Fwd: (RADIATOR) Incomplete entries in syslog

Jan Tomasek jan at tomasek.cz
Mon Sep 13 08:14:28 CDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mike,
> We see that all platforms truncate the syslog message at about 1024 bytes
> (this seems to happen in the syslog daemon, not the Syslog.pm client), but
> none of them run multiple syslog lines together, even if they are truncated.
> The Solaris 9  syslogger prints embedded newlines as '\n', buts thats the only
> wierdness we saw.
>
> I understand this is on Debian Woody (which we did not test)? What version
> of perl?

System is Debian Woody, perl is 5.6.1-8.7, syslog-ng is 1.5.15-1.1.

I did few tests myself and discovered that that lenght in my case is 1024
minus length of host name and length of identity string and -2. Crazy thing
that syslog ;)

This is just interesting, but! I also discovered that that bad character
causing that part of messages is going to bad facility is 10. That is \n ;)
But there is another exception. Message passed to syslog has to be longer than
2*255.

You can use my testing script for your own experiments ;)

Well here are now known two problems accoring to syslog:
 1) logining to bad facilty, this can be fixed by escaping \n characters in
    message.
 2) truncating long messages

In first line I need to quickly resolve 1) because users are becoming to use
it and mails from logcheck can simply become TOO huge. 2) is bad too but I can
wait a while.

There is also one issue, log lines in syslog like this:

Sep 13 14:54:23 ldap1 radiator[18242]: Packet dump: *** Sending to
195.178.64.172 port 32943 .... Code:       Access-Accept Identifier: 205
Authentic:  Q<165>2ra|Y+(D<223><152>K<233>pA Attributes:
Tunnel-Private-Group-ID = 1:666         Tunnel-Type = 1:VLAN
Tunnel-Medium-Type = 1:Ether_802

are very badly readable. Maybe if you will modify loging facility to split log
messages by \n it will resolve both 1) and 2) and will also produce more
readable output. What do you think about something like this:

        my @s = split(/\n/, $s);
        eval {openlog($self->{LogIdent}, 'pid', $self->{Facility});
              foreach my $ss (@s) {
                syslog("$self->{Facility}|$priorityToSyslog[$priority]", $ss);
              };
              closelog()};
        &main::log($main::LOG_ERR, "Error while doing Log SYSLOG: $@")
            if $@;

Best regards
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBRZ0y79++DGvj6tMRAgzMAJ0R0DLZqhSsU5AX6ot0SOo8yZ1BXwCgmB5c
uenzwhro2RpZ5I0SVj60N9Q=
=K72u
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog.pl
Type: text/x-perl
Size: 777 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040913/e18f15b4/attachment.bin>

More information about the radiator mailing list