LogAnalysis
[logs] logsurfer: test config file: ´.*´ - - - 0 exec "/bin/echo $0" Oct 29 2009 01:25PM
J4 (junk4 klunky co uk)
Dear all log analysers,

I compiled & installed logsurfer1.5b from Source Forge.

The logsurfer man page states that when I use a configuration file
containing this line then all std in ought to be sent to std out.
´.*´ - - - 0 exec "/bin/echo $0"

Just to check that echo is there,
# which echo
/bin/echo

However, this does not happen in my case:

# logsurfer -c testfile
warning: logsurfer started as root
de
^Cexiting program - please wait...
dumping state to /dev/null
sending timeout to contexts...
cleaning up memory...

Is there something that I have missed?

Here follows the trace, in case someone really wants to read it. I
think that you can ignore the access("/etc/ld.so.preload", because I
think its an environmental check for Debian world and this is an
openSUSE 11.0 (X86-64) system.

# strace logsurfer -c testfile
execve("/usr/local/bin/logsurfer", ["logsurfer", "-c", "testfile"], [/*
59 vars */]) = 0
brk(0) = 0x611000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fd03e32b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fd03e32a000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=72946, ...}) = 0
mmap(NULL, 72946, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd03e318000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\345\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1495120, ...}) = 0
mmap(NULL, 3506872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fd03ddb6000
fadvise64(3, 0, 3506872, POSIX_FADV_WILLNEED) = 0
mprotect(0x7fd03df05000, 2097152, PROT_NONE) = 0
mmap(0x7fd03e105000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14f000) = 0x7fd03e105000
mmap(0x7fd03e10a000, 17080, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd03e10a000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fd03e317000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fd03e316000
arch_prctl(ARCH_SET_FS, 0x7fd03e3166f0) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\313\323Mb(\232\216\r", 8) = 8
close(3) = 0
mprotect(0x7fd03e105000, 16384, PROT_READ) = 0
mprotect(0x60e000, 4096, PROT_READ) = 0
mprotect(0x7fd03e32c000, 4096, PROT_READ) = 0
munmap(0x7fd03e318000, 72946) = 0
getuid() = 0
write(2, "warning: logsurfer started as ro"..., 35warning: logsurfer
started as root
) = 35
brk(0) = 0x611000
brk(0x632000) = 0x632000
open("testfile", O_RDONLY) = 3
read(3, "\302\264.*\302\264 - - - 0 exec \"/bin/echo $"..., 1023) = 35
read(3, "", 1023) = 0
close(3) = 0
rt_sigaction(SIGUSR1, {0x402c25, [], SA_RESTORER|SA_RESTART,
0x7fd03dde8660}, NULL, 8) = 0
rt_sigaction(SIGHUP, {0x402e02, [], SA_RESTORER|SA_RESTART,
0x7fd03dde8660}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x402c53, [], SA_RESTORER|SA_RESTART,
0x7fd03dde8660}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x402c53, [], SA_RESTORER|SA_RESTART,
0x7fd03dde8660}, NULL, 8) = 0
read(0, de
"de\n", 4095) = 3
wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes)
read(0, ^C <unfinished ...>
exiting program - please wait...
dumping state to /dev/null
sending timeout to contexts...
cleaning up memory...

Best regards, S.
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus