Hello,
Julian Mehnle wrote:
There is a line in Sys::Syslog that adds a newline to the message
before
sending it to the syslog socket, but it hasn't changed in Perl 5.8.8
Oh, it _has_ changed! See the attached diff of the Sys::Syslog
changes in
perl 5.8.8-3 vs. perl 5.8.8-2. Apparently the Sys::Syslog in perl
5.8.8-3
does no longer append a newline (\n) to syslog messages. Since RFC
3164[1], "The BSD syslog Protocol", does not require a newline
terminator in syslog messages, I think this change is valid and
appropriate.
However it seems syslog-ng does not add its own newline when writing
the
received messages to the log file, so it relies on the generator of the
message to add the newline. This is a bug in syslog-ng, so I'll
reassign
the bug there.
There's probably another, similar issue with regard to adding NULL byte
(\0) terminators to log messages. RFC 3164 does not require such \0
terminators either, and the changed Sys::Syslog in perl 5.8.8-3, which
also
stops appending \0 bytes to syslog messages, seems not to cause
problems
with sysklogd.
Just for the records, and as I see you still referring to RFC3164, I'll
restate here what I privately wrote to Brendan O'Dea:
I discussed this issue with an experienced Unix sysadmin. We found
the following facts:
1. As I said in a previous mail, RFC3164 was written in august 2001,
while syslog daemons have been here since probably 20 years or so.
Hence my question, how valid can this RFC be, which leads to the
second point.
2. The RFC 3164 is in the category "informational", which indicates
that it does not defines a standard, but provides informational,
non-normative documentation.
3. The title of the RFC 3164 is "The BSD syslog Protocol". Not "The
unix syslog Protocol" or "The syslog Protocol".
We therefore reached the conclusion that this RFC was written by
someone at Cisco for documenting the way the syslog daemon present in
BSD systems works and expects data, but is in no way a normative
reference.
Hence, in the strict literal meaning of the terms, no software can
claim RFC compliance as there is no normative RFC that officially
defines the syslog protocol. The conclusion is that I feel now
allowed to blame syslog-ng for not accepting Sys::Syslog messages. I
can probably even remark that syslog-ng being most probably younger
than the version of Sys::Syslog with UDP support by a few years, it
should be compatible with Sys::Syslog and not the other way around >> :-)
Although there seems to have been some reluctance by the Perl folks to
omit
the \0 terminators due to potential problems with UNIX domain
sockets[2], I
don't see why such terminators would be required with UNIX domain
sockets
but not with UDP sockets. I am not a sockets expert, though.
If \0 terminators are indeed required with UNIX domain sockets (which I
don't believe to be true), then their omittance in the Sys::Syslog in
perl
5.8.8-3 is inappropriate and should be reverted. Otherwise, this is
another bug in syslog-ng.
This NULL byte was most probably added to be compatible with some given
commercial Unix syslog daemon (I think there are people here who can
speak about broken implementations ;-). Even if we could test a version
Sys::Syslog without that NULL byte on all current Unix systems and
check that it works as expected, this won't help for already installed
systems, the kind of "works, won't touch, won't upgrade!"
Best Regards,
Sébastien Aperghis-Tramoni
-- - --- -- - -- - --- -- - --- -- - --[ http://maddingue.org ]
Close the world, txEn eht nepO
