[Home]

Summary:ASTERISK-25510: [patch]Log to syslog failing
Reporter:Michael Newton (miken32)Labels:
Date Opened:2015-10-30 19:00:19Date Closed:2016-03-25 13:40:25
Priority:MajorRegression?Yes
Status:Closed/CompleteComponents:Core/Logging
Versions:11.20.0 Frequency of
Occurrence
Constant
Related
Issues:
is caused byASTERISK-25407 Asterisk fails to log to multiple syslog destinations
Environment:Scientific Linux 6.7, rsyslog 5.8.10Attachments:
Description:This function worked fine in Asterisk 11.19 but since ASTERISK-25407 was checked-in syslog messages are being sent with an invalid priority and facility.

Contents of logger.conf are as follows:
{noformat}
[general]
appendhostname=no
dateformat=%F %T
queue_log=no
rotatestrategy=rotate
[logfiles]
console => debug,dtmf,error,fax,notice,verbose,warning
full => debug,error,fax,notice,verbose,warning
messages => error,notice,warning
security => security
syslog.local3 => notice,warning
{noformat}

I was unable to capture log messages going to the local syslog server (anyone know how to capture socket traffic?) but here is what I see on a packet trace when relaying to a remote server:
{noformat}
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 105)
   192.168.242.172.60913 > 192.168.242.205.514: SYSLOG, length: 77
Facility auth (4), Severity error (3)
Msg: Oct 30 17:53:48 server1 asterisk: syslog: unknown facility/priority: 4c4
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 349)
   192.168.242.172.60913 > 192.168.242.205.514: SYSLOG, length: 321
Facility kernel (0), Severity emergency (0)
Msg: invld>Oct 30 17:53:48 server1 asterisk: WARNING[2322]: chan_sip.c:4024 in retrans_pkt: Retransmission timeout reached on transmission df09fb87e9ee227d7818789fe271f0c9 for seqno 1 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions#012Packet timed out after 32000ms with no response
{noformat}

Note first is sent with a totally invalid value, the second with kernel.emergency.

For reference, here is a capture from a server running the same config on 11.19:
{noformat}
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 249)
   192.168.242.167.37299 > 192.168.242.205.514: SYSLOG, length: 221
Facility local3 (19), Severity notice (5)
Msg: Oct 30 19:55:15 server2 asterisk[2284]: NOTICE[2321]: chan_sip.c:28309 in handle_request_register: Registration from '"Foo" <sip:7040@server2>' failed for '2.3.4.54:56513' - Wrong password
{noformat}

Hopefully this is enough information to reproduce.
Comments:By: Asterisk Team (asteriskteam) 2015-10-30 19:00:20.820-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Walter Doekes (wdoekes) 2016-03-24 05:14:56.895-0500

https://sourceware.org/bugzilla/show_bug.cgi?id=14347

LOG_MAKEPRI is broken in glibc < 2.17:
{noformat}
$ grep define[[:blank:]]*LOG_MAKEPRI /usr/include/x86_64-linux-gnu/sys/syslog.h
#define LOG_MAKEPRI(fac, pri) (((fac) << 3) | (pri))
{noformat}

It should be:
{noformat}
#define LOG_MAKEPRI(fac, pri) ((fac) | (pri))
{noformat}

Suggested fix: drop the LOG_MAKEPRI macro and OR the two values together here:
{noformat}
+       syslog_level = LOG_MAKEPRI(facility, syslog_level);
{noformat}
(added in 29694eb2a (11-branch))