Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add seek needed to read a growing file on newer Perl versions. #28

Merged
merged 4 commits into from
Aug 6, 2023
Merged

Add seek needed to read a growing file on newer Perl versions. #28

merged 4 commits into from
Aug 6, 2023

Conversation

crunchyheath
Copy link
Contributor

The issue of interest:
https://groups.google.com/g/linux.debian.bugs.dist/c/ZaxLI8YufO8

As of Perl 5.36, it appears that they have fixed the broken EOF handling and pgaudit_analyze will not continue to read the log after it parses it the first time. This means that it is unable to get any new log entries that are added to a file after it opens it the first time. To fix this, the PR includes a change to reset the file handler which clears the EOF flag.

This specific issue was found because on Debian 12 (Bookworm) the default Perl version is now 5.36.0-7, which during our testing we found that the daemon was no longer updating. After debugging and thinking that the daemon was dying, we realized that if we started the daemon again it would update the analyze DB to the current state of the log files, but not get any new updates. After troubleshooting further, we found that it was related to the above bug and this small change appears to fix the issue.

We have tested various fixes and this one appears to be the least impactful on CPU utilization, but still resolves the issue in question.

@dwsteele dwsteele self-requested a review August 6, 2023 10:49
@dwsteele dwsteele self-assigned this Aug 6, 2023
@dwsteele dwsteele added the bug label Aug 6, 2023
@dwsteele dwsteele changed the base branch from master to integration August 6, 2023 11:40
dwsteele
dwsteele approved these changes Aug 6, 2023
View reviewed changes
Copy link
Collaborator

@dwsteele dwsteele left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add error handling, but otherwise looks good. Thanks!

@dwsteele dwsteele changed the title Debian 12 Bookworm/Perl 5.36 breaks pgaudit_analyze Fix missing seek needed to continue reading a growing file. Aug 6, 2023
@dwsteele dwsteele changed the title Fix missing seek needed to continue reading a growing file. Add missing seek needed to continue reading a growing file. Aug 6, 2023
@dwsteele dwsteele changed the title Add missing seek needed to continue reading a growing file. Add seek needed to read a growing file on newer Perl versions. Aug 6, 2023
@dwsteele dwsteele merged commit af8873b into pgaudit:integration Aug 6, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwsteele dwsteele dwsteele approved these changes

Assignees

@dwsteele dwsteele

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@crunchyheath @dwsteele