Could you run this instance under valgrind? This usually provides extremely good clues about what goes wrong.
Rainer On Fri, Jul 12, 2013 at 8:14 PM, Castillo, Jose Contractor < [email protected]> wrote: > Hello, > > I'm testing log classification with lognorm, and using "annotate" in the > rule file I was able to get an extra field in the output file, but when I > include more than one liblognorm tag in the rule file rsyslog terminated > with segmentation fault. > > Am I doing something wrong? > > Below information about these test including rsyslog configuration files > and OS information. > > Also I'm attaching a file with information obtained using gdb and the core > file generated by rsyslog. > > . > Best Regards, > > Jose > > ============================================== > # cat /etc/rsyslog.conf > module (load="imudp") > module (load="mmnormalize") > module (load="mmjsonparse") > > input(type="imudp" address="192.168.1.1" port="514" ruleset="test") > > template(name="testFormat" type="string" string="%$!all-json%\n") > > ruleset(name="test") { > action(type="mmnormalize" userawmsg="on" > rulebase="/data/syslog/rulebase.rb") > if $parsesuccess == "OK" then{ > action(type="omfile" file="/data/syslog/test-syslog.log" > template="testFormat") > } > } > > Test 1 : > # cat rulebase.rb > rule=smarts:%date:date-rfc5424% > annotate=smarts:+tags="smarts" > > I'm using nc to send log data to rsyslog: > # nc -w0 -u 192.168.1.1 514 <<< `/bin/date '+%Y-%m-%dT%T.%NZ'` > > # cat test-syslog.log > { "date": "2013-07-12T13:02:09.040059350Z", "tags": "smarts" } > > Test 2: > I included an additional tag (test) to the same rule > > # cat rulebase.rb > rule=smarts,test:%date:date-rfc5424% > annotate=smarts:+tags="smarts" > > and after run nc again I got: > > Core was generated by `/sbin/rsyslogd -i /var/run/syslogd.pid -c 5'. > Program terminated with signal 11, Segmentation fault. > > =================================================================== > OS Centos 6.4 > > # uname -a > Linux test 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 > x86_64 x86_64 x86_64 GNU/Linux > > Packages installed from from Adiscon repository: > json-c-0.10-2.el6.x86_64 > json-c-debuginfo-0.10-2.el6.x86_64 > libee-0.4.1-1.el6.x86_64 > libee-debuginfo-0.4.1-1.el6.x86_64 > libestr-0.1.5-1.el6.x86_64 > libestr-debuginfo-0.1.5-1.el6.x86_64 > libgt-0.3.11-1.el6.x86_64 > libgt-debuginfo-0.3.11-1.el6.x86_64 > liblognorm-0.3.6-1.el6.x86_64 > liblognorm-debuginfo-0.3.6-1.el6.x86_64 > libmongo-client-0.1.6.1-1.el6.x86_64 > libmongo-client-debuginfo-0.1.6.1-1.el6.x86_64 > rsyslog-7.4.2-1.el6.x86_64 > rsyslog-debuginfo-7.4.2-1.el6.x86_64 > rsyslog-elasticsearch-7.4.2-1.el6.x86_64 > rsyslog-mmjsonparse-7.4.2-1.el6.x86_64 > rsyslog-mmnormalize-7.4.2-1.el6.x86_64 > rsyslog-mysql-7.4.2-1.el6.x86_64 > rsyslog-udpspoof-7.4.2-1.el6.x86_64 > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
