Bug #74: The logging subsystem is not thread safe. - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #74

closed

The logging subsystem is not thread safe.

Added by Will Metcalf almost 15 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

0.8.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Creating multiple output threads results in corrupted log files as it appears as if thread is creating it's own LogFileCtx instead of sharing one between threads.

ThreadVars *tv_outputs1 = TmThreadCreatePacketHandler("Outputs",
        "alert-queue1", "simple", "packetpool", "packetpool", "varslot");
    SetupOutputs(tv_outputs1);
    TmThreadSetCPUAffinity(tv_outputs1, 0);

if (TmThreadSpawn(tv_outputs1) != TM_ECODE_OK) {
        printf("ERROR: TmThreadSpawn failed\n");
        exit(EXIT_FAILURE);
    }
    ........    
    ThreadVars *tv_outputs4 = TmThreadCreatePacketHandler("Outputs",
        "alert-queue4", "simple", "packetpool", "packetpool", "varslot");
    SetupOutputs(tv_outputs4);
    TmThreadSetCPUAffinity(tv_outputs4, 1);

if (TmThreadSpawn(tv_outputs4) != TM_ECODE_OK) {
        printf("ERROR: TmThreadSpawn failed\n");
        exit(EXIT_FAILURE);
    }

lsof +d /var/log/suricata/
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
bash 3125 root cwd DIR 253,0 32768 44564496 /var/log/suricata/
suricata 27006 root 3u REG 253,0 17167 44564481 /var/log/suricata/stats.log
suricata 27006 root 8w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 9w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 10w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 11w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 12w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 13w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 14w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 15w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 16w REG 253,0 806873 44564484 /var/log/suricata/http.log
suricata 27006 root 17w REG 253,0 433146 44564482 /var/log/suricata/fast.log
suricata 27006 root 18w REG 253,0 631211 44564485 /var/log/suricata/unified2.alert.1264608900
suricata 27006 root 19w REG 253,0 806873 44564484 /var/log/suricata/http.log
lsof 27061 root cwd DIR 253,0 32768 44564496 /var/log/suricata/
lsof 27062 root cwd DIR 253,0 32768 44564496 /var/log/suricata/

barnyard2²⁶⁶⁴⁵: FATAL ERROR: Unknown record type read: 1697542248

01/27/10-16:15:01.654910 [**] [1:2008974:4] ET USER_AGENTS Suspicious User Agent (User-Agent: Mozilla/4.0 (compatible)) [**] [Classification: A Net01/27/10-16:15:01.646490 [**] [1:2008974:4] ET USER_AGENTS Suspicious User Agent (User-Agent: Mozilla/4.0 (compatible)) [**] [Classification: A Network Trojan was detected] [Priority: 3] {6} y.y.y.y:1243 -> y.y.y.y:80

Files

0001-Fix-issue-74.patch (5.28 KB) 0001-Fix-issue-74.patch

Jason Ish, 01/31/2010 01:54 AM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #74

The logging subsystem is not thread safe.

Updated by Will Metcalf almost 15 years ago

Updated by Victor Julien almost 15 years ago

Updated by Jason Ish almost 15 years ago

Updated by Victor Julien over 14 years ago