Parsing of the exclamation point in the default /etc/syslog.conf appears to cause all lines after those lines to be ignored, even if those lines are commented out. This has been verified on various 4.x and 5.x boxes as well. If this is a side effect of expected behavior, then this behavior may need to be modified, as it is intuitive that adding a simple line to the end of syslog.conf should Just Work. Fix: Not known. How-To-Repeat: 1. Install stock 6.1. 2. Add an entry to the bottom of syslog.conf, as in: --- syslog.conf Sat May 6 20:00:23 2006 +++ syslog.conf.test Thu Jul 20 08:24:23 2006 @@ -30,3 +30,4 @@ *.* /var/log/slip.log !ppp *.* /var/log/ppp.log +auth.* /var/log/test.log 3. # touch /var/log/test.log 4. # chmod u+w /var/log/test.log 5. # kill -HUP `cat /var/run/syslog.pid` 6. Perform an action that will generate an auth-level syslog event, such as logging in, using su, etc. 7. Verify that no entry has been written to /var/log/test.log 8. Comment out all four lines: --- syslog.conf Sat May 6 20:00:23 2006 +++ syslog.conf.test Thu Jul 20 09:33:10 2006 @@ -26,7 +26,8 @@ # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice -!startslip -*.* /var/log/slip.log -!ppp -*.* /var/log/ppp.log +#!startslip +#*.* /var/log/slip.log +#!ppp +#*.* /var/log/ppp.log +auth.* /var/log/test.log 9. # kill -HUP `cat /var/run/syslog.pid` 10. Perform an action that will generate an auth-level syslog event, such as logging in, using su, etc. 11. Verify that no entry has been written to /var/log/test.log 12. Move the test line above the four slip/PPP lines: --- syslog.conf Sat May 6 20:00:23 2006 +++ syslog.conf.test Thu Jul 20 09:34:19 2006 @@ -26,7 +26,8 @@ # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice -!startslip -*.* /var/log/slip.log -!ppp -*.* /var/log/ppp.log +auth.* /var/log/test.log +#!startslip +#*.* /var/log/slip.log +#!ppp +#*.* /var/log/ppp.log 13. # kill -HUP `cat /var/run/syslog.pid` 14. Perform an action that will generate an auth-level syslog event, such as logging in, using su, etc. 15. Verify that writes are now working to /var/log/test.log
Hi Royce, I think this is a consequence of the program specification feature of syslogd - have a look at the syslog.conf man page and search for "program specification". As a documented feature, it is probably not something that we can change. However, we could add a warning to syslog.conf. David.
Hello, David - thanks for the informative response! Looking back at the commits, I see that you're familiar with syslogd.c. David Malone wrote, on 10/3/2008 12:18 PM: > I think this is a consequence of the program specification feature > of syslogd - have a look at the syslog.conf man page and search for > "program specification". Ah, I think that I get it. I do think that there's still a remaining bug, though; I talk about that near the end. > As a documented feature, it is probably not something that we can > change. The syslog.conf manpage says that respecting '#!' is to maintain compatibility with a previous version of syslog. Looking back at syslog.conf and syslogd.c, it looks like support for this was added in rev 1.3 back in December 1994, but I don't see anything that shows when the previous version of syslog was replaced. It may be difficult to gauge how many people are using this legacy functionality, but my instinct is that giving some warning and then dropping support for '#!' (while keeping support for '!' without the '#' in front of it) may be warranted. The syslog.conf comments mention cross-platform compatibility, and I don't know if any other OSes still use '#!', so that may be an issue. That being said, having the same single character be both a comment character and a functional one seems like a significant POLA violation to me. I'm not aware of any other instance of that. > However, we could add a warning to syslog.conf. Agreed. Perhaps just above the examples themselves, as in: --- syslog.conf 2005-03-12 03:31:16.000000000 -0900 +++ syslog.conf.new 2008-10-06 16:02:09.000000000 -0800 @@ -26,6 +26,10 @@ # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice +# Commenting out program specifications will not work as expected. +# For backwards compatibility with the previous syslog, lines +# starting with '#!' have a purpose and are NOT commented out. +# See 'program specification' in the syslog.conf(5) manpage. !startslip *.* /var/log/slip.log !ppp ... or something less chatty. Is sending this to you sufficient, or should I add it to the PR? Now about the possible bug. Even if commenting out the !startslip doesn't really comment it out, but instead triggers this legacy support, why would all subsequent unrelated configuration lines get ignored? From my testing, any lines added after the example '!' lines are ignored entirely. Surely that's not part of the functionality? Or am I missing something? Are you able to recreate the symptom that I'm seeing, as described in the PR? Royce -- Royce D. Williams - http://royce.ws/ Adding manpower to a late software project makes it later. - Brooks
> The syslog.conf manpage says that respecting '#!' is to maintain > compatibility with a previous version of syslog. Looking back at > syslog.conf and syslogd.c, it looks like support for this was added > in rev 1.3 back in December 1994, but I don't see anything that shows > when the previous version of syslog was replaced. I think the idea is that you could share a syslog.conf between machines, some of which support the "#!" notation and some of which don't. For example, we used to share a syslog.conf between FreeBSD and SunOS machines. > +# Commenting out program specifications will not work as expected. > +# For backwards compatibility with the previous syslog, lines > +# starting with '#!' have a purpose and are NOT commented out. > +# See 'program specification' in the syslog.conf(5) manpage. Something like this would be good... > ... or something less chatty. Is sending this to you sufficient, or > should I add it to the PR? Personally, I think snappier would be better I think - how about: # NB: To comment out lines starting with a "!" use "##" - see syslog.conf(5). > Now about the possible bug. Even if commenting out the !startslip > doesn't really comment it out, but instead triggers this legacy > support, why would all subsequent unrelated configuration lines get > ignored? From my testing, any lines added after the example '!' lines > are ignored entirely. Surely that's not part of the functionality? > Or am I missing something? Are you able to recreate the symptom that > I'm seeing, as described in the PR? The program specification (or a host specification) applies to all subsequent lines, until it is reset. To reset it, you need to have a line that says: !* or the equivelent "#!*". This is explained in the man page below in the paragraph after host specifications, but we've had several people confused about it, so I suspect the man page is not clear enough. If you have an idea bout how to make it clearer, let me know! David.
David Malone wrote, on 10/7/2008 12:42 AM: > Personally, I think snappier would be better I think - how about: > > # NB: To comment out lines starting with a "!" use "##" - see syslog.conf(5). Agreed - short, to the point. >> Now about the possible bug. Even if commenting out the !startslip >> doesn't really comment it out, but instead triggers this legacy >> support, why would all subsequent unrelated configuration lines get >> ignored? From my testing, any lines added after the example '!' lines >> are ignored entirely. Surely that's not part of the functionality? >> Or am I missing something? Are you able to recreate the symptom that >> I'm seeing, as described in the PR? > > The program specification (or a host specification) applies to all > subsequent lines, until it is reset. To reset it, you need to have > a line that says: > > !* > > or the equivelent "#!*". This is explained in the man page below > in the paragraph after host specifications, but we've had several > people confused about it, so I suspect the man page is not clear > enough. If you have an idea bout how to make it clearer, let me > know! Ah. That's what I get for only reading that paragraph! Since the existing stock syslog.conf doesn't have these resets, then as written, they're incomplete and should probably be fixed as follows: +++ syslog.conf.new 2008-10-07 11:03:08.000000000 -0800 @@ -26,7 +26,10 @@ # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice +# NB: To comment out lines starting with a "!" use "##" - see syslog.conf(5). !startslip *.* /var/log/slip.log +!* !ppp *.* /var/log/ppp.log +!* ... or something similar? In this way, POLA is restored -- unsuspecting users can add new lines without being caught in the same way that I was. Royce -- Royce D. Williams - http://royce.ws/ Progress is made by lazy men looking for easier ways to do things.~RAH
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>