From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 Description of problem: when MARK is turned off, syslogd does not write "last message repeated XX times" message even if repeatinterval (60sec) is passed. Version-Release number of selected component (if applicable): sysklogd-1.4.1-26_FC4 How reproducible: Always Steps to Reproduce: 1.start syslogd with "-m 0" option. 2.check background process which write logs. if those process is exist, exit it before test. 3.execute "logger" several times with same message within repeatinterval. 4.wait some minutes and check log file. Actual Results: even if repeatinterval is passed, do not show "last message" message into log file. Expected Results: my understand is here: when repeatinterval is passed, "last message repeated XXX times" should be written to log file. Additional info:
here is patch which would fix this problem. --- syslogd.c.orig Fri Mar 18 01:10:22 2005 +++ syslogd.c Fri Mar 18 01:12:46 2005 @@ -2089,13 +2089,15 @@ int lognum; #endif - if (MarkInterval > 0) { now = time(0); + + if (MarkInterval > 0) { MarkSeq += TIMERINTVL; if (MarkSeq >= MarkInterval) { logmsg(LOG_INFO, "-- MARK --", LocalHostName, ADDDATE|MARK); MarkSeq = 0; } + } #ifdef SYSV for (lognum = 0; lognum <= nlogs; lognum++) { @@ -2110,7 +2112,6 @@ fprintlog(f, LocalHostName, 0, (char *)NULL); BACKOFF(f); } - } } (void) signal(SIGALRM, domark); (void) alarm(TIMERINTVL);
The 'last message repeated N times' message is logged when the next message that is NOT equal to the last message is logged. ie, after the command: $ for ((i=0; i<20; i++)) do logger hello; done only 1 "hello" message is logged, until a different log message is logged: $ logger hello2 Then syslogd emits the 'last message repeated 19 times' followed by the 'hello2' message. This is the way syslogd should work. We don't want syslogd deciding of its own accord to emit a log message when no log message has been generated by another process. With your patch, a malicious user could do $ while /bin/true; do logger hello; done and eventually syslogd would fill up the log with by generating 'last message repeated n times' for the same log message once every interval.
Hmm, I understand it is feature that "last message repeated" is not logged until a different message is logged. But I think this would have two problems: 1.when MARK is ON (without "-m 0"), log file is filled by "last message repeated" message. (my patch cannot avoid this) 2.when message is transferd to remote host, timestamp may be seriously delayed. i.e. command local remote timeA hello ---> hello[timeA] ---> hello[timeA] timeB hello ---> (queued) timeC hello ---> (queued) ... wait 1 hour ... timeD hello ---> hello[timeC] ----> hello[timeD] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ timeD is later 1 hour than timeC but the same message. (with my patch, a delay should be under 30 sec. this is better than above situation, I think.)
> 1.when MARK is ON (without "-m 0"), log file is filled by "last > message repeated" message. Yes, that is why we specify "-m 0" as a default option to syslogd . > 2.when message is transfered to remote host, timestamp may be > seriously delayed. If this is a problem, use the '-m N' (N > 0) option . Your patch is really equivalent to the '-m N' option without the "Mark" messages actually being logged . I will investigate how this can be improved for future releases.