Following up to myself ... On Sun, Feb 20, 2011 at 09:06:04AM +0100, Florian Ernst wrote: > On Sat, Feb 19, 2011 at 10:46:27PM +0100, Michael Biebl wrote: > > Am 19.02.2011 13:14, schrieb Florian Ernst: > > > since updating to 5.7.3-1 rsyslog-mysql apparently fails to correctly > > > parse / escape some strings. > > > > Could you please post such example strings? > > The type of string that led me to noticing this bevavior was included in > my original report: the spamd line is the triggering line, the following > line is the rsyslog db error message. > So far this error only occured on my system with these spamd lines.
It turns out I was wrong with this assertion:
zgrep -h -o 'work rsyslogd: db error.*' /var/log/syslog* | sed -e 's/at port
\([0-9]\+\)/at port \$PORTNUM/' | sort | uniq -c | sort -n
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' no servers found in /var/run/dnsmasq/resolv.conf, will
retry' at line 1
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' read /etc/hosts - 9 addresses' at line 1
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' spamd: clean message (-10.4/5.0) for fernst:1000 in 14.7
seconds, 9191 bytes.' at line 1
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' spamd: clean message (-8.1/5.0) for fernst:1000 in 14.4
seconds, 5841 bytes.' at line 1
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' spamd: clean message (-9.3/5.0) for fernst:1000 in 14.4
seconds, 6627 bytes.' at line 1
1 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' spamd: setuid to fernst succeeded' at line 1
342 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' spamd: connection from localhost [127.0.0.1] at port
$PORTNUM' at line 1
Here the complete syslog entries for those non-"spamd: connection from
localhost" lines:
Feb 19 10:38:05 work spamd[27687]: spamd: setuid to fernst succeeded
Feb 19 10:38:05 work rsyslogd: db error (1064): You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' spamd: setuid to fernst succeeded' at line 1
Feb 19 19:13:34 work spamd[24151]: spamd: clean message (-9.3/5.0) for
fernst:1000 in 14.4 seconds, 6627 bytes.
Feb 19 19:13:34 work rsyslogd: db error (1064): You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' spamd: clean message (-9.3/5.0) for fernst:1000 in
14.4 seconds, 6627 bytes.' at line 1
Feb 19 21:06:58 work spamd[27113]: spamd: clean message (-10.4/5.0) for
fernst:1000 in 14.7 seconds, 9191 bytes.
Feb 19 21:06:58 work rsyslogd: db error (1064): You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' spamd: clean message (-10.4/5.0) for fernst:1000 in
14.7 seconds, 9191 bytes.' at line 1
Feb 19 21:40:01 work spamd[27113]: spamd: clean message (-8.1/5.0) for
fernst:1000 in 14.4 seconds, 5841 bytes.
Feb 19 21:40:01 work rsyslogd: db error (1064): You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' spamd: clean message (-8.1/5.0) for fernst:1000 in
14.4 seconds, 5841 bytes.' at line 1
Feb 20 00:00:10 work dnsmasq[2563]: read /etc/hosts - 9 addressesFeb 20
00:00:10 work rsyslogd: db error (1064): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '' read /etc/hosts - 9 addresses' at line 1
(yes, this is quoted as-is, i.e. without a newline between the two entries)
Feb 20 05:00:04 work dnsmasq[2563]: no servers found in
/var/run/dnsmasq/resolv.conf, will retryFeb 20 05:00:04 work rsyslogd: db error
(1064): You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' no servers
found in /var/run/dnsmasq/resolv.conf, will retry' at line 1
(yes, this is quoted as-is, i.e. without a newline between the two entries)
On further note, I now see empty lines in my syslog directly before or
directly after these db error messages, and sometimes just at random
places. Here a sample:
[...]
Feb 20 11:17:39 work spamd[30519]: spamd: connection from localhost [127.0.0.1]
at port 47185
Feb 20 11:17:39 work spamd[30519]: spamd: setuid to fernst succeeded
Feb 20 11:17:39 work rsyslogd: db error (1064): You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '' spamd: connection from localhost [127.0.0.1] at
port 47185' at line 1
Feb 20 11:17:39 work spamd[30519]: spamd: processing message
<[email protected]> aka <UMdmpD7noGO.A._ME.8oOYNB@liszt> for
fernst:1000
Feb 20 11:17:53 work spamd[30519]: spamd: clean message (-7.5/5.0) for
fernst:1000 in 13.9 seconds, 4845 bytes.
Feb 20 11:17:53 work spamd[30519]: spamd: result: . -7 -
AWL,BAYES_00,CRM114_PROB_GOOD,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD
scantime=13.9,size=4845,user=fernst,uid=1000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47185,mid=<[email protected]>,rmid=<UMdmpD7noGO.A._ME.8oOYNB@liszt>,bayes=0.000000,autolearn=ham
Feb 20 11:17:53 work spamd[6310]: prefork: child states: II
Feb 20 11:17:53 work fetchmail[2347]: reading message [email protected]:26 of
26 (4742 octets) flushed
Feb 20 11:20:00 work puppet-master[10390]: Host is missing hostname and/or
domain: fernst.no-ip.org
[...]
If I can provide any additional data to help track this down, please
don't hesitate to ask.
Cheers,
Flo
signature.asc
Description: Digital signature
