Syslog_tag length compared to programname length

[Stef Roskam]

Hello,

I encountered an issue when using syslog_tag in combination with RSyslog.

My programnames are exeeding 10 chars, therefore my syslog_tag is longer than the char(10) in rules.h and I get a mismatch between my rule and the actual results.

Do I use the syslog_tag incorrect (I use %syslogtag% in my template in the rsyslog config)? Or is it an option to increase the length of syslog_tag in the code?

I already changed this in my local git repository when working on the final pieces to get flexbits working in combination with username scoping (still working on merging the latest changes).

I also noticed that tmpbuf in engine.c has a length of 128, so probably comparing programnames longer than 128 chars will fail to.

Best regards,

Stef

[Stef Roskam]

I've spent more time looking at the code and if my understanding of the code is correct the individual syslog_tag is limited to 50 chars with the current setting for MAX_SYSLOG_PROGRAM. At the same time the rule has a limit of 10 chars for the complete pipe separated string with tags.

tmpbuf at 128 is above the 50 limits for an individual tag, so I guess that would not be an issue.

I will try to log an error when loading the rulefile when the syslog_tag in a specific rule is above the limit, that will save others searching for the reason why rules are not working as expected.

Best regards,

Stef

Op woensdag 26 februari 2020 23:45:14 UTC+1 schreef Stef Roskam: