Hello,
I'm testing log classification with lognorm, and using "annotate" in the rule
file I was able to get an extra field in the output file, but when I include
more than one liblognorm tag in the rule file rsyslog terminated with
segmentation fault.
Am I doing something wrong?
Below information about these test including rsyslog configuration files and OS
information.
Also I'm attaching a file with information obtained using gdb and the core file
generated by rsyslog.
.
Best Regards,
Jose
==============================================
# cat /etc/rsyslog.conf
module (load="imudp")
module (load="mmnormalize")
module (load="mmjsonparse")
input(type="imudp" address="192.168.1.1" port="514" ruleset="test")
template(name="testFormat" type="string" string="%$!all-json%\n")
ruleset(name="test") {
action(type="mmnormalize" userawmsg="on"
rulebase="/data/syslog/rulebase.rb")
if $parsesuccess == "OK" then{
action(type="omfile" file="/data/syslog/test-syslog.log"
template="testFormat")
}
}
Test 1 :
# cat rulebase.rb
rule=smarts:%date:date-rfc5424%
annotate=smarts:+tags="smarts"
I'm using nc to send log data to rsyslog:
# nc -w0 -u 192.168.1.1 514 <<< `/bin/date '+%Y-%m-%dT%T.%NZ'`
# cat test-syslog.log
{ "date": "2013-07-12T13:02:09.040059350Z", "tags": "smarts" }
Test 2:
I included an additional tag (test) to the same rule
# cat rulebase.rb
rule=smarts,test:%date:date-rfc5424%
annotate=smarts:+tags="smarts"
and after run nc again I got:
Core was generated by `/sbin/rsyslogd -i /var/run/syslogd.pid -c 5'.
Program terminated with signal 11, Segmentation fault.
===================================================================
OS Centos 6.4
# uname -a
Linux test 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Packages installed from from Adiscon repository:
json-c-0.10-2.el6.x86_64
json-c-debuginfo-0.10-2.el6.x86_64
libee-0.4.1-1.el6.x86_64
libee-debuginfo-0.4.1-1.el6.x86_64
libestr-0.1.5-1.el6.x86_64
libestr-debuginfo-0.1.5-1.el6.x86_64
libgt-0.3.11-1.el6.x86_64
libgt-debuginfo-0.3.11-1.el6.x86_64
liblognorm-0.3.6-1.el6.x86_64
liblognorm-debuginfo-0.3.6-1.el6.x86_64
libmongo-client-0.1.6.1-1.el6.x86_64
libmongo-client-debuginfo-0.1.6.1-1.el6.x86_64
rsyslog-7.4.2-1.el6.x86_64
rsyslog-debuginfo-7.4.2-1.el6.x86_64
rsyslog-elasticsearch-7.4.2-1.el6.x86_64
rsyslog-mmjsonparse-7.4.2-1.el6.x86_64
rsyslog-mmnormalize-7.4.2-1.el6.x86_64
rsyslog-mysql-7.4.2-1.el6.x86_64
rsyslog-udpspoof-7.4.2-1.el6.x86_64
# gdb /sbin/rsyslogd /tmp/core_dump/core.31557
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /sbin/rsyslogd...Reading symbols from
/usr/lib/debug/sbin/rsyslogd.debug...done.
done.
[New Thread 31559]
[New Thread 31558]
[New Thread 31557]
Missing separate debuginfo for
Try: yum --disablerepo='*' --enablerepo='*-debug*' install
/usr/lib/debug/.build-id/d6/c129cc385340a2e2c512f3c6c189704197e3ab
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /usr/lib64/libestr.so.0.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libestr.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libestr.so.0.0.0
Reading symbols from /usr/lib64/libjson.so.0.1.0...Reading symbols from
/usr/lib/debug/usr/lib64/libjson.so.0.1.0.debug...done.
done.
Loaded symbols for /usr/lib64/libjson.so.0.1.0
Reading symbols from /lib64/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libuuid.so.1
Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgcc_s.so.1
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/rsyslog/lmnet.so...Reading symbols from
/usr/lib/debug/lib64/rsyslog/lmnet.so.debug...done.
done.
Loaded symbols for /lib64/rsyslog/lmnet.so
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/rsyslog/imudp.so...Reading symbols from
/usr/lib/debug/lib64/rsyslog/imudp.so.debug...done.
done.
Loaded symbols for /lib64/rsyslog/imudp.so
Reading symbols from /lib64/rsyslog/mmnormalize.so...Reading symbols from
/usr/lib/debug/lib64/rsyslog/mmnormalize.so.debug...done.
done.
Loaded symbols for /lib64/rsyslog/mmnormalize.so
Reading symbols from /usr/lib64/liblognorm.so.0.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/liblognorm.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/liblognorm.so.0.0.0
Reading symbols from /usr/lib64/libee.so.0.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libee.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libee.so.0.0.0
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/rsyslog/mmjsonparse.so...Reading symbols from
/usr/lib/debug/lib64/rsyslog/mmjsonparse.so.debug...done.
done.
Loaded symbols for /lib64/rsyslog/mmjsonparse.so
Core was generated by `/sbin/rsyslogd -i /var/run/syslogd.pid -c 5'.
Program terminated with signal 11, Segmentation fault.
#0 ln_annotateEventWithTag (ctx=0x7f130c730a60, event=0x7f12f8001d70) at
annot.c:197
197 for(op = annot->oproot ; op != NULL ; op = op->next) {
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6_4.2.x86_64 libgcc-4.4.7-3.el6.x86_64
libuuid-2.17.2-12.9.el6_4.3.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) info thread
3 Thread 0x7f130b63a740 (LWP 31557) 0x00007f130a1164f3 in select () from
/lib64/libc.so.6
2 Thread 0x7f1308f7c700 (LWP 31558) 0x00007f130a11df03 in epoll_wait () from
/lib64/libc.so.6
* 1 Thread 0x7f130857b700 (LWP 31559) ln_annotateEventWithTag
(ctx=0x7f130c730a60, event=0x7f12f8001d70) at annot.c:197
(gdb) thread 1
[Switching to thread 1 (Thread 0x7f130857b700 (LWP 31559))]#0
ln_annotateEventWithTag (ctx=0x7f130c730a60, event=0x7f12f8001d70) at
annot.c:197
197 for(op = annot->oproot ; op != NULL ; op = op->next) {
(gdb) bt
#0 ln_annotateEventWithTag (ctx=0x7f130c730a60, event=0x7f12f8001d70) at
annot.c:197
#1 ln_annotateEvent (ctx=0x7f130c730a60, event=0x7f12f8001d70) at annot.c:231
#2 0x00007f13096131b3 in ln_normalize (ctx=0x7f130c730a60, str=0x7f12f8001d10,
event=0x7f130857a8d0) at ptree.c:836
#3 0x00007f1309818bb5 in doAction (ppString=<value optimized out>,
iMsgOpts=<value optimized out>, pData=0x7f130c7306e0) at mmnormalize.c:217
#4 0x00007f130b69ef59 in actionCallDoAction (pThis=0x7f130c731300,
pMsg=0x7f13000008e0, actParams=0x7f130c74cab8) at ../action.c:918
#5 0x00007f130b69fa4a in actionProcessMessage (pAction=<value optimized out>,
pBatch=0x7f130c72c8d8, nElem=1) at ../action.c:967
#6 tryDoAction (pAction=<value optimized out>, pBatch=0x7f130c72c8d8, nElem=1)
at ../action.c:1061
#7 submitBatch (pAction=<value optimized out>, pBatch=0x7f130c72c8d8, nElem=1)
at ../action.c:1128
#8 0x00007f130b69fee8 in processAction (pAction=0x7f130c731300, pBatch=<value
optimized out>, pbShutdownImmediate=0x0) at ../action.c:1253
#9 processBatchMain (pAction=0x7f130c731300, pBatch=<value optimized out>,
pbShutdownImmediate=0x0) at ../action.c:1291
#10 0x00007f130b69dd9f in doQueueEnqObjDirectBatch (pAction=0x7f130c731300,
pBatch=0x7f130c72c8d8) at ../action.c:1655
#11 doSubmitToActionQBatch (pAction=0x7f130c731300, pBatch=0x7f130c72c8d8) at
../action.c:1677
#12 0x00007f130b69ded9 in doSubmitToActionQNotAllMarkBatch
(pAction=0x7f130c731300, pBatch=0x7f130c72c8d8) at ../action.c:1591
#13 0x00007f130b6983e3 in execAct (root=<value optimized out>,
pBatch=0x7f130c72c8d8, active=<value optimized out>) at ruleset.c:234
#14 scriptExec (root=<value optimized out>, pBatch=0x7f130c72c8d8,
active=<value optimized out>) at ruleset.c:529
#15 0x00007f130b698d36 in processBatch (pBatch=0x7f130c72c8d8) at ruleset.c:578
#16 0x00007f130b660f5a in msgConsumer (notNeeded=<value optimized out>,
pBatch=0x7f130c72c8d8, pbShutdownImmediate=<value optimized out>) at
syslogd.c:569
#17 0x00007f130b6977eb in ConsumerReg (pThis=0x7f130c72c470,
pWti=0x7f130c72c8b0) at queue.c:1858
#18 0x00007f130b6929a6 in wtiWorker (pThis=0x7f130c72c8b0) at wti.c:313
#19 0x00007f130b692492 in wtpWorker (arg=0x7f130c72c8b0) at wtp.c:388
#20 0x00007f130b001851 in start_thread () from /lib64/libpthread.so.0
#21 0x00007f130a11d90d in clone () from /lib64/libc.so.6
(gdb) thread 2
[Switching to thread 2 (Thread 0x7f1308f7c700 (LWP 31558))]#0
0x00007f130a11df03 in epoll_wait () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f130a11df03 in epoll_wait () from /lib64/libc.so.6
#1 0x00007f1309a1db98 in rcvMainLoop (pThrd=0x7f130c72cb10) at imudp.c:628
#2 0x00007f1309a1e120 in runInput (pThrd=0x7f130c72cb10) at imudp.c:920
#3 0x00007f130b6a0603 in thrdStarter (arg=0x7f130c72cb10) at ../threads.c:212
#4 0x00007f130b001851 in start_thread () from /lib64/libpthread.so.0
#5 0x00007f130a11d90d in clone () from /lib64/libc.so.6
(gdb) thread 3
[Switching to thread 3 (Thread 0x7f130b63a740 (LWP 31557))]#0
0x00007f130a1164f3 in select () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f130a1164f3 in select () from /lib64/libc.so.6
#1 0x00007f130b662878 in mainloop (argc=<value optimized out>, argv=<value
optimized out>) at syslogd.c:1286
#2 realMain (argc=<value optimized out>, argv=<value optimized out>) at
syslogd.c:2038
#3 0x00007f130a053cdd in __libc_start_main () from /lib64/libc.so.6
#4 0x00007f130b660039 in _start ()
(gdb) q_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
