Bug 151398 - syslogd forget to write message.
syslogd forget to write message.
Product: Fedora
Classification: Fedora
Component: sysklogd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-03-17 11:34 EST by Shuichi KITAGUCHI
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-17 14:53:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Shuichi KITAGUCHI 2005-03-17 11:34:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Description of problem:
when MARK is turned off, syslogd does not write "last message repeated XX times" message even if repeatinterval (60sec) is passed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.start syslogd with "-m 0" option.
2.check background process which write logs. if those process is exist, exit it before test.
3.execute "logger" several times with same message within repeatinterval. 
4.wait some minutes and check log file.

Actual Results:  even if repeatinterval is passed, do not show "last message" message into log file.

Expected Results:  my understand is here:
when repeatinterval is passed, "last message repeated XXX times" should be written to log file.

Additional info:
Comment 1 Shuichi KITAGUCHI 2005-03-17 11:40:06 EST
here is patch which would fix this problem.

--- syslogd.c.orig	Fri Mar 18 01:10:22 2005
+++ syslogd.c	Fri Mar 18 01:12:46 2005
@@ -2089,13 +2089,15 @@
 	int lognum;
-	if (MarkInterval > 0) {
 	now = time(0);
+	if (MarkInterval > 0) {
 	MarkSeq += TIMERINTVL;
 	if (MarkSeq >= MarkInterval) {
 		logmsg(LOG_INFO, "-- MARK --", LocalHostName, ADDDATE|MARK);
 		MarkSeq = 0;
+	}
 #ifdef SYSV
 	for (lognum = 0; lognum <= nlogs; lognum++) {
@@ -2110,7 +2112,6 @@
 			fprintlog(f, LocalHostName, 0, (char *)NULL);
-	}
 	(void) signal(SIGALRM, domark);	
 	(void) alarm(TIMERINTVL);
Comment 2 Jason Vas Dias 2005-03-17 14:53:05 EST
The 'last message repeated N times' message is logged when the
next message that is NOT equal to the last message is logged.
ie, after the command:
   $ for ((i=0; i<20; i++)) do logger hello; done
only 1 "hello" message is logged, until a different log message is logged:
   $ logger hello2
Then syslogd emits the 'last message repeated 19 times' followed by
the 'hello2' message. This is the way syslogd should work. We don't
want syslogd deciding of its own accord to emit a log message when 
no log message has been generated by another process. 
With your patch, a malicious user could do
   $ while /bin/true; do logger hello; done
and eventually syslogd would fill up the log with by generating
'last message repeated n times' for the same log message once
every interval.
Comment 3 Shuichi KITAGUCHI 2005-03-18 12:55:51 EST
Hmm, I understand it is feature that "last message repeated" is not
logged until a different message is logged.
But I think this would have two problems:

1.when MARK is ON (without "-m 0"), log file is filled by "last message 
repeated" message.
  (my patch cannot avoid this)
2.when message is transferd to remote host, timestamp may be seriously delayed.
               command         local                  remote
        timeA   hello   --->   hello[timeA]    --->   hello[timeA]
        timeB   hello   --->  (queued)
        timeC   hello   --->  (queued)
          ... wait 1 hour ...
        timeD   hello   --->   hello[timeC]    ---->  hello[timeD]
                timeD is later 1 hour than timeC but the same message.
  (with my patch, a delay should be under 30 sec. this is better than
   above situation, I think.)
Comment 4 Jason Vas Dias 2005-03-18 13:16:57 EST
> 1.when MARK is ON (without "-m 0"), log file is filled by "last    
>   message repeated" message.

Yes, that is why we specify "-m 0" as a default option to syslogd .

> 2.when message is transfered to remote host, timestamp may be 
>   seriously delayed.

If this is a problem, use the '-m N' (N > 0) option . Your patch 
is really equivalent to the '-m N' option without the "Mark" messages
actually being logged .

I will investigate how this can be improved for future releases.


Note You need to log in before you can comment on or make changes to this bug.