Hi Elizabeth,
(gdb) p rule $1 = (c_rule_t *) 0x168ad90
OK.
(gdb) p *rule [snip] log = {logfile = 0x168ae90, matchexp = 0x0, matchone = 0x0, ignoreexp = 0x168aed0, color = 4}, [snip] (gdb) p *(rule->rule.log.matchexp) Cannot access memory at address 0x0
Definitely not OK. The LOG check comes without any expression to match the log data against ("matchexp" is a NULL pointer). Which explains why it crashes when we try to use to expression in line 2491:
if (!patternmatch(logdata, rule->rule.log.matchexp->pattern,
rule->rule.log.matchexp->exp)) continue;Now, the "matchexp" setting is built from the regex in the LOG statement. If this turns out to be an invalid regex, it should log a file in the xymond_client logfile like
pcre compile 'your-pattern-here' failed (offset N): <error message>So could you check if there's such a message in your log?
Still, it is incovenient that xymond_client crashes because of a configuration error. I'll look into improving that.
Regards, Henrik