Bug 11574

Summary: saving remote syslog settings in WebUI causes crash
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Major Usability    
Priority: Will affect almost no one CC: utica.college
Version: 2   
Hardware: x86_64   
OS: Linux   
Bug Depends on:    
Bug Blocks: 11540    
Attachments: syslog.conf on the machines upgraded from Core Update 116

Description Peter Müller 2018-01-09 17:50:06 UTC 
Saving the settings results in a segfault caused by the C program:

Jan  7 14:00:01 firewall kernel: syslogdctrl[32260]: segfault at 0 ip 00006d5bca1970f2 sp 000079c0d1549018 error 6 in libc-2.25.so[6d5bca0f1000+1ba000]
Jan  7 14:00:01 firewall kernel: grsec: Segmentation fault occurred at            (nil) in /usr/local/bin/syslogdctrl[syslogdctrl:32260] uid/euid:0/0 gid/egid:0/0, parent /srv/web/ipfire/cgi-bin/logs.cgi/config.dat[config.dat:32167] uid/euid:99/99 gid/egid:99/99

This happens for both UDP and TCP and can be easily reproduced by trying to configure a remote syslog server in the WebUI.

It is related to https://bugzilla.ipfire.org/show_bug.cgi?id=11540 .
Comment 1 Michael Tremer 2018-01-10 17:35:11 UTC 
I cannot reproduce this with the final release of C117. What is your configuration?
Comment 2 Peter Müller 2018-01-10 20:41:14 UTC 
My configuration is:
- remote syslog enabled
- IP: 10.XXX.XXX.XXX
- protocol: TCP (also crashes with UDP)

The relevant files have these SHA256 checksums:
63958e3bcc2502aef821ab5011e6616787d3b3f5833c394b460fe293c1e04195  /usr/local/bin/syslogdctrl
dfe90b1791d584c8db9b0ae9326b80ce9b2952ae069b4aa659af3c4cc6078ccd  /srv/web/ipfire/cgi-bin/logs.cgi/config.dat

I am running on Core 117 (upgraded from 116) at x86_64.

The WebUI displays: "Das Hilfsprogramm hat einen Fehlercode gemeldet 0.04296875",
the /var/log/messages file:

Jan 10 20:40:24 firewall kernel: syslogdctrl[21677]: segfault at 0 ip 00007c02792860f2 sp 00007ea3804df648 error 6 in libc-2.25.so[7c02791e0000+1ba000]
Jan 10 20:40:24 firewall kernel: grsec: Segmentation fault occurred at            (nil) in /usr/local/bin/syslogdctrl[syslogdctrl:21677] uid/euid:0/0 gid/egid:0/0, parent /srv/web/ipfire/cgi-bin/logs.cgi/config.dat[config.dat:21675] uid/euid:99/99 gid/egid:99/99

Strange. :-| If you need further information, please contact me.
Comment 3 Peter Müller 2018-01-16 15:59:12 UTC 
Tested on a second machine upgraded from Core Update 116: Same behaviour, same error code.
Comment 4 Michael Tremer 2018-01-16 22:44:55 UTC 
Could you send the configuration file that the binary is reading?
Comment 5 Peter Müller 2018-01-17 16:56:57 UTC 
Created attachment 553 [details]
syslog.conf on the machines upgraded from Core Update 116
Comment 6 Michael Tremer 2018-01-19 01:06:01 UTC 
/var/ipfire/logging/settings, please :)
Comment 7 utica.college 2018-01-21 20:09:40 UTC 
I'm getting same error after upgraded from 116. I even wiped my machine and installed core update 117 from scratch and I still have same issue and I'm not getting any logs sent out to the syslog server.

Here's my /var/ipfire/logging/settings

ENABLE_REMOTELOG=on
LOGWATCH_LEVEL=High
LOGWATCH_KEEP=56
LOGVIEW_VIEWSIZE=150
REMOTELOG_PROTOCOL=udp
REMOTELOG_ADDR=192.168.2.2
LOGVIEW_REVERSE=off
Comment 8 Michael Tremer 2018-01-22 14:22:43 UTC 
https://cgit.ipfire.org/ipfire-2.x.git/commit/?h=next&id=1e7b718cd47379089adba9b9f5c9c4a7630235a4

Could anyone confirm that this patch solves the problem?

https://nightly.ipfire.org/next/
Comment 9 Peter Müller 2018-02-06 19:23:51 UTC 
(In reply to Michael Tremer from comment #8)
> https://cgit.ipfire.org/ipfire-2.x.git/commit/
> ?h=next&id=1e7b718cd47379089adba9b9f5c9c4a7630235a4
> 
> Could anyone confirm that this patch solves the problem?
> 
> https://nightly.ipfire.org/next/
Sorry for the delay.

Yes, it solves the problem initially. However, since sysklogd is unable to do remote logging via anything else than UDP, we need to switch to another software first. I think Erik is currently testing rsyslog.

In my opinion, this can be closed. If it can't, please reopen.