Re: [Burp-users] Burp not logging to configured logfile
Brought to you by:
grke
Menu
▾
▴
Re: [Burp-users] Burp not logging to configured logfile
|
From: Graham K. <ke...@sp...> - 2012-03-17 22:02:57
|
On Sat, Mar 17, 2012 at 09:38:17PM +0100, seb...@da... wrote: > I'm having an issue with burp 1.3.1 on CentOS 6.2: the child processes > spawned by the burp server send their logging output to syslog, even if > I have a different destination in the "logfile" line in my configuration > file and the "-l" switch to the burp server process. ... > The /var/log/burp folder exists and the burp user has the correct > permissions. However, the /var/log/burp/burp-server.log file has only: > > [admin@picard burp]$ cat /var/log/burp/burp-server.log > 2012-03-17 19:06:04: burp-server[2969] forked child pid 3210 > 2012-03-17 19:06:04: burp-server[3210] auth ok for client: picard ... > Let's take the child process 5753 shown in the ps output above, I'm > seeing its logging output in /var/log/messages, which makes me think > that the logfile option and the -l switch are ignored: > > [admin@picard burp]$ sudo tail -n2000 /var/log/messages | less > Mar 17 20:19:28 picard burp-server: 2012-03-17 20:19:28: > burp-server[5753] got unchanged file: > /var/lib/yum/yumdb/p/5911820b4658e7f3abe09a6f35b9dac025486499-pygpgme-0.1-18.20090824bzr68.el6-x86_64/checksum_type ... > There are thousands of lines like those, and the files are quite big: ... > Given my configuration file and launch switch, I would expect all the > logging to go into the /var/log/burp/burp-server.log, and nothing into > /var/log/messages. Graham, can you look into it and tell me what I'm > doing wrong, or check if this is a bug in Burp ? Sorry, you are not doing something wrong, and I think there are two problems. Firstly, I left a stupid line of debug in the server for 1.3.1 (the 'got unchanged file' bit), which is what is filling up your messages file. It is in src/backup_phase2_server.c of the source, around line 196. Commenting it out or deleting it is a good idea. I believe that Bas already did that for the Debian package, but you are probably not using Debian. It has already been removed for the 1.3.2 development version in git. Secondly, I can reproduce your problem on 1.3.2, and I eventually figured out that in the 'logp()' function in src/log.c, it prints to a log, and also does a syslog. I think that is probably a silly thing to do on the server side, but doing a syslog on the client side might still be a good idea. I'll need to think about it a bit more before I decide what to do. Maybe give an option to let the user decide whether to syslog or not. On your server, if you don't want any syslog messages, you can just delete the syslog on line 37 of src/log.c for now. It will probably not be too bad if you did the first change above though, because the logging will be much reduced. To explain what should happen with the server logging: The server should log to the server log file. When a client process connects and starts something like a backup, the server forks a child and the child switches to logging into the backup directory log file. So most of the logging goes into the backup directories, and only small amounts of logging go into the main server log file (clients connecting and disconnecting, mostly). So, sorry about the confusion and taking up lots of your disk space, but with the two changes above, you should be able to make things better. |
