During boot syslog-ng writes binary zero characters to the logfile just after start : Mar 2 16:49:51 localhost syslog-ng[3321]: syslog-ng starting up; version='3.3.4' Mar 2 16:49:51 <nul> (multiple) kernel: Initializing cgroup subsys cpu This is with kernel 3.3.0-rc5 . Helmut. ---------------------- emerge --info app-admin/syslog-ng Portage 2.2.0_alpha89 (default/linux/amd64/10.0/desktop, gcc-4.6.2, glibc-2.14.1-r2, 3.3.0-rc5 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.3.0-rc5-x86_64-AMD_Phenom-tm-_II_X4_940_Processor-with-gentoo-2.1 Timestamp of tree: Fri, 02 Mar 2012 06:45:01 +0000 ccache version 3.1.7 [disabled] app-shells/bash: 4.2_p20 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2-r3, 3.2.2 dev-util/ccache: 3.1.7 dev-util/cmake: 2.8.7-r3 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.1 sys-apps/openrc: 0.9.9.2 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.3 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.3-r2, 4.6.2, 4.7.0_pre9999::local sys-devel/gcc-config: 1.5.1 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.2-r1 (virtual/os-headers) sys-libs/glibc: 2.14.1-r2 Repositories: gentoo sunrise local Installed sets: ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-mtune=native -O2 -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb /var/lib/neatx/home" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-mtune=native -O2 -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs buildpkg distlocks ebuild-locks fixlafiles news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo " LANG="en_US.iso88591" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en de" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.informatik.RWTH-Aachen.de/gentoo-portage" USE="3dnow 3dnowext 3dnowprefetch X a52 aac acl acpi alsa amd64 atm avahi berkdb branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode exif fam ffmpeg fftw firefox flac fortran fuse gdbm gdu gfortran gif gimp gnome gpm gtk gtk2 iconv ipv6 jpeg kde lapack lcms libnotify mad mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf png policykit ppds pppd qt qt3support qt4 readline sdl session smp spell sqlite sqlite3 sse sse2 sse3 sse4a ssl startup-notification svg sysfs tcl tcpd threads tiff tk truetype udev unicode usb vorbis x264 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev wacom" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="ati radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= app-admin/syslog-ng-3.3.4 was built with the following: USE="ipv6 (multilib) pcre ssl tcpd -caps -hardened -json -mongodb (-selinux) -spoof-source -sql -static"
I'm experiencing the same problem with syslog-ng. If I delete the /var/log/messages file subsequent log entries are fine. After a reboot /var/log/messages reports root@gentoo-gateway etc # file /var/log/messages /var/log/messages: data Grep returns root@gentoo-gateway etc # grep nfs /var/log/messages Binary file /var/log/messages matches Piping the output of cat to grep returns the same. To get any output I have to pipe grep from strings root@gentoo-gateway etc # strings /var/log/messages|grep nfs Mar 22 00:52:28 gentoo-gateway kernel: [28330.941129] nfsd: last server has exited, flushing export cache Mar 22 08:47:36 gentoo-gateway kernel: [ 0.845825] Installing knfsd (copyright (C) 1996 okir@monad.swb.de). Mar 22 08:47:48 gentoo-gateway rpc.statd[3713]: Running as root. chown /var/lib/nfs to choose different user Mar 22 08:47:49 gentoo-gateway kernel: [ 51.346711] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory I don't know when this behavior first occurred, but it is consistent with three gentoo installations here. ================================================================= Package Settings ================================================================= app-admin/syslog-ng-3.3.4 was built with the following: USE="ipv6 (multilib) pcre ssl tcpd -caps -hardened -json -mongodb (-selinux) -spoof-source -sql -static" ================================================================= System Settings ================================================================= Portage 2.2.0_alpha93 (default/linux/amd64/10.0/desktop, gcc-4.5.3, glibc-2.14.1-r2, 3.3.0-rc7 x86_64) ================================================================= System uname: Linux-3.3.0-rc7-x86_64-AMD_Phenom-tm-_9150e_Quad-Core_Processor-with-gentoo-2.1 Timestamp of tree: Thu, 22 Mar 2012 12:15:01 +0000 app-shells/bash: 4.2_p24 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2-r3, 3.2.2-r1 dev-util/cmake: 2.8.7-r5 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.1 sys-apps/openrc: 0.9.9.3 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.11.3 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.3-r2 sys-devel/gcc-config: 1.5.1-r1 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.2-r1 (virtual/os-headers) sys-libs/glibc: 2.14.1-r2 Repositories: gentoo mozilla x-portage Installed sets: ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -march=athlon64-sse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=athlon64-sse3 -pipe" DISTDIR="/home/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://mirror.datapipe.net/gentoo http://mirror.lug.udel.edu/pub/gentoo/ http://chi-10g-1-mirror.fastsoft.net/pub/linux/gentoo/gentoo-distfiles/ http://gentoo.mirrors.pair.com/ ftp://gentoo.mirrors.pair.com/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_US" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/mozilla /usr/local/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="X \ a52 aac acl acpi additions alsa amd64 apng auto-hinter automount bindist branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus dirac dri dts dvd dvdr emboss encode exif extras fam ffmpeg firefox flac fontconfig fortran gd gdbm gdu gif gnome gpm gtk gusb hddtemp iconv introspection iostats ipv6 java jpeg kdrive lcms ldap libnotify live lm_sensors lock lua lua-cairo lua-imlib lxde mad math mmx mng modules mp3 mp4 mpeg mudflap multilib ncurses network nls nptl nptlonly ogg opengl openmp orc pam pango pcre pdf png policykit ppds pppd pulseaudio python qt-bundled qt3support qt4 readline rss scanner sdl session sound sox spell sqlite sse sse2 ssl startup-notification static-libs svg sysfs tcpd threads tiff truetype udev unicode usb utp vorbis x264 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fglrx vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
I have the same trouble since weeks. The signs you call "binary zero characters" are not visible with every editor. Midnight Commander shows it as dots when viewing with function key F3, but shows it different when editing with F4. Then the sign looks like the debian sign (the curl), sorry I don't have it actually here on my character map. Today I found out that this fault must have to do something with your threading patch. If I use the old syslog-ng.conf file, from an older 3.2 version, without the threading command, the mystery sign doesn't come up. So less shows /var/log/messages fine cause file recognize it as ASCII instead of data, as it should be. So i use the old config without threading, and the case seems to be as solved for me although it's only a workaround or an alternative instead of downgrading syslog-ng.
Now, back on my console at home I could post the relevant signs I couldn't recognize as lots of @ at first, cause the used small font size. Forget to mention that these signs were logged only after booting the system in this way: (shortened the lines) Jul 17 16:45:19 big-server syslog-ng[2109]: syslog-ng starting up; version='3.3.5' Jul 17 16:45:19 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: [ 0.000000] Initializing cgroup subsys cpu Jul 17 16:45:19 big-server kernel: [ 0.000000] Linux version 3.4.4-gentoo (root@big-server) (gcc version 4.6.3 (Gentoo 4.6.3 p1.3, pie-0.5.1) ) #1 SMP PREEMPT Sun Jun 24 17:51:42 CEST 2012
Created attachment 318474 [details] /var/log/messages I cannot confirm the symbols... disi@disi-bigtop ~ % file messages messages: data some variables of my environment: LANG=en_GB.utf8 LOGNAME=disi PRELINK_PATH_MASK=/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so PWD=/home/disi GDK_USE_XFT=1 LESS=-R -M --shift 5 USERNAME=disi WINDOWPATH=7 LESSOPEN=|lesspipe %s GDM_LANG=en_GB.utf8 SHELL=/bin/zsh PAGER=/usr/bin/less TERM=xterm OLDPWD=/home/disi disi@disi-bigtop ~ % cat /etc/env.d/02locale # Configuration file for eselect # This file has been automatically generated. LANG="en_GB.utf8"
Actual, I have the same, they are just displayed with other characters... see my logfile. This should be confirmed and someone fix it?
Yep, I can confirm this happens for me as well.
Same behavior here, I don't think it is syslog-ng bug :] Jan 10 19:13:45 tigore syslog-ng[1790]: syslog-ng starting up; version='3.3.5' Jan 10 19:13:45 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: [ 0.000000] Initializing cgroup subsys cpuset Jan 10 19:13:45 tigore kernel: [ 0.000000] Initializing cgroup subsys cpu Jan 10 19:13:45 tigore kernel: [ 0.000000] Linux version 3.5.7-gentoo-Tigore-nvidia (root@tigore) (gcc version 4.6.3 (Gentoo 4.6.3 p1.8, pie-0.5.2) ) #19 SMP Wed Jan 9 22:55:20 CET 2013 Jan 10 19:13:45 tigore kernel: [ 0.000000] Command line: BOOT_IMAGE=/kernel-3.5.7-Tigore-nvidia root=/dev/md3 ro single Jan 10 19:13:45 tigore kernel: [ 0.000000] e820: BIOS-provided physical RAM map: Jan 10 19:13:45 tigore kernel: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable Jan 10 19:13:45 tigore kernel: [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved Jan 10 19:13:45 tigore kernel: [ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved Isn't it related to grub2 ?
Hello, I'm experiencing the same behavior with: app-admin/syslog-ng-3.3.5-r1 USE="ipv6 pcre ssl -caps -hardened -json -mongodb (-selinux) -spoof -source -sql -static -tcpd" 2,437 kB
try it with syslog-ng-3.4.1 please.
(In reply to comment #9) > try it with syslog-ng-3.4.1 please. Same with 3.4.1, but I didn't delete /var/log/messages file. So should I (remove old log) and try then?
I'm not sure how to advise you on this since I can't reproduce it at all. comment #7 suggests that it's grub2-related but I'd be surprised if everyone who sees the issue is using grub2 since I think that's still rare these days. Maybe I'm wrong though.
For all time long I had no problem, lately after some world update I notice this issue :(
after sometime (probably new entries in log) and few restarts I notice re-emerge newer version helped. app-admin/syslog-ng-3.4.1 Install date: Fri May 17 11:01:06 2013 USE="ipv6 ssl tcpd -caps -dbi -geoip -hardened -json -mongodb -+pcre -selinux -smtp -spoof-source" CFLAGS="-march=native -O2 -fomit-frame-pointer -pipe"
It happend me again. I can't grep/cat /var/log/messages.
(In reply to Michal Plichta from comment #14) > It happend me again. I can't grep/cat /var/log/messages. I got also again binary zero characters in /var/log/messages May 27 09:54:06 leopard syslog-ng[6001]: syslog-ng starting up; version='3.4.1' May 27 09:54:06 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: [ 0.000000] Initializing cgroup subsys cpuse t May 27 09:54:06 leopard kernel: [ 0.000000] Initializing cgroup subsys cpu
root@leopard:/usr/src/linux(24)# genlop -t syslog-ng | tail Fri May 17 04:27:17 2013 >>> app-admin/syslog-ng-3.4.1 merge time: 1 minute and 33 seconds. Mon Jun 3 13:37:44 2013 >>> app-admin/syslog-ng-3.4.1-r1 merge time: 59 seconds. Tue Jun 4 04:23:44 2013 >>> app-admin/syslog-ng-3.4.2 merge time: 51 seconds.
Have same issue on both - amd64 desktop and arm box with syslog-ng-3.4.2. syslog-ng-3.2.5 works fine.
Confirm this bug on amd64-host with syslog-ng-3.4.2 and on kvm-virtual-machines with syslog-ng-3.4.1.
- can confirm the issue on my hardened AMD64 System too - /var/log/kern.log contains the following which makes it a data file type: ... Aug 2 14:31:20 ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ kernel: Initializing cgroup subsys cpuset ... - if i disable the threading option (threaded(yes) => threaded(no)) in /etc/syslog-ng/syslog-ng.conf the issue is gone ... options { threaded(no); chain_hostnames(no); stats_freq(43200); }; ... - i'm using syslog-ng-3.4.2 box log # emerge -pav syslog-ng These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] app-admin/syslog-ng-3.4.2 USE="ipv6 pcre ssl tcpd -caps -dbi -geoip -json -mongodb -smtp -spoof-source" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB
Unfortunately I can confirm this behavior beginning with 3.4.2 going stable on grub 0.97 with x86 systems and grub2 on amd64. Same 60 bytes of \0 nulls on each. # zcat /var/log/messages-20130720.gz | hexdump | grep ' 0000' 00261a0 2039 0000 0000 0000 0000 0000 0000 0000 00261b0 0000 0000 0000 0000 0000 0000 0000 0000 0063a60 3030 353a 3a33 3333 0020 0000 0000 0000 0063a70 0000 0000 0000 0000 0000 0000 0000 0000 0063b60 0000 0000 0000 0000 6b20 7265 656e 3a6c 0106ba0 353a 2038 0000 0000 0000 0000 0000 0000 0106bb0 0000 0000 0000 0000 0000 0000 0000 0000 0106ca0 0000 2000 656b 6e72 6c65 203a 205b 2020 011f330 0000 0000 0000 0000 0000 0000 0000 0000 011f420 0000 0000 0000 0000 0000 0000 0000 2000 # zcat /var/log/messages-20130720.gz | hexdump -C | grep -C 6 '00 00 00 00' 00026140 4a 75 6c 20 20 38 20 32 30 3a 31 34 3a 33 39 20 |Jul 8 20:14:39 | 00026150 6c 6f 63 61 6c 68 6f 73 74 20 73 79 73 6c 6f 67 |localhost syslog| 00026160 2d 6e 67 5b 31 39 34 37 5d 3a 20 73 79 73 6c 6f |-ng[1947]: syslo| 00026170 67 2d 6e 67 20 73 74 61 72 74 69 6e 67 20 75 70 |g-ng starting up| 00026180 3b 20 76 65 72 73 69 6f 6e 3d 27 33 2e 34 2e 32 |; version='3.4.2| 00026190 27 0a 4a 75 6c 20 20 38 20 32 30 3a 31 34 3a 33 |'.Jul 8 20:14:3| 000261a0 39 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |9 ..............| 000261b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000262a0 00 20 6b 65 72 6e 65 6c 3a 20 5b 20 20 20 20 30 |. kernel: [ 0|
I stumbled across the same yesterday on Linux-3.8.13-gentoo-x86_64-Intel-R-_Core-TM-_i3_CPU_530_@_2.93GHz-with-gentoo-2.2 app-admin/syslog-ng-3.4.2 was built with the following: USE="ipv6 json pcre ssl tcpd -caps -dbi -geoip -mongodb -smtp -spoof-source" CFLAGS="-march=core2 -msse4 -mcx16 -msahf -O2 -pipe" CXXFLAGS="-march=core2 -msse4 -mcx16 -msahf -O2 -pipe"
Looks to me like ipv6 is the common theme here. Can someone who can reproduce the issue try syslog-ng with USE=-ipv6 and see if the issues persists?
I'm afraid I cannot confirm: With app-admin/syslog-ng-3.4.2 was built with the following: USE="json pcre ssl tcpd -caps -dbi -geoip -ipv6 -mongodb -smtp -spoof-source" and options { threaded(yes); chain_hostnames(no); I receive in /var/log/messages Aug 8 10:51:40 arthur syslog-ng[17584]: syslog-ng starting up; version='3.4.2' Aug 8 10:51:40 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 kernel: pci 0000:00:1c.5: bridge window [mem 0xfbd00000-0xfbdfffff 64bit pref] Aug 8 10:51:40 arthur kernel: pci 0000:00:1e.0: PCI bridge to [bus 03] Aug 8 10:51:40 arthur kernel: pci 0000:00:1e.0: bridge window [io 0xd000-0xdfff] Aug 8 10:51:40 arthur kernel: pci 0000:00:1e.0: bridge window [mem 0xfbe00000-0xfbe
-ipv6 set globally here. AMD64 build has only pcre, ssl and tcpd set.
same problem here. /var/log is a separate encryted filesystem here: grep var /etc/fstab UUID=xxxxxxxxc-xxxx-4acb-a136-7ac1b134fd97 /var/log ext3 noatime,user_xattr,rw 0 1 grep -i dvd /var/log/messages Binary file /var/log/messages matches xxd -l 512 /var/log/messages 0000000: 4175 6720 3138 2030 333a 3130 3a30 3120 Aug 18 03:10:01 0000010: 7369 6c65 6e74 6975 6d20 7379 736c 6f67 silentium syslog 0000020: 2d6e 675b 3433 3837 5d3a 2043 6f6e 6669 -ng[4387]: Confi 0000030: 6775 7261 7469 6f6e 2072 656c 6f61 6420 guration reload 0000040: 7265 7175 6573 7420 7265 6365 6976 6564 request received 0000050: 2c20 7265 6c6f 6164 696e 6720 636f 6e66 , reloading conf 0000060: 6967 7572 6174 696f 6e3b 0a41 7567 2031 iguration;.Aug 1 0000070: 3820 3033 3a31 303a 3031 2073 696c 656e 8 03:10:01 silen 0000080: 7469 756d 2072 756e 2d63 726f 6e73 5b31 tium run-crons[1 0000090: 3133 3136 5d3a 2028 726f 6f74 2920 434d 1316]: (root) CM 00000a0: 4420 282f 6574 632f 6372 6f6e 2e64 6169 D (/etc/cron.dai 00000b0: 6c79 2f6d 616b 6577 6861 7469 7329 0a41 ly/makewhatis).A 00000c0: 7567 2031 3820 3033 3a31 303a 3032 2073 ug 18 03:10:02 s 00000d0: 696c 656e 7469 756d 2072 756e 2d63 726f ilentium run-cro 00000e0: 6e73 5b31 3133 3933 5d3a 2028 726f 6f74 ns[11393]: (root 00000f0: 2920 434d 4420 282f 6574 632f 6372 6f6e ) CMD (/etc/cron 0000100: 2e64 6169 6c79 2f70 7265 6c69 6e6b 290a .daily/prelink). 0000110: 4175 6720 3138 2030 333a 3131 3a33 3920 Aug 18 03:11:39 0000120: 7369 6c65 6e74 6975 6d20 6b65 726e 656c silentium kernel 0000130: 3a20 5b36 3137 3634 2e31 3932 3531 385d : [61764.192518] 0000140: 2068 7562 2032 2d31 3a31 2e30 3a20 7374 hub 2-1:1.0: st 0000150: 6174 6520 3720 706f 7274 7320 3820 6368 ate 7 ports 8 ch 0000160: 6720 3030 3030 2065 7674 2030 3032 300a g 0000 evt 0020. 0000170: 4175 6720 3138 2030 333a 3131 3a33 3920 Aug 18 03:11:39 0000180: 7369 6c65 6e74 6975 6d20 6b65 726e 656c silentium kernel 0000190: 3a20 5b36 3137 3634 2e31 3932 3833 345d : [61764.192834] 00001a0: 2068 7562 2032 2d31 3a31 2e30 3a20 706f hub 2-1:1.0: po 00001b0: 7274 2035 2c20 7374 6174 7573 2030 3130 rt 5, status 010 00001c0: 302c 2063 6861 6e67 6520 3030 3031 2c20 0, change 0001, 00001d0: 3132 204d 622f 730a 4175 6720 3138 2030 12 Mb/s.Aug 18 0 00001e0: 333a 3131 3a33 3920 7369 6c65 6e74 6975 3:11:39 silentiu 00001f0: 6d20 6b65 726e 656c 3a20 5b36 3137 3634 m kernel: [61764 ls -d /var/db/pkg/app-admin/*log*/ /var/db/pkg/app-admin/logrotate-3.8.4/ /var/db/pkg/app-admin/syslog-ng-3.4.2/
(In reply to Mr. Bones. from comment #22) > Looks to me like ipv6 is the common theme here. Can someone who can > reproduce the issue try syslog-ng with USE=-ipv6 and see if the issues > persists? Confirmed: Tue Aug 20 11:49:02 2013 <<< app-admin/syslog-ng-3.2.4 Tue Aug 20 11:49:05 2013 >>> app-admin/syslog-ng-3.4.2 * app-admin/syslog-ng-3.4.2 Install date: Tue Aug 20 11:49:05 2013 USE="ssl tcpd -caps -dbi -geoip -ipv6 -json -mongodb -+pcre -smtp -spoof-source" CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer" If I turn on 'threaded' option in syslog-ng.conf then in some syslog messages hostname replaced with zeroed string, otherwise all is ok.
BTW, after first look I thought that issue in 'chain_hostnames(on)' option and turned it off, but issue persists. Only 'threaded(off)' helps.
still there with syslog-ng-3.4.7 and syslog-ng-3.5.3?
With syslog-ng version 3.4.7 the answer is still yes. Higher masked version not yet tested by me. Here some actual log snippets: syslog 0071b50: 2d6e 6720 7374 6172 7469 6e67 2075 703b -ng starting up; 0071b60: 2076 6572 7369 6f6e 3d27 332e 342e 3727 version='3.4.7' 0071b70: 0a4a 616e 2031 3920 3138 3a32 373a 3431 .Jan 19 18:27:41 0071b80: 2000 0000 0000 0000 0000 0000 0000 0000 ............... 0071b90: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071ba0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071bb0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071bc0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071bd0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071be0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071bf0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c00: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c10: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c20: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c30: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c40: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c50: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c60: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c70: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0071c80: 206b 6572 6e65 6c3a 205b 2020 2020 302e kernel: [ 0. Thx for your work, Andy.
This is still happening on 3.4.7. As Randy said, I also haven't tested higher masked versions.
It would help if those affected would paste syslog-ng.conf in full. Are those affected using system() as a source? If not, please try 3.5.6 in conjunction with system() [1]. I think that it may resolve the issue as a result of the following commit:- https://github.com/balabit/syslog-ng/commit/f4ae7681cdf39c2e663efdd547b8ade232033f84 [1] Specified as part of the default Gentoo config since bug 449260 was resolved.
(In reply to Kerin Millar from comment #31) > It would help if those affected would paste syslog-ng.conf in full. It's here: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo I'm pretty sure I've had this problem on all my recent installs in the last couple of years - the bug happens installing Gentoo "out of the box". The binary characters (re)appear upon rebooting. My current syslog.conf only differs from the Gentoo factory syslog.conf like so: $ wget -q http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo $ diff syslog-ng.conf.gentoo /etc/syslog-ng/syslog-ng.conf 10c10,11 < threaded(yes); --- > #threaded(yes); > threaded(no); # See Bug 406623 $ I added the "threaded(no)" to make the problem go away, as per comment #19.
> (In reply to Kerin Millar from comment #31) > > It would help if those affected would paste syslog-ng.conf in full. > > It's here: > http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/syslog-ng/ > files/3.4/syslog-ng.conf.gentoo Thanks, Joe. Per my previous comment, would you mind upgrading to syslog-ng-3.5.6 (keyword masked in portage) and testing it with threaded mode re-enabled? I have reason to believe that it will resolve this bug.
(In reply to Kerin Millar from comment #33) > would you mind upgrading to > syslog-ng-3.5.6 (keyword masked in portage) and testing it with threaded > mode re-enabled? Yes. Tentatively, that seems to have fixed it for me. I reenabled 'threaded(yes)', rebooted and syslog-ng-3.4.8 put the binary characters in /var/log/messages I edited those out and `file /var/log/messages` once again showed "ASCII text, with very long lines". I then emerged app-admin/syslog-ng-3.5.6 and rebooted, and it still shows ASCII. So the new version of syslog-ng seems no longer to be inserting the spurious binary chars. I can't say anything more authoritatively than that, because this bug has been open a long time and I don't recall much about it. HTH.
reopen if syslog-ng-3.6.1 is still a problem.
This isn't resolved unless commit f4ae768 is backported or >=3.5.6 is stabilised. Will either of these things occur in the near future, Mr. Bones?
Unless some bug shows up, syslog-ng-3.6.1 will go stable in ~30 days.
I switched already (I'm affected by that bug), but I'm wondering about these new messages : n22 ~ # /etc/init.d/syslog-ng restart * Stopping syslog-ng ... [ ok ] * Checking your configfile (/etc/syslog-ng/syslog-ng.conf) ... [2014-11-09T20:12:53.277916] system(): json-parser() is missing, skipping the automatic JSON parsing of messages submitted via syslog(3), Please install the json module; [ ok ] * Starting syslog-ng ... [2014-11-09T20:12:53.381249] system(): json-parser() is missing, skipping the automatic JSON parsing of messages submitted via syslog(3), Please install the json module; [ ok ]
(In reply to Mr. Bones. from comment #37) > Unless some bug shows up, syslog-ng-3.6.1 will go stable in ~30 days. After upgrading (with standard use flags) I get the same error (warning?) as in Comment 38. Re-emerging with json use flags cured this but then there is a different error (warning?) about parsing an empty string. BUT, worst, I doesn't log anything except Nov 13 21:44:31 localhost syslog-ng[412]: syslog-ng shutting down; version='3.6.1' Nov 14 15:45:34 localhost syslog-ng[1393]: syslog-ng starting up; version='3.6.1' Stepping back to version 3.5.6 (which isn't in the tree anymore) cured all problems, i.e. it's logging to /var/log/messages again. I haven't changed any config file! So, it would be a bad surprising to everybody else who encounters the same problems as me. Thanks for looking into it, Helmut
(In reply to Helmut Jarausch from comment #39) > (In reply to Mr. Bones. from comment #37) > > Unless some bug shows up, syslog-ng-3.6.1 will go stable in ~30 days. > > After upgrading (with standard use flags) I get the same error (warning?) as > in Comment 38. > > Re-emerging with json use flags cured this but then there is a different > error (warning?) about parsing an empty string. Bug 528882 has been filed for this. > > BUT, worst, I doesn't log anything except > Nov 13 21:44:31 localhost syslog-ng[412]: syslog-ng shutting down; > version='3.6.1' > Nov 14 15:45:34 localhost syslog-ng[1393]: syslog-ng starting up; > version='3.6.1' > > Stepping back to version 3.5.6 (which isn't in the tree anymore) cured all > problems, i.e. it's logging to /var/log/messages again. > > I haven't changed any config file! > > So, it would be a bad surprising to everybody else who encounters the same > problems as me. > If this is reproducible, please open a new bug with further information such as `emerge --info syslog-ng` output and the content of your syslog-ng config files. Note that you can use /bin/logger for testing purposes.
@Helmut, I just looked at your log excerpts again ... Nov 13 21:44:31 localhost syslog-ng[412]: syslog-ng shutting down; version='3.6.1' Nov 14 15:45:34 localhost syslog-ng[1393]: syslog-ng starting up; version='3.6.1' These messages suggest that syslog-ng was not running at all between the two times mentioned. If so, one cannot expect any messages to be logged during this period. Anyway, if you are absolutely certain that there is a problem, file a new bug.