Project

General

Profile

Bug #5606

syslog.conf misconfigured - many duplicate messages in system.log

Added by Willy Tenner over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
Logging
Target version:
Start date:
12/06/2015
Due date:
% Done:

0%

Affected Version:
All
Affected Architecture:
All

Description

The script /etc/inc/system.inc is generating a syslog.conf which is a little bit misconfigured. The original code of pfSense 2.2.4 contains a sequence like this in system.inc:

*.notice;kern.debug;lpr.info;mail.crit;daemon.none;             {$log_directive}{$g['varlog_path']}/system.log
news.err;local0.none;local3.none;local4.none;                   {$log_directive}{$g['varlog_path']}/system.log
local7.none                                                     {$log_directive}{$g['varlog_path']}/system.log
security.*                                                      {$log_directive}{$g['varlog_path']}/system.log
auth.info;authpriv.info;daemon.info                             {$log_directive}{$g['varlog_path']}/system.log

...

$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");

With this config every event from facility "auth", "authpriv" or "daemon" with severity level "info" or higher will be logged twice to the system.log and any optional configured syslog servers. This is also true for events from the facility "security" with severity level "notice" or higher and "news" with severity "err" or higher.

The problem is that there are five identical action fields in five different lines. When one selector (facility.level) matches the action will be executed but further processing of syslog.conf does not stop. It continues to the next line. If there is another match the action will be executed too.

So the solution is to write all selectors with the same action in ONE line:

*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info    {$log_directive}{$g['varlog_path']}/system.log

...

$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info");

Because the length of the facility-string now could be greater than the hardcoded value of 56 I would suggest to determine the length dynamically in the function "system_syslogd_get_remote_servers":

// $pad_to  = 56;
$pad_to  = strlen($facility);

I attach the appropriate patch file for system.inc. It is for the previous version of pfSense 2.2.4. I use it for some days and it works great. No duplicate messages anymore. Please fix the bug in one of the next releases. Thank you.

system.inc.patch Magnifier - patch file for system.inc (release 2.2.4) (1.41 KB) Willy Tenner, 12/06/2015 09:51 AM

History

#1 Updated by Phillip Davis over 2 years ago

I made pull request https://github.com/pfsense/pfsense/pull/2162 for RELENG_2_2
There was a 2nd place to combine those selections for system.log
And I adjusted the $pad_to to be:
$pad_to = max(strlen($facility), 56);

#2 Updated by Phillip Davis over 2 years ago

The same change for master (2.3) is https://github.com/pfsense/pfsense/pull/2163

#3 Updated by Jim Thompson over 2 years ago

  • Assignee set to Renato Botelho

Phillip Davis wrote:

I made pull request https://github.com/pfsense/pfsense/pull/2162 for RELENG_2_2
There was a 2nd place to combine those selections for system.log
And I adjusted the $pad_to to be:
$pad_to = max(strlen($facility), 56);

Thanks, Phil.

We'll evaluate and see if we can't get this into 2.2.6.

#4 Updated by Renato Botelho over 2 years ago

  • Status changed from New to Feedback
  • Target version set to 2.3

Merged, thanks!

#5 Updated by Chris Buechler over 2 years ago

  • Target version changed from 2.3 to 2.2.6
  • Affected Version changed from 2.2.4 to All

#6 Updated by Chris Buechler over 2 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF