Bug 717167 - make non-standard log file collection more robust
Summary: make non-standard log file collection more robust
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sos
Version: 5.7
Hardware: All
OS: All
medium
medium
Target Milestone: rc
: 5.8
Assignee: Bryn M. Reeves
QA Contact: David Kutálek
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 769266
TreeView+ depends on / blocked
 
Reported: 2011-06-28 09:02 UTC by Bryn M. Reeves
Modified: 2012-08-10 08:59 UTC (History)
6 users (show)

(edit)
Cause: In prior release sos attempted to use a heuristic to determine whether the system is configured to use traditional syslogd or rsyslogd for logging.

Consequence: This heuristic would mis-identify systems having rsyslog installed (but not configured) as actually using the daemon and failed to collect custom-defined log destinations specified in syslog.conf on such hosts.

Fix: The general module no longer attempts to determine which log daemon is in use and will collect any user-defined log destinations present in either file

Result: Collection of user-defined log destinations is now more robust on systems using either syslogd or rsyslog.
Clone Of:
(edit)
Last Closed: 2012-02-21 03:25:17 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0153 normal SHIPPED_LIVE Low: sos security, bug fix, and enhancement update 2012-02-21 07:25:08 UTC

Description Bryn M. Reeves 2011-06-28 09:02:22 UTC
Description of problem:
RHEL5 introduced rsyslog as an optional replacement for syslog (it's default in RHEL6 onwards). The 5.7 update of sos adds the ability to parse syslog.conf/rsyslog.conf and collect non-standard log files defined in the two files (see bug 596970).

The current approach will fail if rsyslog is installed but not configured resulting in non-standard logfiles defined in syslog.conf being omitted from the report tarball.

Version-Release number of selected component (if applicable):
sos-1.7-9.54.el5

How reproducible:
100%

Steps to Reproduce:
1. install rsyslog but do not configure
2. configure additional syslog.conf log, e.g.:
echo -e '*.info;mail.none;authpriv.none;cron.none\t\t/var/log/mymessages' >> /etc/syslog.conf
/etc/init.d/syslog restart
3. run sosreport and inspect generated tarball
  
Actual results:
Additional log files not captured

Expected results:
Tarball includes log files defined in syslog.conf

Additional info:
Not strictly relevant in RHEL6 since rsyslog is the default however it would still be good to get this straightened out properly in upstream sos.

Comment 1 David Kutálek 2011-06-28 10:50:32 UTC
We should simplify to:

 if /etc/syslog.conf present, parse it
 if /etc/rsyslog.conf present, parse it

Ie, discard check for installed syslog versions and just grab log files defined in both - if config files are present.

Comment 2 David Kutálek 2011-06-28 11:27:41 UTC
One more defect to be fixed:

Since in 5.7 we have fix to tail oversized syslog logs according to specified limit, we should apply it to all syslog logs when all_logs is on. Now, additional log files defined in syslog/rsyslog configs are gathered without applying size limit.

In case of oversized messages and secure logs, it results in one full and one tailed instance of log in report. In case of other log files, these are in report once, but not tailed.

Comment 7 Bryn M. Reeves 2012-01-25 17:46:12 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: In prior release sos attempted to use a heuristic to determine whether the system is configured to use traditional syslogd or rsyslogd for logging.

Consequence: This heuristic would mis-identify systems having rsyslog installed (but not configured) as actually using the daemon and failed to collect custom-defined log destinations specified in syslog.conf on such hosts.

Fix: The general module no longer attempts to determine which log daemon is in use and will collect any user-defined log destinations present in either file

Result: Collection of user-defined log destinations is now more robust on systems using either syslogd or rsyslog.

Comment 8 errata-xmlrpc 2012-02-21 03:25:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0153.html


Note You need to log in before you can comment on or make changes to this bug.