleSet BSC-ruleset > >> > >> *.* /var/log/TESTING/rules-BSC-ruleset > >> > >> if $msg contains 'user_login_suc' then > >> /var/log/TESTING/rules-BSC-ruleset-logout_suc > >> & :ommysql:localhost,wireless_logs,syslogger,syslogger;BSC-login > >> & :ommysql:localhost,wireless_logs,syslogger,syslogger;BSC-login-web > >> & ~ > >> > >> $RuleSet DHCP-parsing > >> > >> *.* /var/log/TESTING/rules-DHCP-parsing > >> > >> :msg, startswith, " DHCPREQUEST for" > >> /var/log/TESTING/rules-DHCP-parsing-requestfor > >> & :ommysql:localhost,test,syslogger,syslogger;DHCPREQUESTMAC > >> & :ommysql:localhost,test,syslogger,syslogger;DHCPREQUESTIP > >> & ~ ### DISCARD > >> > >> if $msg startswith ' DHCPACK to' and ( not ( $msg contains 'no > client > >> hardware address' ) ) then /var/log/TESTING/rules-DHCP-parsing-ackto > \ > >> & :ommysql:localhost,test,syslogger,syslogger;DHCPACKtoMAC > >> & :ommysql:localhost,test,syslogger,syslogger;DHCPACKtoIP > >> & ~ ### DISCARD > >> > >> $RuleSet remote > >> > >> *.* /var/log/TESTING/rules-remote > >> > >> $ActionOmrulesetRulesetName BSC-ruleset > >> if $fromhost-ip == '128.6.30.195' or $fromhost-ip == '128.6.30.196' > \ > >> then /var/log/TESTING/rules-remote-BSC > >> & :omruleset: > >> & ~ > >> > >> $ActionOmrulesetRulesetName DHCP-parsing > >> if ( $fromhost-ip == '172.16.25.114' ) or ( $fromhost-ip == > >> '172.16.25.116' ) or ( $fromhost-ip == '128.6.17.217' ) then > >> /var/log/TESTING/rules-remote-dhcp > >> & :omruleset: > >> > >> $RuleSet local > >> *.* /var/log/TESTING/local > >> > >> ##### END IMPORTS > >> > >> #### Default Ruleset #### > >> # since we bind TCP and UDP to remote, this should only handle local > >> $DefaultRuleset local > >> > >> #### MODULES #### > >> > >> $ModLoad imuxsock.so # provides support for local system logging > >> (e.g. via logger command) > >> $ModLoad imklog.so # provides kernel logging support > (previously > >> done by rklogd) > >> #$ModLoad immark.so # provides --MARK-- message capability > >> > >> #### BIND INPUTS #### > >> > >> # Provides UDP syslog reception > >> $ModLoad imudp.so > >> $UDPServerAddress * > >> $InputUDPServerBindRuleset remote # bind UDP to the remote ruleset > >> $UDPServerRun 514 > >> > >> # Provides TCP syslog reception > >> $ModLoad imtcp.so > >> $InputTCPServerBindRuleset remote # bind tcp to the remote ruleset > >> $InputTCPServerRun 514 > >> > >> > >> ====== END CODE ==== > >> > >> Champ Clark III [Softwink] wrote: > >> > >>> On Fri, Jan 07, 2011 at 09:13:49AM -0500, Jason Antman wrote: > >>> > >>> > >>>> Since I haven't gotten any response to this... can anyone at least > >>>> > >> give > >> > >>>> me a yes or no answer: > >>>> > >>>> > >>> I think Rainer might still be on vacation. It might be a bit > >>> before he can look at it. Hopefully someone else might have a > answer > >>> for you. > >>> > >>> > >>> > >>> ------------------------------------------------------------------- > -- > >>> > >> --- > >> > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com > >>> > >>> > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
