Project

General

Profile

Actions
Copy link

Bug #74

closed
WM JI

The logging subsystem is not thread safe.

Bug #74: The logging subsystem is not thread safe.

Added by Will Metcalf over 16 years ago. Updated about 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
0.8.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Creating multiple output threads results in corrupted log files as it appears as if thread is creating it's own LogFileCtx instead of sharing one between threads. 

ThreadVars *tv_outputs1 = TmThreadCreatePacketHandler("Outputs",
        "alert-queue1", "simple", "packetpool", "packetpool", "varslot");
    SetupOutputs(tv_outputs1);
    TmThreadSetCPUAffinity(tv_outputs1, 0);
if (TmThreadSpawn(tv_outputs1) != TM_ECODE_OK) {
        printf("ERROR: TmThreadSpawn failed\n");
        exit(EXIT_FAILURE);
    }
    ........    
    ThreadVars *tv_outputs4 = TmThreadCreatePacketHandler("Outputs",
        "alert-queue4", "simple", "packetpool", "packetpool", "varslot");
    SetupOutputs(tv_outputs4);
    TmThreadSetCPUAffinity(tv_outputs4, 1);
if (TmThreadSpawn(tv_outputs4) != TM_ECODE_OK) {
        printf("ERROR: TmThreadSpawn failed\n");
        exit(EXIT_FAILURE);
    }

lsof +d /var/log/suricata/
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
bash 3125 root cwd DIR 253,0 32768 44564496 /var/log/suricata/
suricata 27006 root 3u REG 253,0 17167 44564481 /var/log/suricata/stats.log
suricata 27006 root 8w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 9w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 10w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 11w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 12w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 13w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 14w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 15w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 16w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 17w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 18w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 19w REG 253,0 806873 44564484 /var/log/suricata/http.log
lsof 27061 root cwd DIR 253,0 32768 44564496 /var/log/suricata/
lsof 27062 root cwd DIR 253,0 32768 44564496 /var/log/suricata/

barnyard226645: FATAL ERROR: Unknown record type read: 1697542248

01/27/10-16:15:01.654910 [**] [1:2008974:4] ET USER_AGENTS Suspicious User Agent (User-Agent: Mozilla/4.0 (compatible)) [**] [Classification: A Net01/27/10-16:15:01.646490 [**] [1:2008974:4] ET USER_AGENTS Suspicious User Agent (User-Agent: Mozilla/4.0 (compatible)) [**] [Classification: A Network Trojan was detected] [Priority: 3] {6} y.y.y.y:1243 -> y.y.y.y:80

Files

0001-Fix-issue-74.patch (5.28 KB) 0001-Fix-issue-74.patch Jason Ish, 01/31/2010 01:54 AM

WM Updated by Will Metcalf over 16 years ago Actions
Copy link
 #1

I guess I should say "output" instead of logging subsys. Don't want to pick on Anoop ;-).....

VJ Updated by Victor Julien about 16 years ago Actions
Copy link
 #2

  • Assignee changed from Pablo Rincon to Jason Ish

This issue may actually have been caused by Ish' latest output work... reassigning.

JI Updated by Jason Ish about 16 years ago Actions
Copy link
 #3

The attached patch should fix this issue.

VJ Updated by Victor Julien about 16 years ago Actions
Copy link
 #4

  • Status changed from Resolved to Closed

Applied, thanks Jason.

Actions
Copy link

Also available in: PDF Atom