Question
I've recently been writing a netflow receiver in C that listens for netflow via UDP. Once it processes the flow datagram, it writes it to syslog. My problem is that once I receive a datagram packet with the standard recvfrom function, my messages no longer make it to syslog. I am receiving and processing the data just fine, but the syslog writing isn't working. The code looks like this
https://stackoverflow.com/questions/20541013
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansetlogmask(LOG_UPTO(LOG_NOTICE));
openlog("netflow_receiver", LOG_CONS, LOG_LOCAL2);
syslog(LOG_NOTICE, "Syslogger started");
while(1){
syslog(LOG_NOTICE, "Top of loop");
unsigned char* mesg = (unsigned char*)malloc(1024 * sizeof(unsigned char));
syslog(LOG_NOTICE, "Allocated message memory");
len = sizeof(cliaddr);
syslog(LOG_NOTICE, "Got len of client");
//Syslog stops after this
n = recvfrom(sockfd, mesg, 1024, 0, (struct sockaddr *) &cliaddr, &len);
syslog(LOG_NOTICE, "received");
mesg[n] = 0;
syslog(LOG_NOTICE, "Calling log_record");
process_record(mesg);
syslog(LOG_NOTICE, "Back from log_record");
}
The syslog looks just like this
Dec 12 09:42:01 my_pc netflow_receiver: Syslogger started
Dec 12 09:42:01 my_pc netflow_receiver: Top of loop
Dec 12 09:42:01 my_pc netflow_receiver: Allocated message memory
Dec 12 09:42:01 my_pc netflow_receiver: Got len of client
Dec 12 09:48:33 my_pc netflow_receiver: Syslogger started
Dec 12 09:48:33 my_pc netflow_receiver: Top of loop
Dec 12 09:48:33 my_pc netflow_receiver: Allocated message memory
...
Any thoughts or suggestions...I'm open to using a non-standard C syslog library if anyone knows about a good one.
Solution
mesg[n] = 0; is wrong
If recvfrom returns 1024, your're indexing into memory outside what you should.
Same thing if recvfrom returns -1.
Make sure you handle both those cases.
You'll want to make sure sockfd actually has the correct value of your socket, syslog opens a socket too, if you have some error somewhere and start reading from that file descriptor instead, odd things will happen.
OTHER TIPS
it's most probably not recvfrom's fault. you can check this by commenting out the recvfrom() line and rerun your application.
syslog drops messages from processes with high load of messages if you need all these logs consider logging to a file and using a logging library (e.g log4cxx, ...)
