[Bug 1201469] Re: Possible race condition/uninitialized buffer when logging duplicated messages to ommysql
Romulo Ceccon
romuloceccon+launchpad at gmail.com
Mon Jul 15 15:30:02 UTC 2013
** Summary changed:
- Possible race condition/uninitialized buffer when logging duplicated messages
+ Possible race condition/uninitialized buffer when logging duplicated messages to ommysql
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1201469
Title:
Possible race condition/uninitialized buffer when logging duplicated
messages to ommysql
Status in “rsyslog” package in Ubuntu:
New
Bug description:
I'm running rsyslog with the ommysql plugin. The configuration file is
as follows (unimportant details omited):
$ModLoad ommysql
$template custom_mysql_stmt,"INSERT INTO events (message, facility, from_host, priority, device_reported_time, received_at, info_unit_id, syslog_tag, program_name, program_pid) VALUES ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%', '%programname%', %syslogtag:R,ERE,1,ZERO:\[([0-9]{1,5})\]--end%)",SQL
:programname, !startswith, "mysqld" :ommysql:localhost,syslog,syslog,password;custom_mysql_stmt
That works in normal conditions. However, when under heavy load,
rsyslog sometimes fails with "db error (1064): You have an error in
your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near...". I've patched
rsyslog and was able to get a sample of the offending query being
generated:
INSERT INTO events (message, facility, from_host, priority,
device_reported_time, received_at, info_unit_id, syslog_tag,
program_name, program_pid) VALUES (' last message repeated 2 times',
1, '\', 7, '20130715142048', '20130715142048', 1, 'arachni[4509]:',
'arachni', 4509)
'%HOSTNAME%' is being replaced by '\', which clearly makes the query
invalid.
A sample of other queries shows that maybe a race condition is causing
uninitialized data to be sent to the ommysql plugin:
INSERT INTO events (message, facility, from_host, priority, device_reported_time, received_at, info_unit_id, syslog_tag, program_name, program_pid) VALUES (' last message repeated 10 times', 1, '=/s', 6, '20130715141700', '20130715141700', 1, 'arachni[4509]:', 'arachni', 4509)
INSERT INTO events (message, facility, from_host, priority, device_reported_time, received_at, info_unit_id, syslog_tag, program_name, program_pid) VALUES (' last message repeated 2 times', 1, '9st:4', 7, '20130715141808', '20130715141808', 1, 'arachni[3965]:', 'arachni', 3965)
INSERT INTO events (message, facility, from_host, priority, device_reported_time, received_at, info_unit_id, syslog_tag, program_name, program_pid) VALUES (' last message repeated 2 times', 17, '.4', 6, '20130715141823', '20130715141823', 1, 'httpd-access[6394]:', 'httpd-access', 6394)
I assume it's something internal to the ommysql plugin, because the
same messages are also being sent to /var/log/syslog and that trash
does not appear there:
Jul 15 14:20:48 arachni[4509]: last message repeated 2 times
Jul 15 14:17:00 arachni[4509]: last message repeated 10 times
Jul 15 14:18:08 arachni[3965]: last message repeated 2 times
Jul 15 14:18:23 httpd-access[6394]: last message repeated 2 times
Software version information:
$ lsb_release -rd
Description: Ubuntu 12.04.2 LTS
Release: 12.04
$ apt-cache policy rsyslog
rsyslog:
Installed: 5.8.6-1ubuntu8.4
Candidate: 5.8.6-1ubuntu8.4
Version table:
*** 5.8.6-1ubuntu8.4 0
500 http://sa-east-1a.clouds.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
100 /var/lib/dpkg/status
5.8.6-1ubuntu8 0
500 http://sa-east-1a.clouds.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1201469/+subscriptions
More information about the foundations-bugs
mailing list