Project

General

Profile

Actions

Bug #5606

closed

syslog.conf misconfigured - many duplicate messages in system.log

Added by Willy Tenner almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
Logging
Target version:
Start date:
12/06/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

The script /etc/inc/system.inc is generating a syslog.conf which is a little bit misconfigured. The original code of pfSense 2.2.4 contains a sequence like this in system.inc:

*.notice;kern.debug;lpr.info;mail.crit;daemon.none;             {$log_directive}{$g['varlog_path']}/system.log
news.err;local0.none;local3.none;local4.none;                   {$log_directive}{$g['varlog_path']}/system.log
local7.none                                                     {$log_directive}{$g['varlog_path']}/system.log
security.*                                                      {$log_directive}{$g['varlog_path']}/system.log
auth.info;authpriv.info;daemon.info                             {$log_directive}{$g['varlog_path']}/system.log

...

$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");

With this config every event from facility "auth", "authpriv" or "daemon" with severity level "info" or higher will be logged twice to the system.log and any optional configured syslog servers. This is also true for events from the facility "security" with severity level "notice" or higher and "news" with severity "err" or higher.

The problem is that there are five identical action fields in five different lines. When one selector (facility.level) matches the action will be executed but further processing of syslog.conf does not stop. It continues to the next line. If there is another match the action will be executed too.

So the solution is to write all selectors with the same action in ONE line:

*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info    {$log_directive}{$g['varlog_path']}/system.log

...

$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info");

Because the length of the facility-string now could be greater than the hardcoded value of 56 I would suggest to determine the length dynamically in the function "system_syslogd_get_remote_servers":

// $pad_to  = 56;
$pad_to  = strlen($facility);

I attach the appropriate patch file for system.inc. It is for the previous version of pfSense 2.2.4. I use it for some days and it works great. No duplicate messages anymore. Please fix the bug in one of the next releases. Thank you.


Files

system.inc.patch (1.41 KB) system.inc.patch patch file for system.inc (release 2.2.4) Willy Tenner, 12/06/2015 09:51 AM
Actions #1

Updated by Phillip Davis almost 9 years ago

I made pull request https://github.com/pfsense/pfsense/pull/2162 for RELENG_2_2
There was a 2nd place to combine those selections for system.log
And I adjusted the $pad_to to be:
$pad_to = max(strlen($facility), 56);

Actions #2

Updated by Phillip Davis almost 9 years ago

The same change for master (2.3) is https://github.com/pfsense/pfsense/pull/2163

Actions #3

Updated by Jim Thompson almost 9 years ago

  • Assignee set to Renato Botelho

Phillip Davis wrote:

I made pull request https://github.com/pfsense/pfsense/pull/2162 for RELENG_2_2
There was a 2nd place to combine those selections for system.log
And I adjusted the $pad_to to be:
$pad_to = max(strlen($facility), 56);

Thanks, Phil.

We'll evaluate and see if we can't get this into 2.2.6.

Actions #4

Updated by Renato Botelho almost 9 years ago

  • Status changed from New to Feedback
  • Target version set to 2.3

Merged, thanks!

Actions #5

Updated by Chris Buechler almost 9 years ago

  • Target version changed from 2.3 to 2.2.6
  • Affected Version changed from 2.2.4 to All
Actions #6

Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF