syslog-ng.conf regular expression jit compile fail

Gentoo

Nem tudom hova rakjam, mert nem Gentoo specifikus.

Újabb syslog-ng verzióhoz próbálom használni a régről hozott konfig fájlt.

A problémás rész:

filter f_avc { message(".*avc: .*"); };
filter f_audit { message("^(\\[.*\..*\] |)audit.*") and not message(".*avc: .*"); };
filter f_pax { message("^(\\[.*\..*\] |)PAX:.*"); };
filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); };

Ezeket a hibaüzeneteket adja:

[2023-10-13T06:34:26.430728] multi-line-pattern: Error while JIT compiling regular expression; regexp='(?:Exception|Error|Throwable|V8 errors stack trace)[:\r\n]', error='bad JIT option'
[2023-10-13T06:34:26.430760] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*nested exception is:[\t ]*', error='bad JIT option'
[2023-10-13T06:34:26.430771] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\r\n]*$', error='bad JIT option'
[2023-10-13T06:34:26.430784] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+(?:eval )?at ', error='bad JIT option'
[2023-10-13T06:34:26.430797] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+--- End of inner exception stack trace ---$', error='bad JIT option'
[2023-10-13T06:34:26.430812] multi-line-pattern: Error while JIT compiling regular expression; regexp='^--- End of stack trace from previous location where exception was thrown ---$', error='bad JIT option'
[2023-10-13T06:34:26.430825] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*(?:Caused by|Suppressed):', error='bad JIT option'
[2023-10-13T06:34:26.430839] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*... \d+ (?:more|common frames omitted)', error='bad JIT option'
[2023-10-13T06:34:26.430868] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Traceback \(most recent call last\):$', error='bad JIT option'
[2023-10-13T06:34:26.430878] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*File ', error='bad JIT option'
[2023-10-13T06:34:26.430888] multi-line-pattern: Error while JIT compiling regular expression; regexp='[^\t ]', error='bad JIT option'
[2023-10-13T06:34:26.430900] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(?:[^\s.():]+\.)*[^\s.():]+:', error='bad JIT option'
[2023-10-13T06:34:26.430918] multi-line-pattern: Error while JIT compiling regular expression; regexp='(?:PHP\ (?:Notice|Parse\ error|Fatal\ error|Warning):)|(?:exception\ \'[^\']+\'\ with\ message\ \')', error='bad JIT option'
[2023-10-13T06:34:26.430929] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Stack trace:', error='bad JIT option'
[2023-10-13T06:34:26.430938] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d', error='bad JIT option'
[2023-10-13T06:34:26.430949] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\s+thrown in ', error='bad JIT option'
[2023-10-13T06:34:26.430959] multi-line-pattern: Error while JIT compiling regular expression; regexp='\bpanic: ', error='bad JIT option'
[2023-10-13T06:34:26.430969] multi-line-pattern: Error while JIT compiling regular expression; regexp='http: panic serving', error='bad JIT option'
[2023-10-13T06:34:26.430978] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.430988] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\[signal ', error='bad JIT option'
[2023-10-13T06:34:26.430999] multi-line-pattern: Error while JIT compiling regular expression; regexp='^goroutine \d+ \[[^\]]+\]:$', error='bad JIT option'
[2023-10-13T06:34:26.431012] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(?:[^\s.:]+\.)*[^\s.():]+\(|^created by ', error='bad JIT option'
[2023-10-13T06:34:26.431021] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\s', error='bad JIT option'
[2023-10-13T06:34:26.431032] multi-line-pattern: Error while JIT compiling regular expression; regexp='Error \(.*\):$', error='bad JIT option'
[2023-10-13T06:34:26.431041] multi-line-pattern: Error while JIT compiling regular expression; regexp='^  $', error='bad JIT option'
[2023-10-13T06:34:26.431052] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+.*?\.rb:\d+:in `', error='bad JIT option'
[2023-10-13T06:34:26.431062] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+.*?\.rb:\d+:in `', error='bad JIT option'
[2023-10-13T06:34:26.431073] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Unhandled exception:$', error='bad JIT option'
[2023-10-13T06:34:26.431114] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(Instance of)|(Exception)|(Bad state)|(IntegerDivisionByZeroException)|(Invalid argument)|(RangeError)|(Assertion failed)|(Cannot instantiate)|(Reading static variable)|(UnimplementedError)|(Unsupported operation)|(Concurrent modification)|(Out of Memory)|(Stack Overflow)', error='bad JIT option'
[2023-10-13T06:34:26.431132] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\'.+?\':.+?$', error='bad JIT option'
[2023-10-13T06:34:26.431143] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.431153] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.+?$', error='bad JIT option'
[2023-10-13T06:34:26.431163] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.*?\^.*?$', error='bad JIT option'
[2023-10-13T06:34:26.431172] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.431181] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.431191] multi-line-pattern: Error while JIT compiling regular expression; regexp='^FormatException', error='bad JIT option'
[2023-10-13T06:34:26.431202] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.431211] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.', error='bad JIT option'
[2023-10-13T06:34:26.431220] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.*?\^', error='bad JIT option'
[2023-10-13T06:34:26.431229] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.431239] multi-line-pattern: Error while JIT compiling regular expression; regexp='^NoSuchMethodError:', error='bad JIT option'
[2023-10-13T06:34:26.431252] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Receiver:', error='bad JIT option'
[2023-10-13T06:34:26.431262] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Tried calling:', error='bad JIT option'
[2023-10-13T06:34:26.431272] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Found:', error='bad JIT option'
[2023-10-13T06:34:26.431281] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.431303] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.431313] multi-line-pattern: Error while JIT compiling regular expression; regexp='^<asynchronous suspension>$', error='bad JIT option'
[2023-10-13T06:34:26.776199] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='.*avc: .*', error='bad JIT option'
[2023-10-13T06:34:26.776242] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)audit.*', error='bad JIT option'
[2023-10-13T06:34:26.776258] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='.*avc: .*', error='bad JIT option'
[2023-10-13T06:34:26.776285] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)PAX:.*', error='bad JIT option'
[2023-10-13T06:34:26.776332] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)grsec:.*', error='bad JIT option'
 [ ok ]
 * Starting syslog-ng ...
[2023-10-13T06:34:26.807157] multi-line-pattern: Error while JIT compiling regular expression; regexp='(?:Exception|Error|Throwable|V8 errors stack trace)[:\r\n]', error='bad JIT option'
[2023-10-13T06:34:26.807203] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*nested exception is:[\t ]*', error='bad JIT option'
[2023-10-13T06:34:26.807223] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\r\n]*$', error='bad JIT option'
[2023-10-13T06:34:26.807242] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+(?:eval )?at ', error='bad JIT option'
[2023-10-13T06:34:26.807264] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+--- End of inner exception stack trace ---$', error='bad JIT option'
[2023-10-13T06:34:26.807310] multi-line-pattern: Error while JIT compiling regular expression; regexp='^--- End of stack trace from previous location where exception was thrown ---$', error='bad JIT option'
[2023-10-13T06:34:26.807330] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*(?:Caused by|Suppressed):', error='bad JIT option'
[2023-10-13T06:34:26.807352] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*... \d+ (?:more|common frames omitted)', error='bad JIT option'
[2023-10-13T06:34:26.807371] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Traceback \(most recent call last\):$', error='bad JIT option'
[2023-10-13T06:34:26.807387] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]*File ', error='bad JIT option'
[2023-10-13T06:34:26.807404] multi-line-pattern: Error while JIT compiling regular expression; regexp='[^\t ]', error='bad JIT option'
[2023-10-13T06:34:26.807424] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(?:[^\s.():]+\.)*[^\s.():]+:', error='bad JIT option'
[2023-10-13T06:34:26.807452] multi-line-pattern: Error while JIT compiling regular expression; regexp='(?:PHP\ (?:Notice|Parse\ error|Fatal\ error|Warning):)|(?:exception\ \'[^\']+\'\ with\ message\ \')', error='bad JIT option'
[2023-10-13T06:34:26.807473] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Stack trace:', error='bad JIT option'
[2023-10-13T06:34:26.807488] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d', error='bad JIT option'
[2023-10-13T06:34:26.807504] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\s+thrown in ', error='bad JIT option'
[2023-10-13T06:34:26.807520] multi-line-pattern: Error while JIT compiling regular expression; regexp='\bpanic: ', error='bad JIT option'
[2023-10-13T06:34:26.807535] multi-line-pattern: Error while JIT compiling regular expression; regexp='http: panic serving', error='bad JIT option'
[2023-10-13T06:34:26.807549] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.807565] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\[signal ', error='bad JIT option'
[2023-10-13T06:34:26.807582] multi-line-pattern: Error while JIT compiling regular expression; regexp='^goroutine \d+ \[[^\]]+\]:$', error='bad JIT option'
[2023-10-13T06:34:26.807601] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(?:[^\s.:]+\.)*[^\s.():]+\(|^created by ', error='bad JIT option'
[2023-10-13T06:34:26.807616] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\s', error='bad JIT option'
[2023-10-13T06:34:26.807631] multi-line-pattern: Error while JIT compiling regular expression; regexp='Error \(.*\):$', error='bad JIT option'
[2023-10-13T06:34:26.807645] multi-line-pattern: Error while JIT compiling regular expression; regexp='^  $', error='bad JIT option'
[2023-10-13T06:34:26.807679] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+.*?\.rb:\d+:in `', error='bad JIT option'
[2023-10-13T06:34:26.807715] multi-line-pattern: Error while JIT compiling regular expression; regexp='^[\t ]+.*?\.rb:\d+:in `', error='bad JIT option'
[2023-10-13T06:34:26.807731] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Unhandled exception:$', error='bad JIT option'
[2023-10-13T06:34:26.807776] multi-line-pattern: Error while JIT compiling regular expression; regexp='^(Instance of)|(Exception)|(Bad state)|(IntegerDivisionByZeroException)|(Invalid argument)|(RangeError)|(Assertion failed)|(Cannot instantiate)|(Reading static variable)|(UnimplementedError)|(Unsupported operation)|(Concurrent modification)|(Out of Memory)|(Stack Overflow)', error='bad JIT option'
[2023-10-13T06:34:26.807801] multi-line-pattern: Error while JIT compiling regular expression; regexp='^\'.+?\':.+?$', error='bad JIT option'
[2023-10-13T06:34:26.807817] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.807832] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.+?$', error='bad JIT option'
[2023-10-13T06:34:26.807847] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.*?\^.*?$', error='bad JIT option'
[2023-10-13T06:34:26.807861] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.807874] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.807889] multi-line-pattern: Error while JIT compiling regular expression; regexp='^FormatException', error='bad JIT option'
[2023-10-13T06:34:26.807909] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.807924] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.', error='bad JIT option'
[2023-10-13T06:34:26.807938] multi-line-pattern: Error while JIT compiling regular expression; regexp='^.*?\^', error='bad JIT option'
[2023-10-13T06:34:26.807952] multi-line-pattern: Error while JIT compiling regular expression; regexp='^$', error='bad JIT option'
[2023-10-13T06:34:26.807967] multi-line-pattern: Error while JIT compiling regular expression; regexp='^NoSuchMethodError:', error='bad JIT option'
[2023-10-13T06:34:26.807981] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Receiver:', error='bad JIT option'
[2023-10-13T06:34:26.807996] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Tried calling:', error='bad JIT option'
[2023-10-13T06:34:26.808011] multi-line-pattern: Error while JIT compiling regular expression; regexp='^Found:', error='bad JIT option'
[2023-10-13T06:34:26.808026] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.808042] multi-line-pattern: Error while JIT compiling regular expression; regexp='^#\d+\s+.+?\(.+?\)$', error='bad JIT option'
[2023-10-13T06:34:26.808058] multi-line-pattern: Error while JIT compiling regular expression; regexp='^<asynchronous suspension>$', error='bad JIT option'
[2023-10-13T06:34:26.995814] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='.*avc: .*', error='bad JIT option'
[2023-10-13T06:34:26.995856] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)audit.*', error='bad JIT option'
[2023-10-13T06:34:26.995871] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='.*avc: .*', error='bad JIT option'
[2023-10-13T06:34:26.995898] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)PAX:.*', error='bad JIT option'
[2023-10-13T06:34:26.995923] Failed to JIT compile regular expression, you might want to use flags(disable-jit); regexp='^(\[.*..*] |)grsec:.*', error='bad JIT option'

A syslog-ng admin dokumentáció írja, hogy a jit-et ki lehet kapcsolni disable-jit flag-gel:

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source…

Van valakinek működő példája az alkalmazásra?

Thx: Dw.

  • 607 megtekintés

( uid_17626 | 2023. 10. 13., p – 08:08 )

Mintha nem kezelné le a regex-t. Tippre hiányzik pár csomag. 

( NevemTeve | 2023. 10. 13., p – 08:22 )

Szerkesztve: 2023. 10. 13., p – 08:25

Fejlesztettek a tudósemberek? Bináris kereséssel(*) kellene megtalálni, hogy pontosan melyik verzióban rontották el (persze segítő szándékkal).

(*) Vagyis ha a verziók közül az 1.8.7 már rossz, és az 1.4.2 még jó, akkor az 1.6.5-öt kipróbálni, és az eredménytől függően szűkíteni az intervallumot.

Ez viszonylag friss:

https://github.com/syslog-ng/syslog-ng/commit/cb6de08dc9078644d48ca536b…

csomagban gyanús, hogy dependencia változással (kellett volna) járjon

Illetve nyilván az is lehet, hogy a lenti kommentem ennek fényében csak indulásnak jó, mert még az átállás előtti verzió.

( kroozo v | 2023. 10. 13., p – 08:34 )

Szerkesztve: 2023. 10. 13., p – 08:38

Odáig letrackeltem a kódban, hogy ezt a pcre2 csomag csinálja: https://github.com/PCRE2Project/pcre2/blob/1e146e7343ed5bd893a1617d2b8c…

In particular, PCRE2_ERROR_JIT_BADOPTION is returned if JIT is not supported or
if an unknown bit is set in \fIoptions\fP.

Illetve: https://pcre2project.github.io/pcre2/doc/html/pcre2jit.html

A syslog jó falggel hívja (pl itt: https://github.com/syslog-ng/syslog-ng/blob/93ad085d4f77ed36e27f527e0fa…, még egy helyen van, ugyanígy), a JIT support hiányzik, ami opcionális, szóval tippre valami nem kerek a pcre2 csomagod körül. Én elsőre megpróbálnám ezt megjavítani, mielőtt kikapcsolom, a regex drága, lehet szopás penalty hit.

A flaget a doksi alapján a regex kifejezésbe kell írni, pl:

filter { match("(?<DN>foo)|(?<DN>bar)" value(MSG) flags(store-matches, dupnames, disable-jit)); };

(fingom sincs működik-e, bocsánat, shamelessly kopipasztáltam a doksiból, és beleírtam)

Hát igen, a pcre csomagomban ki van kapcsolva a jit, mert gondokat szokott okozni a jit pax/grsecurity alatt.

Asszem nem úszom meg a házifeladatot, hogy rendesen átírjam a régi syntax-ot regex-re és akkor a flag-gel ki tudom kapcsolni a jit-et...

"Jegyezze fel a vádhoz - utasította Metcalf őrnagy a tizedest, aki tudott gyorsírni. - Tiszteletlenül beszélt a feljebbvalójával, amikor nem pofázott közbe."

Oh, hacsak úgy nem.

Nem teljesen vágom melyik syntaxot akarod átírni, ha a message(..) -et, akkor nekem gyanús, hogy az is eszik flags()-et (leginkább azért, mert a filterek doksijánál felette a match()-nál sincs egy szó róla, ellenben ugye azzal példálózik, ahol linkelted.  Illetve nekem nem tiszta, hogy ezek a rossz sorok, mert más regexekre van sírás benne.

Illetve a kód alapján ez graceful, simán csak nem a jites, csak a sima compiled pattern megy tovább, szóval leszámítva a logsorokat startupkor, működnie kéne.

( Dwokfur v | 2023. 10. 14., szo – 11:13 )

Szerkesztve: 2023. 10. 14., szo – 11:14

A leírást szerint hozzá adtam a flags(disable-jit)-et, de le se defekálja.

Úgyhogy belenyúltam a forráskódba és most kiválóan békén hagyja a jit-et. De jobb szeretném, ha működne a leírás szerint...

"Jegyezze fel a vádhoz - utasította Metcalf őrnagy a tizedest, aki tudott gyorsírni. - Tiszteletlenül beszélt a feljebbvalójával, amikor nem pofázott közbe."