diff options
85 files changed, 1024 insertions, 1403 deletions
@@ -1,4 +1,134 @@ --------------------------------------------------------------------------- +Version 7.4.8 [v7.4-stable] 2014-01-08 +- rsgtutil provides better error messages on unfinished signature blocks +- bugfix: guard against control characters in internal (error) messages + Thanks to Ahto Truu for alerting us. +- bugfix: immark did emit messages under kern.=info instead of syslog.=info + Note that his can potentially break exisiting configurations that + rely on immark sending as kern.=info. Unfortunately, we cannot leave + this unfixed as we never should emit messages under the kern facility. +--------------------------------------------------------------------------- +Version 7.4.7 [v7.4-stable] 2013-12-10 +- bugfix: limiting queue disk space did not work properly + * queue.maxdiskspace actually initializes queue.maxfilesize + * total size of queue files was not checked against + queue.maxdiskspace for disk assisted queues. + Thanks to Karol Jurak for the patch. +- bugfix: linux kernel-like ratelimiter did not work properly with all + inputs (for example, it did not work with imdup). The reason was that + the PRI value was used, but that needed parsing of the message, which + was done too late. +- bugfix: disk queues created files in wrong working directory + if the $WorkDirectory was changed multiple times, all queues only + used the last value set. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly + Thanks to Tomas Heinrich for alerting us and provinding a solution + suggestion. +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work + Thanks to Tomas Heinrich for the patch. +- improved checking of queue config parameters on startup +- bugfix: call to ruleset with async queue did not use the queue + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443 +- bugfix: if imtcp is loaded and no listeners are configured (which is + uncommon), rsyslog crashes during shutdown. +--------------------------------------------------------------------------- +Version 7.4.6 [v7.4-stable] 2013-10-31 +- bugfix: potential abort during HUP + This could happen when one of imklog, imzmq3, imkmsg, impstats, + imjournal, or imuxsock were under heavy load during a HUP. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489 + Thanks to Guy Rozendorn for reporting the problem and Peval Levhshin for + his analysis. +- bugfix: imtcp flowControl parameter incorrectly defaulted to "off" + This could cause message loss on systems under heavy load and was + a change-of-behaviour to previous version. This is a regression + most probably introduced in 5.9.0 (but did not try hard to find the + exact point of its introduction). +- now requires libestr 0.1.9 as earlier versions lead to problems with + number handling in RainerScript +- bugfix: memory leak in strlen() RainerScript function + Thanks to Gregoire Seux for reportig this bug. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486 +- bugfix: buffer overrun if re_extract function was called for submatch 50 + Thanks to Pavel Levshin for reporting the problem and its location. +- bugfix: memleak in re_extract() function + Thanks to Pavel Levshin for reporting this problem. +- bugfix: potential abort in RainerScript optimizer + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488 + Thanks to Thomas Doll for reporting the problem and Pavel Levshin for + fixing it. +- bugfix: memory leak in omhiredis + Thanks to Pavel Levshin for the fix +- bugfix: segfault if variable was assigned to non-container subtree + Thanks to Pavel Levshin for the fix +--------------------------------------------------------------------------- +Version 7.4.5 [v7.4-stable] 2013-10-22 +- mmanon: removed the check for specific "terminator characters" after + last octet. As it turned out, this didn't work in practice as there + was an enormous set of potential terminator chars -- so removing + them was the best thing to do. Note that this may change behaviour of + existing installations. Yet, we still consider this an important + bugfix, that should be applied to the stable branch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477 + Thanks to Muri Cicanor for initiating the discussion +- now requires libestr 0.1.8 as early versions had a nasty bug in + string comparisons +- omelasticsearch: add failed.httprequests stats counter +- bugfix: invalid property filter was not properly disabled in ruleset + Note that this bugfix introduces a very slight memory leak, which is + cosmetic, as it just holds data until termination that is no longer + needed. It is just the part of the config that was invalid. We will + "fix" this "issue" in the devel version first, as the fix is a bit + too intrusive to do without hard need in the stable version. +- bugfix: segfault if re_extract() function was used and no match found +- bugfix: potential misadressing on startup if property-filter was used + This could happen if the property name was longer than 127 chars, a case + that would not happen in practice. +- bugfix: omelasticsearch: correct failed.http stats counter +- bugfix: omelasticsearch: did not correctly initialize stats counters +- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode + This usually did not lead to any problems, because they are in static + memory, which is initialized to zero by the OS when the plugin is + loaded. But it may cause problems especially on systems that do not + support atomic instructions - in this case the associated mutexes also + did not get properly initialized. +- bugfix: mmanon did not detect all IP addresses in rewrite mode + The problem occured if two IPs were close to each other and the first one + was shrunk. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: mmanon sometimes used invalid replacement char in simple mode + depending on configuration sequence, the replacement character was set + to 's' instead of the correct value. Most importantly, it was set to + 's' if simple mode was selected and no replacement char set. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: memory leak in mmnormalize +- bugfix: array-based ==/!= comparisions lead to invalid results + This was a regression introduced in 7.3.5 bei the PRI optimizer +- bugfix: omprog blocked signals to executed programs + The made it impossible to send signals to programs executed via + omprog. + Thanks to Risto Vaarandi for the analysis and a patch. +- bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was + misspelled + Thanks to David Lang for alerting us +- bugfix: imfile "facility" input parameter improperly handled + caused facility not to be set, and severity to be overwritten with + the facility value. + Thanks to forum user dmunny for reporting this bug. +- bugfix: small memory leak in imfile when $ResetConfigVariables was used + Thanks to Grégory Nuyttens for reporting this bug and providig a fix +- bugfix: segfault on startup if TLS was used but no CA cert set +- bugfix: segfault on startup if TCP TLS was used but no cert or key set +- bugfix: some more build problems with newer json-c versions + Thanks to Michael Biebl for mentioning the problem. +- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled + Thanks to Jonny Törnbom for reporting this problem +--------------------------------------------------------------------------- Version 7.4.4 [v7.4-stable] 2013-09-03 - better error messages in GuardTime signature provider Thanks to Ahto Truu for providing the patch. @@ -1,5 +1,61 @@ -This file has been superseeded by the files in the doc folder. -Please see doc/manual.html for futher details. If you are -looking for install information doc/install.html is for you! -If you do not have the doc set, see +rsyslog - what's it? +==================== + +rsyslog is a high-performance, modular system event processor. While it started +as a regular syslogd, it has evolved into a kind of swiss army knife of logging, +being able to accept inputs from a wide variety of sources, transform them, and +output to the results to diverse destinations. + +Rsyslog can deliver over one million messages (V7, December 2013) to local +destinations when limited processing is applied. Even with remote destinations +and more elaborate processing the performance is usually considered "stunning". + +Project Philosophy +================== +We are an open source project in all aspects and very open to outside feedback +and contribution. We base our work on standards and try to solve all real-world +needs (of course, we occasionally fail tackeling actually all needs ;)). While +the project is primarily sponsored by Adiscon, technical development is +independent from company goals and most decisions are solely based on mailing +list discussion results. There is an active commuity around rsyslog. + +There is no such thing like being an official member of the rsyslog team. The +closest to that is being subscribed to the mailing list: + http://lists.adiscon.net/mailman/listinfo/rsyslog + +This method of open discussions is modelled after the IETF process, which is +probably the best-known and most successive collaborative standards body. + +Project Funding +=============== +Rsyslog's main sponsor Adiscon tries to fund rsyslog by selling custom +development and support contracts. Adiscon does NOT license rsyslog under a +commercial license (this is simply impossible for anyone due to rsyslog's +license structure). + +Any third party is obviously also free to offer custom development, support +and rsyslog consulting. We gladly merge result of such third-party work into +the main repository (assuming it matches the few essential things written +down in our contribution policy). + +Contributions +============= +Contributions to rsyslog are very welcome. To learn more about how +to contribute, please visit + http://www.rsyslog.com/how-to-contribute-to-rsyslog/ + +Note that the rsyslog team usually has a very long todo list. Help +with that list is much appreicated. + +Documentation +============= +The main rsyslog documenation is available in html format. To read +it, point your web browser to ./doc/manual.html. Alternatively, +you can view the documentation for *the most recent rsyslog version* +online at http://www.rsyslog.com/doc + +Development Model +================= +Rsyslog uses the integration manager workflow as described here: + http://git-scm.com/book/en/Distributed-Git-Distributed-Workflows @@ -459,6 +459,7 @@ actionConstructFinalize(action_t *pThis, struct cnfparamvals *queueParams) setQPROP(qqueueSetiDiscardMrk, "$ActionQueueDiscardMark", cs.iActionQDiscardMark); setQPROP(qqueueSetiDiscardSeverity, "$ActionQueueDiscardSeverity", cs.iActionQDiscardSeverity); setQPROP(qqueueSetiMinMsgsPerWrkr, "$ActionQueueWorkerThreadMinimumMessages", cs.iActionQWrkMinMsgs); + setQPROP(qqueueSetiNumWorkerThreads, "$ActionQueueWorkerThreads", cs.iActionQueueNumWorkers); setQPROP(qqueueSetbSaveOnShutdown, "$ActionQueueSaveOnShutdown", cs.bActionQSaveOnShutdown); setQPROP(qqueueSetiDeqSlowdown, "$ActionQueueDequeueSlowdown", cs.iActionQueueDeqSlowdown); setQPROP(qqueueSetiDeqtWinFromHr, "$ActionQueueDequeueTimeBegin", cs.iActionQueueDeqtWinFromHr); @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for rsyslog 7.4.4. +# Generated by GNU Autoconf 2.68 for rsyslog 7.4.8. # # Report bugs to <rsyslog@lists.adiscon.com>. # @@ -570,8 +570,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='rsyslog' PACKAGE_TARNAME='rsyslog' -PACKAGE_VERSION='7.4.4' -PACKAGE_STRING='rsyslog 7.4.4' +PACKAGE_VERSION='7.4.8' +PACKAGE_STRING='rsyslog 7.4.8' PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com' PACKAGE_URL='' @@ -1594,7 +1594,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rsyslog 7.4.4 to adapt to many kinds of systems. +\`configure' configures rsyslog 7.4.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1664,7 +1664,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rsyslog 7.4.4:";; + short | recursive ) echo "Configuration of rsyslog 7.4.8:";; esac cat <<\_ACEOF @@ -1909,7 +1909,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rsyslog configure 7.4.4 +rsyslog configure 7.4.8 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2488,7 +2488,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rsyslog $as_me 7.4.4, which was +It was created by rsyslog $as_me 7.4.8, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3303,7 +3303,7 @@ fi # Define the identity of the package. PACKAGE='rsyslog' - VERSION='7.4.4' + VERSION='7.4.8' cat >>confdefs.h <<_ACEOF @@ -13211,12 +13211,12 @@ if test -n "$LIBESTR_CFLAGS"; then pkg_cv_LIBESTR_CFLAGS="$LIBESTR_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libestr >= 0.1.5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libestr >= 0.1.5") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libestr >= 0.1.9\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libestr >= 0.1.9") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBESTR_CFLAGS=`$PKG_CONFIG --cflags "libestr >= 0.1.5" 2>/dev/null` + pkg_cv_LIBESTR_CFLAGS=`$PKG_CONFIG --cflags "libestr >= 0.1.9" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -13228,12 +13228,12 @@ if test -n "$LIBESTR_LIBS"; then pkg_cv_LIBESTR_LIBS="$LIBESTR_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libestr >= 0.1.5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libestr >= 0.1.5") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libestr >= 0.1.9\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libestr >= 0.1.9") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBESTR_LIBS=`$PKG_CONFIG --libs "libestr >= 0.1.5" 2>/dev/null` + pkg_cv_LIBESTR_LIBS=`$PKG_CONFIG --libs "libestr >= 0.1.9" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -13254,14 +13254,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - LIBESTR_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libestr >= 0.1.5" 2>&1` + LIBESTR_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libestr >= 0.1.9" 2>&1` else - LIBESTR_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libestr >= 0.1.5" 2>&1` + LIBESTR_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libestr >= 0.1.9" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$LIBESTR_PKG_ERRORS" >&5 - as_fn_error $? "Package requirements (libestr >= 0.1.5) were not met: + as_fn_error $? "Package requirements (libestr >= 0.1.9) were not met: $LIBESTR_PKG_ERRORS @@ -18149,12 +18149,12 @@ if test -n "$LIBLOGNORM_CFLAGS"; then pkg_cv_LIBLOGNORM_CFLAGS="$LIBLOGNORM_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lognorm >= 0.3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "lognorm >= 0.3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lognorm >= 0.3.1 lognorm < 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lognorm >= 0.3.1 lognorm < 1.0.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBLOGNORM_CFLAGS=`$PKG_CONFIG --cflags "lognorm >= 0.3.1" 2>/dev/null` + pkg_cv_LIBLOGNORM_CFLAGS=`$PKG_CONFIG --cflags "lognorm >= 0.3.1 lognorm < 1.0.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -18166,12 +18166,12 @@ if test -n "$LIBLOGNORM_LIBS"; then pkg_cv_LIBLOGNORM_LIBS="$LIBLOGNORM_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lognorm >= 0.3.1\""; } >&5 - ($PKG_CONFIG --exists --print-errors "lognorm >= 0.3.1") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lognorm >= 0.3.1 lognorm < 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lognorm >= 0.3.1 lognorm < 1.0.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_LIBLOGNORM_LIBS=`$PKG_CONFIG --libs "lognorm >= 0.3.1" 2>/dev/null` + pkg_cv_LIBLOGNORM_LIBS=`$PKG_CONFIG --libs "lognorm >= 0.3.1 lognorm < 1.0.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -18192,14 +18192,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - LIBLOGNORM_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lognorm >= 0.3.1" 2>&1` + LIBLOGNORM_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lognorm >= 0.3.1 lognorm < 1.0.0" 2>&1` else - LIBLOGNORM_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lognorm >= 0.3.1" 2>&1` + LIBLOGNORM_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lognorm >= 0.3.1 lognorm < 1.0.0" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$LIBLOGNORM_PKG_ERRORS" >&5 - as_fn_error $? "Package requirements (lognorm >= 0.3.1) were not met: + as_fn_error $? "Package requirements (lognorm >= 0.3.1 lognorm < 1.0.0) were not met: $LIBLOGNORM_PKG_ERRORS @@ -20766,7 +20766,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rsyslog $as_me 7.4.4, which was +This file was extended by rsyslog $as_me 7.4.8, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20832,7 +20832,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -rsyslog config.status 7.4.4 +rsyslog config.status 7.4.8 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 017116e..d2a8891 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[7.4.4],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[7.4.8],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -32,7 +32,7 @@ AC_CANONICAL_HOST PKG_PROG_PKG_CONFIG # modules we require -PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.5) +PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.9) PKG_CHECK_MODULES([JSON_C], [json],, [ PKG_CHECK_MODULES([JSON_C], [json-c]) ]) @@ -920,7 +920,7 @@ AC_ARG_ENABLE(mmnormalize, ) if test "x$enable_mmnormalize" = "xyes"; then PKG_CHECK_MODULES(LIBEE, libee >= 0.4.0) - PKG_CHECK_MODULES(LIBLOGNORM, lognorm >= 0.3.1) + PKG_CHECK_MODULES(LIBLOGNORM, lognorm >= 0.3.1 lognorm < 1.0.0) fi AM_CONDITIONAL(ENABLE_MMNORMALIZE, test x$enable_mmnormalize = xyes) @@ -32,7 +32,7 @@ rsRetVal multiSubmitMsg2(multi_submit_t *pMultiSub); /* friends only! */ rsRetVal submitMsg2(msg_t *pMsg); rsRetVal __attribute__((deprecated)) submitMsg(msg_t *pMsg); rsRetVal multiSubmitFlush(multi_submit_t *pMultiSub); -rsRetVal logmsgInternal(int iErr, int pri, uchar *msg, int flags); +rsRetVal logmsgInternal(int iErr, int pri, const uchar *const msg, int flags); rsRetVal __attribute__((deprecated)) parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int flags, flowControl_t flowCtlTypeu, prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime, ruleset_t *pRuleset); rsRetVal diagGetMainMsgQSize(int *piSize); /* for imdiag */ rsRetVal createMainQueue(qqueue_t **ppQueue, uchar *pszQueueName, struct cnfparamvals *queueParams); diff --git a/doc/Makefile.am b/doc/Makefile.am index e175764..56176d1 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -65,15 +65,8 @@ html_files = \ tls_cert_ca.jpg \ tls_cert.jpg \ tls_cert_errmsgs.html \ - rsyslog_secure_tls.html \ - tls_cert_server.html \ - tls_cert_ca.html \ - tls_cert_summary.html \ - tls_cert_machine.html \ - tls_cert_udp_relay.html \ - tls_cert_client.html \ - tls_cert_scenario.html \ rainerscript.html \ + global.html \ lookup_tables.html \ rscript_abnf.html \ rsconf1_actionexeconlywhenpreviousissuspended.html \ diff --git a/doc/Makefile.in b/doc/Makefile.in index 1e2237a..ce66409 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -310,15 +310,8 @@ html_files = \ tls_cert_ca.jpg \ tls_cert.jpg \ tls_cert_errmsgs.html \ - rsyslog_secure_tls.html \ - tls_cert_server.html \ - tls_cert_ca.html \ - tls_cert_summary.html \ - tls_cert_machine.html \ - tls_cert_udp_relay.html \ - tls_cert_client.html \ - tls_cert_scenario.html \ rainerscript.html \ + global.html \ lookup_tables.html \ rscript_abnf.html \ rsconf1_actionexeconlywhenpreviousissuspended.html \ diff --git a/doc/build_from_repo.html b/doc/build_from_repo.html index a06863e..6e018a5 100644 --- a/doc/build_from_repo.html +++ b/doc/build_from_repo.html @@ -12,17 +12,9 @@ The later may especially be the case if you are asked to try out an experimental tarball, but some files are missing because they are output files and thus do not belong into the repository. <h2>Obtaining the Source</h2> -<p>First of all, you need to download the sources. Rsyslog is currently kept in a git -repository. You can clone this repository either via http or git protocol (with the later -being much faster. URLS are: -<ul> -<li>git://git.adiscon.com/git/rsyslog.git -<li>http://git.adiscon.com/git/rsyslog.git -</ul> -<p>There is also a browsable version (gitweb) available at -<a href="http://git.adiscon.com/?p=rsyslog.git;a=summary">http://git.adiscon.com/?p=rsyslog.git;a=summary</a>. -This version also offers snapshots of each commit for easy download. You can use these if -you do not have git present on your system. +<p>First of all, you need to download the sources. Rsyslog is kept in git. The +"<a href="http://www.rsyslog.com/where-to-find-the-rsyslog-source-code/">Where to find the rsyslog +source code</a>" page on the project site will point you to the current repository location. <p>After you have cloned the repository, you are in the master branch by default. This is where we keep the devel branch. If you need any other branch, you need to do a "git checkout --track -b branch origin/branch". For example, the command to check out @@ -66,13 +58,13 @@ follows: <p><pre><code> ./configure CFLAGS="-march=i586 -mcpu=i686" --enable-imfile ... (whatever you need) </code></pre> -<p>These settings should resolve the issue . +<p>These settings should resolve the issue. <p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br> -Copyright © 2008, 2009 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +Copyright © 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL version 3 or higher.</font></p> </body> diff --git a/doc/debug.html b/doc/debug.html index 557ca6d..229aeb0 100644 --- a/doc/debug.html +++ b/doc/debug.html @@ -160,7 +160,11 @@ enable DebugOnDemand mode only for a reason. Note that when no debug mode is ena SIGUSR1 and SIGUSR2 are completely ignored. <p>When running in any of the debug modes (including on demand mode), an interactive instance of rsyslogd can be aborted by pressing ctl-c. -<p> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/how-to-use-debug-on-demand/">How to use debug on demand</a></li> +</ul> +</p> <p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br> diff --git a/doc/global.html b/doc/global.html new file mode 100644 index 0000000..a58f5c6 --- /dev/null +++ b/doc/global.html @@ -0,0 +1,34 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<title>global() configuration object</title> +</head> + +<body> +<h1>global() configuration object</h1> + +<p>The global configuration object permits to set global parameters. +Note that each parameter can only be set once and cannot be re-set +thereafter. If a parameter is set multiple times, the behaviour is +unpredictable. + +<p>The following paramters can be set: +<ul> +<li>workDirectory +<li>dropMsgsWithMaliciousDNSPtrRecords +<li>localHostname +<li>preserveFQDN +<li>defaultNetstreamDriverCAFile +<li>defaultNetstreamDriverKeyFile +<li>defaultNetstreamDriver +<li>maxMessageSize +</ul> + +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="rainerscript.html">RainerScript reference</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> project.<br> +Copyright © 2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under ASL 2.0 or higher.</font></p> +</body> +</html> diff --git a/doc/imjournal.html b/doc/imjournal.html index a4b232e..8f29169 100644 --- a/doc/imjournal.html +++ b/doc/imjournal.html @@ -7,7 +7,7 @@ <h1>Systemd Journal Input Module</h1> <p><b>Module Name: imjournal</b></p> <p><b>Author: </b>Milan Bartos -<mbartos@redhat.com></p> +<mbartos@redhat.com> (This module is not project-supported)</p> <p><b>Description</b>:</p> <p>Provides the ability to import structured log messages from systemd journal to syslog.</p> diff --git a/doc/impstats.html b/doc/impstats.html index 8db9c6f..770f67a 100644 --- a/doc/impstats.html +++ b/doc/impstats.html @@ -24,6 +24,13 @@ settings, this impact may be noticable (for high-load environments). <p>The rsyslog website has an updated overview of available <a href="http://rsyslog.com/rsyslog-statistic-counter/">rsyslog statistic counters</a>. </p> +<p><b>Note that there is a +<a href="http://www.rsyslog.com/impstats-analyzer/">rsyslog statistics +online analyzer</a> available.</b> It can be given a impstats-generated file and +will return problems it detects. Note that the analyzer cannot replace a +human in getting things right, but it is expected to be a good aid in starting +to understand and gain information from the pstats logs. +<7p> <p><b>Module Confguration Parameters</b>:</p> <p>This module supports module parameters, only. <ul> @@ -81,6 +88,12 @@ If set to on, stats messages are emitted as structured cee-enhanced syslog. If set to off, legacy format is used (which is compatible with pre v6-rsyslog). </li> </ul> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/rsyslog-statistic-counter/">rsyslog statistics counter</a></li> +<li><a href="http://www.rsyslog.com/impstats-delayed-or-lost/">impstats delayed or lost</a> - cause and cure +</ul> +</p> <b>Caveats/Known Bugs:</b> <ul> <li>This module MUST be loaded right at the top of rsyslog.conf, otherwise diff --git a/doc/imuxsock.html b/doc/imuxsock.html index 0affe8c..123771f 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -94,7 +94,8 @@ burst in number of messages. Default is 200. <li><b>SysSock.RateLimit.Severity</b> [numerical severity] - specifies the severity of messages that shall be rate-limited. </li> -<li><b>SysSock.UseSysTimeStamp</b> [<b>on</b>/off] the same as $InputUnixListenSocketUseSysTimeStamp, but for the system log socket. +<li><b>SysSock.UseSysTimeStamp</b> [<b>on</b>/off] the same as the input parameter +UseSysTimeStamp, but for the system log socket. See description there. </li> <li><b>SysSock.Annotate</b> <on/<b>off</b>> turn on annotation/trusted properties for the system log socket.</li> @@ -144,7 +145,7 @@ be obtained from the log socket itself. If so, the TAG part of the message is re It is recommended to turn this option on, but the default is "off" to keep compatible with earlier versions of rsyslog. </li> <li><b>UseSysTimeStamp</b> [<b>on</b>/off] instructs imuxsock -to obtain message time from the system (via control messages) insted of using time +to obtain message time from the system (via control messages) instead of using time recorded inside the message. This may be most useful in combination with systemd. Note: this option was introduced with version 5.9.1. Due to the usefulness of it, we decided to enable it by default. As such, 5.9.1 and above behave slightly different @@ -180,7 +181,13 @@ oneself has the advantage that a limited amount of messages may be queued by the OS if rsyslog is not running. </li> </ul> - +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/what-are-trusted-properties/">What are "trusted properties"?</a></li> +<li><a href="http://www.rsyslog.com/why-does-imuxsock-not-work-on-solaris/">Why does imuxsock not work +on Solaris?</a></li> +</ul> +</p> <b>Caveats/Known Bugs:</b><br> <ul> <li>There is a compile-time limit of 50 concurrent sockets. If you need more, you need to diff --git a/doc/lookup_tables.html b/doc/lookup_tables.html index d72810f..4ef5d59 100644 --- a/doc/lookup_tables.html +++ b/doc/lookup_tables.html @@ -190,8 +190,8 @@ be sufficiently secured, e.g. via TLS mutual auth. <h2>Implementation Details</h2> <p>The lookup table functionality is implemented via highly efficient algorithms. -The string lookup is based on a parse tree and has O(1) time complexity. The array -lookup is also O(1). In case of sparseArray, we have O(log n). +The string lookup has O(log n) time complexity. The array +lookup is O(1). In case of sparseArray, we have O(log n). <p>To preserve space and, more important, increase cache hit performance, equal data values are only stored once, no matter how often a lookup index points to them. <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] diff --git a/doc/manual.html b/doc/manual.html index dc6453b..a160ed3 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p> <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a> to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the project goals.</p> -<p><b>This documentation is for version 7.4.4 (v7.4-stable branch) of rsyslog.</b> +<p><b>This documentation is for version 7.4.8 (v7.4-stable branch) of rsyslog.</b> Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might @@ -58,7 +58,7 @@ if you do not read the doc, but doing so will definitely improve your experience <li><a href="install.html">installing rsyslog</a></li> <li><a href="build_from_repo.html">obtaining rsyslog from the source repository</a></li> <li><a href="ipv6.html">rsyslog and IPv6</a> (which is fully supported)</li> -<li><a href="rsyslog_secure_tls.html">native TLS encryption for syslog</a></li> +<li><a href="http://www.rsyslog.com/doc/rsyslog_secure_tls.html">native TLS encryption for syslog</a></li> <li><a href="multi_ruleset.html">using multiple rule sets in rsyslog</a></li> <li><a href="rsyslog_stunnel.html">ssl-encrypting syslog with stunnel</a></li> <li><a href="rsyslog_mysql.html">writing syslog messages to MySQL (and other databases as well)</a></li> diff --git a/doc/mmanon.html b/doc/mmanon.html index 16065a1..e14d75c 100644 --- a/doc/mmanon.html +++ b/doc/mmanon.html @@ -18,14 +18,7 @@ Note that anonymization will break digital signatures on the message, if they exist. <p><i>How are IP-Addresses defined?</i> <p>We assume that an IP address consists of four octets in dotted notation, -where each of the octets has a value between 0 and 255, inclusively. After -the last octet, there must be either a space or a colon. So, for example, -"1.2.3.4 Test" and "1.2.3.4:514 Test" are detected as containing valid IP -addresses, whereas this is not the case for "1.2.300.4 Test" or -"1.2.3.4-Test". The message text may contain multiple addresses. If so, -each of them is anonimized (according to the same rules). -<b>Important:</b> We may change the set of acceptable characters after -the last octet in the future, if there are good reasons to do so. +where each of the octets has a value between 0 and 255, inclusively. <p> </p> <p><b>Module Configuration Parameters</b>:</p> diff --git a/doc/mmnormalize.html b/doc/mmnormalize.html index 787bd95..8110023 100644 --- a/doc/mmnormalize.html +++ b/doc/mmnormalize.html @@ -46,6 +46,17 @@ parameter. <li>$mmnormalizeUseRawMsg <on/off> - equivalent to the "useRawMsg" parameter. </ul> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/normalizer-first-steps-for-mmnormalize/">First steps for mmnormalize</a></li> +<li><a href="http://www.rsyslog.com/log-normalization-and-special-characters/">Log normalization and +special characters</a></li> +<li><a href="http://www.rsyslog.com/log-normalization-and-the-leading-space/">Log normalization and +the leading space</a></li> +<li><a href="http://www.rsyslog.com/using-rsyslog-mmnormalize-module-effectively-with-adiscon-loganalyzer/">Using +mmnormalize effectively with Adiscon LogAnalyzer</a></li> +</ul> +</p> <b>Caveats/Known Bugs:</b> <p>None known at this time. </ul> diff --git a/doc/omfile.html b/doc/omfile.html index 7232092..0f64f26 100644 --- a/doc/omfile.html +++ b/doc/omfile.html @@ -97,6 +97,11 @@ sets a new default template for file actions.<br></li><br> </ul> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/how-to-sign-log-messages-through-signature-provider-guardtime/">Sign log messages through signature provider Guardtime</a></li> +</ul> +</p> <p><b>Caveats/Known Bugs:</b></p> <ul> <li>One needs to be careful with log rotation if signatures and/or encryption diff --git a/doc/omfwd.html b/doc/omfwd.html index 53f9e52..a541dd2 100644 --- a/doc/omfwd.html +++ b/doc/omfwd.html @@ -56,6 +56,11 @@ Permits to resend the last message when a connection is reconnected. This setting affects TCP-based syslog, only. It is most useful for traditional, plain TCP syslog. Using this protocol, it is not always possible to know which messages were successfully transmitted to the receiver when a connection breaks. In many cases, the last message sent is lost. By switching this setting to "yes", rsyslog will always retransmit the last message when a connection is reestablished. This reduces potential message loss, but comes at the price that some messages may be duplicated (what usually is more acceptable). <br></li><br> </ul> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/encrypted-disk-queues/">Encrypted Disk Queues</a></li> +</ul> +</p> <p><b>Caveats/Known Bugs:</b></p><ul><li>None.</li></ul> <p><b>Sample:</b></p> <p>The following command sends all syslog messages to a remote server via TCP port 10514.</p> diff --git a/doc/omruleset.html b/doc/omruleset.html index 41d6ccf..f0d5f7b 100644 --- a/doc/omruleset.html +++ b/doc/omruleset.html @@ -122,6 +122,11 @@ $ActionOmrulesetRulesetName nested # of course, we can have "regular" actions alongside :omrulset: actions *.* /path/to/general-message-file.log </textarea> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/rulesets-and-rsyslog-7-2/">Calling rulesets since rsyslog 7.2</a></li> +</ul> +</p> <p><b>Caveats/Known Bugs:</b> <p>The current configuration file language is not really adequate for a complex construct like omruleset. Unfortunately, more important work is currently preventing me from redoing the diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 13ff41c..7218c22 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -746,13 +746,15 @@ use drop-cc and "drop-cc,escape-cc" will use escape-cc mode. options. It was initially introduced to support the "jsonf" option, for which it provides the capability to set an alternative field name. If it is not specified, it defaults to the property name. -<h2>Further Links</h2> +<b>See also</b> <ul> <li>Article on "<a href="rsyslog_recording_pri.html">Recording the Priority of Syslog Messages</a>" (describes use of templates to record severity and facility of a message)</li> <li><a href="rsyslog_conf.html">Configuration file format</a>, this is where you actually use the property replacer.</li> +<li><a href="http://www.rsyslog.com/what-is-the-difference-between-timereported-and-timegenerated/"> +Difference between timereported and timegenerated.</li> </ul> <p>[<a href="manual.html">manual index</a>] [<a href="rsyslog_conf.html">rsyslog.conf</a>] diff --git a/doc/queues.html b/doc/queues.html index 75b70fb..85df9fe 100644 --- a/doc/queues.html +++ b/doc/queues.html @@ -386,6 +386,11 @@ it terminates. This includes data elements there were begun being processed by workers that needed to be cancelled due to too-long processing. For a large queue, this operation may be lengthy. No timeout applies to a required shutdown save.</p> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/encrypted-disk-queues/">Encrypted Disk Queues</a></li> +</ul> +</p> [<a href="manual.html">manual index</a>] [<a href="rsyslog_conf.html">rsyslog.conf</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> diff --git a/doc/rainerscript.html b/doc/rainerscript.html index 7cbbfa9..b83184d 100644 --- a/doc/rainerscript.html +++ b/doc/rainerscript.html @@ -34,6 +34,16 @@ return a valid result, as you can't really add two letters (to concatenate them, use the concatenation operator &). However, all type conversions are automatically done by the script interpreter when there is need to do so.<br> +<h3>Constant Strings</h3> +<p>String constants are necessary in many places: comparisons, +configuration parameter values and function arguments, to name a +few important ones. +<p>In constant strings, special characters are escape by prepending a +backslash in front of them -- just in the same way this is done in the +C programming language or PHP. +<p>If in doubt how to properly escape, use the +<a href="http://www.rsyslog.com/rainerscript-constant-string-escaper/">RainerScript +String Escape Online Tool</a>. <h2>Expressions</h2> The language supports arbitrary complex expressions. All usual operators are supported. The precedence of operations is as follows @@ -51,6 +61,13 @@ of a and b should be tested as "a <> b". The "not" operator should be reserved to cases where it actually is needed to form a complex boolean expression. In those cases, parenthesis are highly recommended. +<h2>configuration objects</h2> +<h3>action()</h3> +The <a href="rsyslog_conf_actions.html">action</a> object is the primary +means of describing actions to be carried out. +<h3>global()</h3> +<p>This is used to set global configuration parameters. For details, please +see the <a href="global.html">rsyslog global configuration object</a>. <h2>Lookup Tables</h2> <p><a href="lookup_tables.html">Lookup tables</a> are a powerful construct to obtain "class" information based on message content (e.g. to build diff --git a/doc/rsyslog_conf_actions.html b/doc/rsyslog_conf_actions.html index fa240d9..50b13a0 100644 --- a/doc/rsyslog_conf_actions.html +++ b/doc/rsyslog_conf_actions.html @@ -24,9 +24,9 @@ implemented via <a href="rsyslog_conf_modules.html#om">outpout modules</a>. <li><b>type</b> string <br>Mandatory parameter for every action. The name of the module that should be used. </li> <li><b>action.writeAllMarkMessages</b> on/off - <br>Normally, mark messages are written to actions only if the action was not recently executed (by default, recently means within the past 20 minutes). If this setting is switched to "on", mark messages are always sent to actions, no matter how recently they have been executed. In this mode, mark messages can be used as a kind of heartbeat. Note that this option auto-resets to "off", so if you intend to use it with multiple actions, it must be specified in front off all selector lines that should provide this functionality. </li> + <br>Normally, mark messages are written to actions only if the action was not recently executed (by default, recently means within the past 20 minutes). If this setting is switched to "on", mark messages are always sent to actions, no matter how recently they have been executed. In this mode, mark messages can be used as a kind of heartbeat.</li> <li><b>action.execOnlyEveryNthTime</b> integer - <br>If configured, the next action will only be executed every n-th time. For example, if configured to 3, the first two messages that go into the action will be dropped, the 3rd will actually cause the action to execute, the 4th and 5th will be dropped, the 6th executed under the action, ... and so on. Note: this setting is automatically re-set when the actual action is defined.</li> + <br>If configured, the next action will only be executed every n-th time. For example, if configured to 3, the first two messages that go into the action will be dropped, the 3rd will actually cause the action to execute, the 4th and 5th will be dropped, the 6th executed under the action, ... and so on.</li> <li><b>action.execOnlyEveryNthTimeout</b> integer <br>Has a meaning only if Action.ExecOnlyEveryNthTime is also configured for the same action. If so, the timeout setting specifies after which period the counting of "previous actions" expires and a new action count is begun. Specify 0 (the default) to disable timeouts. Why is this option needed? Consider this case: a message comes in at, eg., 10am. That's count 1. Then, nothing happens for the next 10 hours. At 8pm, the next one occurs. That's count 2. Another 5 hours later, the next message occurs, bringing the total count to 3. Thus, this message now triggers the rule. @@ -35,10 +35,19 @@ The question is if this is desired behavior? Or should the rule only be triggere <br>This directive will timeout previous messages seen if they are older than 20 minutes. In the example above, the count would now be always 1 and consequently no rule would ever be triggered. </li> <li><b>action.execOnlyOnceEveryInterval</b> integer <br>Execute action only if the last execute is at last <seconds> seconds in the past (more info in ommail, but may be used with any action)</li> - <li><b>action.execOnlyWhenpReviousIsSuspended</b> on/off - <br>This directive allows to specify if actions should always be executed ("off," the default) or only if the previous action is suspended ("on"). This directive works hand-in-hand with the multiple actions per selector feature. It can be used, for example, to create rules that automatically switch destination servers or databases to a (set of) backup(s), if the primary server fails. Note that this feature depends on proper implementation of the suspend feature in the output module. All built-in output modules properly support it (most importantly the database write and the syslog message forwarder).</li> + <li><b>action.execOnlyWhenPreviousIsSuspended</b> on/off + <br>This directive allows to specify if actions should always be executed ("off," the default) or only if the previous action is suspended ("on"). + This directive works hand-in-hand with the multiple actions per selector feature. It can be used, for example, + to create rules that automatically switch destination servers or databases to a (set of) backup(s), if the + primary server fails. Note that this feature depends on proper implementation of the suspend feature in the + output module. All built-in output modules properly support it (most importantly the database write + and the syslog message forwarder).<br> + Note, however, that a failed action may not immediately be detected. For more information, see the + <a href="http://www.rsyslog.com/action-execonlywhenpreviousissuspended-preciseness/">rsyslog + execOnlyWhenPreviousIsSpuspended preciseness</a> FAQ article. + </li> <li><b>action.repeatedmsgcontainsoriginalmsg</b> on/off - <br>"last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most probably more (this may change from version to version, thus no specific limit is given). The bottom line is that n is large enough to get a good idea which message was repeated but it is not necessarily large enough for the whole message. (Introduced with 4.1.5). Once set, it affects all following actions.</li> + <br>"last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most probably more (this may change from version to version, thus no specific limit is given). The bottom line is that n is large enough to get a good idea which message was repeated but it is not necessarily large enough for the whole message. (Introduced with 4.1.5).</li> <li><b>action.resumeRetryCount</b> integer <br>[default 0, -1 means eternal]</li> <li><b>action.resumeInterval</b> integer diff --git a/doc/rsyslog_conf_filter.html b/doc/rsyslog_conf_filter.html index a795193..c8a40b6 100644 --- a/doc/rsyslog_conf_filter.html +++ b/doc/rsyslog_conf_filter.html @@ -275,6 +275,11 @@ supported (except for "not" as outlined above). Please note that while it is possible to query facility and severity via property-based filters, it is far more advisable to use classic selectors (see above) for those cases.</p> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/filter-optimization-with-arrays/">Filter optimization with arrays</a></li> +</ul> +</p> <p>[<a href="manual.html">manual index</a>] [<a href="rsyslog_conf.html">rsyslog.conf</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> diff --git a/doc/rsyslog_conf_templates.html b/doc/rsyslog_conf_templates.html index 9a6e161..562aa9a 100644 --- a/doc/rsyslog_conf_templates.html +++ b/doc/rsyslog_conf_templates.html @@ -288,8 +288,8 @@ Note that the template string itself must be on a single line. <h4>Standard Template for Forwarding to a Remote Host (RFC3164 mode)</h4> <p><pre><code>template(name="ForwardFormat" type="list") { constant(value="<") - property(name="PRI") - constant(value="<") + property(name="pri") + constant(value=">") property(name="timestamp" dateFormat="rfc3339") constant(value=" ") property(name="hostname") @@ -524,7 +524,13 @@ $template TraditionalForwardFormat,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag:1:3 <br><br> $template StdSQLFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL </code></p> - +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/how-to-bind-a-template/">How to bind a template</a></li> +<li><a href="http://www.rsyslog.com/adding-the-bom-to-a-message/">Adding the BOM to a message</a></li> +<li><a href="http://www.rsyslog.com/article60/">How to separate log files by host name of the sending device</a></li> +</ul> +</p> <p>[<a href="manual.html">manual index</a>] [<a href="rsyslog_conf.html">rsyslog.conf</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> diff --git a/doc/rsyslog_packages.html b/doc/rsyslog_packages.html index 5bb62fa..014791a 100644 --- a/doc/rsyslog_packages.html +++ b/doc/rsyslog_packages.html @@ -81,5 +81,10 @@ of the distribution name. <p>If you do not find a suitable package for your distribution, there is no reason to panic. It is quite simple to install rsyslog from the source tarball, so you should consider that. +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/how-to-use-the-ubuntu-repository/">How to use the Ubuntu repository</a></li> +</ul> +</p> </body> </html> diff --git a/doc/rsyslog_secure_tls.html b/doc/rsyslog_secure_tls.html deleted file mode 100644 index b15e5a4..0000000 --- a/doc/rsyslog_secure_tls.html +++ /dev/null @@ -1,127 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: recommended scenario</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-06-17)</i></small></p> -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -<li><a href="tls_cert_errmsgs.html">Frequently seen Error Messages</a> -</ul> - -<h2>Overview</h2> -<p>This document describes a secure way to set up rsyslog TLS. A secure logging -environment requires more than just encrypting the transmission channel. This document -provides one possible way to create such a secure system. -<p>Rsyslog's TLS authentication can be used very flexible and thus supports a -wide range of security policies. This section tries to give some advise on a -scenario that works well for many environments. However, it may not be suitable -for you - please assess you security needs before using the recommendations -below. Do not blame us if it doesn't provide what you need ;)</p> -<p>Our policy offers these security benefits:</p> -<ul> - <li>syslog messages are encrypted while traveling on the wire</li> - <li>the syslog sender authenticates to the syslog receiver; thus, the - receiver knows who is talking to it</li> - <li>the syslog receiver authenticates to the syslog sender; thus, the sender - can check if it indeed is sending to the expected receiver</li> - <li>the mutual authentication prevents man-in-the-middle attacks</li> -</ul> -<p>Our secrity goals are achived via public/private key security. As such, it is -vital that private keys are well protected and not accessible to third parties. -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -If private keys have become known to third parties, the system does not provide -any security at all. Also, our solution bases on X.509 certificates and a (very -limited) chain of trust. We have one instance (the CA) that issues all machine -certificates. The machine certificate indentifies a particular machine. hile in -theory (and practice), there could be several "sub-CA" that issues machine -certificates for a specific adminitrative domain, we do not include this in our -"simple yet secure" setup. If you intend to use this, rsyslog supports it, but -then you need to dig a bit more into the documentation (or use the forum to ask). -In general, if you depart from our simple model, you should have good reasons -for doing so and know quite well what you are doing - otherwise you may -compromise your system security.</p> -<p>Please note that security never comes without effort. In the scenario -described here, we have limited the effort as much as possible. What remains is -some setup work for the central CA, the certificate setup for each machine as -well as a few configuration commands that need to be applied to all of them. -Proably the most important limiting factor in our setup is that all senders and -receivers must support IETF's syslog-transport-tls standard (which is not -finalized yet). We use mandatory-to-implement technology, yet you may have -trouble finding all required features in some implementations. More often, -unfortunately, you will find that an implementation does not support the -upcoming IETF standard at all - especially in the "early days" (starting May -2008) when rsyslog is the only implementation of said standard.</p> -<p>Fortunately, rsyslog supports allmost every protocol that is out there in the -syslog world. So in cases where transport-tls is not available on a sender, we -recommend to use rsyslog as the initial relay. In that mode, the not-capabe -sender sends to rsyslog via another protocol, which then relays the message via -transport-tls to either another interim relay or the final destination (which, -of course, must by transport-tls capable). In such a scenario, it is best to try -see what the sender support. Maybe it is possible to use industry-standard plain -tcp syslog with it. Often you can even combine it with stunnel, which then, too, -enables a secure delivery to the first rsyslog relay. If all of that is not -possible, you can (and often must...) resort to UDP. Even though this is now -lossy and insecure, this is better than not having the ability to listen to that -device at all. It may even be reasonale secure if the uncapable sender and the -first rsyslog relay communicate via a private channel, e.g. a dedicated network -link.</p> -<p>One final word of caution: transport-tls protects the connection between the -sender and the receiver. It does not necessarily protect against attacks that -are present in the message itself. Especially in a relay environment, the -message may have been originated from a malicious system, which placed invalid -hostnames and/or other content into it. If there is no provisioning against such -things, these records may show up in the receivers' repository. -transport-tls -does not protect against this (but it may help, properly used). Keep in mind -that syslog-transport-tls provides hop-by-hop security. It does not provide -end-to-end security and it does not authenticate the message itself (just the -last sender).</p> -<h3>A very quick Intro</h3> -<p>If you'd like to get all information very rapidly, the graphic below contains -everything you need to know (from the certificate perspective) in a very condensed -manner. It is no surprise if the graphic puzzles you. In this case, <a href="tls_cert_scenario.html">simply read on</a> -for full instructions. -<p> -<img align="center" alt="TLS/SSL protected syslog" src="tls_cert.jpg"> -<h3>Feedback requested</h3> -<p>I would appreciate feedback on this tutorial. If you have -additional ideas, comments or find bugs (I *do* bugs - no way... ;)), -please -<a href="mailto:rgerhards@adiscon.com">let me know</a>.</p> -<h2>Revision History</h2> -<ul> -<li>2008-06-06 * <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> * Initial Version created</li> -<li>2008-06-18 * <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> * Greatly enhanced and modularized the doc</li> -</ul> -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/rsyslog_tls.html b/doc/rsyslog_tls.html index 286660d..de03db0 100644 --- a/doc/rsyslog_tls.html +++ b/doc/rsyslog_tls.html @@ -23,7 +23,7 @@ have found the right spot.</p> <p>This is a quick guide. There is a more elaborate guide currently under construction which provides a much more secure environment. It is highly recommended to -<a href="rsyslog_secure_tls.html">at least have a look at it</a>. +<a href="http://www.rsyslog.com/doc/rsyslog_secure_tls.html">at least have a look at it</a>. <h2>Background</h2> <p><b>Traditional syslog is a clear-text protocol. That means anyone with a sniffer can have a peek at your data.</b> In diff --git a/doc/sigprov_gt.html b/doc/sigprov_gt.html index caeee11..5ffd26d 100644 --- a/doc/sigprov_gt.html +++ b/doc/sigprov_gt.html @@ -64,6 +64,12 @@ sig.keepRecordHashes requries). Note that both Tree and Record hashes can be kept inside the signature file. </li> </ul> +<p><b>See Also</b> +<ul> +<li><a href="http://www.rsyslog.com/how-to-sign-log-messages-through-signature-provider-guardtime/">How +to sign log messages through signature provider Guardtime</a></li> +</ul> +</p> <b>Caveats/Known Bugs:</b> <ul> <li>currently none known diff --git a/doc/tls_cert_ca.html b/doc/tls_cert_ca.html deleted file mode 100644 index 2cae404..0000000 --- a/doc/tls_cert_ca.html +++ /dev/null @@ -1,168 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: scenario</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-06-17)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Setting up the CA</h3> -<p>The first step is to set up a certificate authority (CA). It must be -maintained by a trustworthy person (or group) and approves the indentities of -all machines. It does so by issuing their certificates. In a small setup, the -administrator can provide the CA function. What is important is the the CA's -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -private key is well-protocted and machine certificates are only issued if it is -know they are valid (in a single-admin case that means the admin should not -issue certificates to anyone else except himself).</p> -<p>The CA creates a so-called self-signed certificate. That is, it approves its -own authenticy. This sounds useless, but the key point to understand is that -every machine will be provided a copy of the CA's certificate. Accepting this -certificate is a matter of trust. So by configuring the CA certificate, the -administrator tells <a href="http://www.rsyslog.com">rsyslog</a> which certificates to trust. This is the root of all -trust under this model. That is why the CA's private key is so important - -everyone getting hold of it is trusted by our rsyslog instances.</p> -<center><img src="tls_cert_ca.jpg"></center> -<p>To create a self-signed certificate, use the following commands with GnuTLS (which -is currently the only supported TLS library, what may change in the future). -Please note that GnuTLS' tools are not installed by default on many platforms. Also, -the tools do not necessarily come with the GnuTLS core package. If you do not -have certtool on your system, check if there is package for the GnuTLS tools available -(under Fedora, for example, this is named gnutls-utils-<version> and -it is NOT installed by default). </p> -<ol> -<li>generate the private key: -<pre>certtool --generate-privkey --outfile ca-key.pem</pre> -<br> -This takes a short while. Be sure to do some work on your workstation, -it waits for radom input. Switching between windows is sufficient ;) -</li> -<li>now create the (self-signed) CA certificate itself:<br> -<pre>certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem</pre> -This generates the CA certificate. This command queries you for a -number of things. Use appropriate responses. When it comes to -certificate validity, keep in mind that you need to recreate all -certificates when this one expires. So it may be a good idea to use a -long period, eg. 3650 days (roughly 10 years). You need to specify that -the certificates belongs to an authority. The certificate is used to -sign other certificates.<br> -</li> -</ol> -<h3>Sample Screen Session</h3> -<p>Text in red is user input. Please note that for some questions, there is no -user input given. This means the default was accepted by simply pressing the -enter key. -<code><pre> -[root@rgf9dev sample]# <font color="red">certtool --generate-privkey --outfile ca-key.pem --bits 2048</font> -Generating a 2048 bit RSA private key... -[root@rgf9dev sample]# <font color="red">certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem</font> -Generating a self signed certificate... -Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. -Country name (2 chars): <font color="red">US</font> -Organization name: <font color="red">SomeOrg</font> -Organizational unit name: <font color="red">SomeOU</font> -Locality name: <font color="red">Somewhere</font> -State or province name: <font color="red">CA</font> -Common name: <font color="red">someName (not necessarily DNS!)</font> -UID: -This field should not be used in new certificates. -E-mail: -Enter the certificate's serial number (decimal): - - -Activation/Expiration time. -The certificate will expire in (days): <font color="red">3650</font> - - -Extensions. -Does the certificate belong to an authority? (Y/N): <font color="red">y</font> -Path length constraint (decimal, -1 for no constraint): -Is this a TLS web client certificate? (Y/N): -Is this also a TLS web server certificate? (Y/N): -Enter the e-mail of the subject of the certificate: <font color="red">someone@example.net</font> -Will the certificate be used to sign other certificates? (Y/N): <font color="red">y</font> -Will the certificate be used to sign CRLs? (Y/N): -Will the certificate be used to sign code? (Y/N): -Will the certificate be used to sign OCSP requests? (Y/N): -Will the certificate be used for time stamping? (Y/N): -Enter the URI of the CRL distribution point: -X.509 Certificate Information: - Version: 3 - Serial Number (hex): 485a365e - Validity: - Not Before: Thu Jun 19 10:35:12 UTC 2008 - Not After: Sun Jun 17 10:35:25 UTC 2018 - Subject: C=US,O=SomeOrg,OU=SomeOU,L=Somewhere,ST=CA,CN=someName (not necessarily DNS!) - Subject Public Key Algorithm: RSA - Modulus (bits 2048): - d9:9c:82:46:24:7f:34:8f:60:cf:05:77:71:82:61:66 - 05:13:28:06:7a:70:41:bf:32:85:12:5c:25:a7:1a:5a - 28:11:02:1a:78:c1:da:34:ee:b4:7e:12:9b:81:24:70 - ff:e4:89:88:ca:05:30:0a:3f:d7:58:0b:38:24:a9:b7 - 2e:a2:b6:8a:1d:60:53:2f:ec:e9:38:36:3b:9b:77:93 - 5d:64:76:31:07:30:a5:31:0c:e2:ec:e3:8d:5d:13:01 - 11:3d:0b:5e:3c:4a:32:d8:f3:b3:56:22:32:cb:de:7d - 64:9a:2b:91:d9:f0:0b:82:c1:29:d4:15:2c:41:0b:97 - Exponent: - 01:00:01 - Extensions: - Basic Constraints (critical): - Certificate Authority (CA): TRUE - Subject Alternative Name (not critical): - RFC822name: someone@example.net - Key Usage (critical): - Certificate signing. - Subject Key Identifier (not critical): - fbfe968d10a73ae5b70d7b434886c8f872997b89 -Other Information: - Public Key Id: - fbfe968d10a73ae5b70d7b434886c8f872997b89 - -Is the above information ok? (Y/N): <font color="red">y</font> - - -Signing certificate... -[root@rgf9dev sample]# <font color="red">chmod 400 ca-key.pem</font> -[root@rgf9dev sample]# <font color="red">ls -l</font> -total 8 --r-------- 1 root root 887 2008-06-19 12:33 ca-key.pem --rw-r--r-- 1 root root 1029 2008-06-19 12:36 ca.pem -[root@rgf9dev sample]# -</pre></code> -<p><font color="red"><b>Be sure to safeguard ca-key.pem!</b> Nobody except the CA itself -needs to have it. If some third party obtains it, you security is broken!</font> -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_client.html b/doc/tls_cert_client.html deleted file mode 100644 index dbe7961..0000000 --- a/doc/tls_cert_client.html +++ /dev/null @@ -1,91 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: client setup</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-07-03)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Setting up a client</h3> -<p>In this step, we configure a client machine. We from our scenario, we use -zuse.example.net. You need to do the same steps for all other clients, too (in the -example, that meanst turng.example.net). The client check's the server's identity and -talks to it only if it is the expected server. This is a very important step. -Without it, you would not detect man-in-the-middle attacks or simple malicious servers -who try to get hold of your valuable log data. -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -<p><center><img src="tls_cert_100.jpg"></center> -<p>Steps to do: -<ul> -<li>make sure you have a functional CA (<a href="tls_cert_ca.html">Setting up the CA</a>) -<li>generate a machine certificate for zuse.example.net (follow instructions in - <a href="tls_cert_machine.html">Generating Machine Certificates</a>) -<li>make sure you copy over ca.pem, machine-key.pem ad machine-cert.pem to the client. -Ensure that no user except root can access them (<b>even read permissions are really bad</b>). -<li>configure the client so that it checks the server identity and sends messages only -if the server identity is known. Please note that you have the same options as when -configuring a server. However, we now use a single name only, because there is only one -central server. No using wildcards make sure that we will exclusively talk to that server -(otherwise, a compromised client may take over its role). If you load-balance to different -server identies, you obviously need to allow all of them. It still is suggested to use -explcit names. -</ul> -<p><b>At this point, please be reminded once again that your security needs may be quite different from -what we assume in this tutorial. Evaluate your options based on your security needs.</b> -<h3>Sample syslog.conf</h3> -<p>Keep in mind that this rsyslog.conf sends messages via TCP, only. Also, we do not -show any rules to write local files. Feel free to add them. -<code><pre> -# make gtls driver the default -$DefaultNetstreamDriver gtls - -# certificate files -$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem -$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem -$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem - -$ActionSendStreamDriverAuthMode x509/name -$ActionSendStreamDriverPermittedPeer central.example.net -$ActionSendStreamDriverMode 1 # run driver in TLS-only mode -*.* @@central.example.net:10514 # forward everything to remote server -</pre></code> -<p>Note: the example above forwards every message to the remote server. Of course, -you can use the normal filters to restrict the set of information that is sent. -Depending on your message volume and needs, this may be a smart thing to do. -<p><font color="red"><b>Be sure to safeguard at least the private key (machine-key.pem)!</b> -If some third party obtains it, you security is broken!</font> -<h2>Copyright</h2> -<p>Copyright © 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_machine.html b/doc/tls_cert_machine.html deleted file mode 100644 index 095e15c..0000000 --- a/doc/tls_cert_machine.html +++ /dev/null @@ -1,182 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: generating the machine certificate</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-06-18)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>generating the machine certificate</h3> -<p>In this step, we generate certificates for each of the machines. Please note -that both clients and servers need certificates. The certificate identifies each -machine to the remote peer. The DNSName specified inside the certificate can -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -be specified inside the $<object>PermittedPeer config statements. -<p>For now, we assume that a single person (or group) is responsible for the whole -rsyslog system and thus it is OK if that single person is in posession of all -machine's private keys. This simplification permits us to use a somewhat less -complicated way of generating the machine certificates. So, we generate both the private -and public key on the CA (which is NOT a server!) and then copy them over to the -respective machines. -<p>If the roles of machine and CA administrators are split, the private key must -be generated by the machine administrator. This is done via a certificate request. -This request is then sent to the CA admin, which in turn generates the certificate -(containing the public key). The CA admin then sends back the certificate to the -machine admin, who installs it. That way, the CA admin never get's hold of the -machine's private key. Instructions for this mode will be given in a later revision -of this document. -<p><b>In any case, it is vital that the machine's private key is protected. Anybody -able to obtain that private key can imporsonate as the machine to which it belongs, thus -breaching your security.</b> -<h3>Sample Screen Session</h3> -<p>Text in red is user input. Please note that for some questions, there is no -user input given. This means the default was accepted by simply pressing the -enter key. -<p><b>Please note:</b> you need to substitute the names specified below with values -that match your environment. Most importantly, machine.example.net must be replaced -by the actual name of the machine that will be using this certificate. For example, -if you generate a certificate for a machine named "server.example.com", you need -to use that name. If you generate a certificate for "client.example.com", you need -to use this name. Make sure that each machine certificate has a unique name. If not, -you can not apply proper access control. -<code><pre> -[root@rgf9dev sample]# <font color="red">certtool --generate-privkey --outfile key.pem --bits 2048</font> -Generating a 2048 bit RSA private key... -[root@rgf9dev sample]# <font color="red">certtool --generate-request --load-privkey key.pem --outfile request.pem</font> -Generating a PKCS #10 certificate request... -Country name (2 chars): <font color="red">US</font> -Organization name: <font color="red">SomeOrg</font> -Organizational unit name: <font color="red">SomeOU</font> -Locality name: <font color="red">Somewhere</font> -State or province name: <font color="red">CA</font> -Common name: <font color="red">machine.example.net</font> -UID: -Enter a dnsName of the subject of the certificate: -Enter the IP address of the subject of the certificate: -Enter the e-mail of the subject of the certificate: -Enter a challange password: -Does the certificate belong to an authority? (y/N): <font color="red">n</font> -Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): -Will the certificate be used for encryption (RSA ciphersuites)? (y/N): -Is this a TLS web client certificate? (y/N): <font color="red">y</font> -Is this also a TLS web server certificate? (y/N): <font color="red">y</font> -[root@rgf9dev sample]# <font color="red">certtool --generate-certificate --load-request request.pem --outfile cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem</font> -Generating a signed certificate... -Enter the certificate's serial number (decimal): - - -Activation/Expiration time. -The certificate will expire in (days): 1000 - - -Extensions. -Do you want to honour the extensions from the request? (y/N): -Does the certificate belong to an authority? (Y/N): <font color="red">n</font> -Is this a TLS web client certificate? (Y/N): <font color="red">y</font> -Is this also a TLS web server certificate? (Y/N): <font color="red">y</font> -Enter the dnsName of the subject of the certificate: <font color="red">machine.example.net</font> <i>{This is the name of the machine that will use the certificate}</i> -Enter the IP address of the subject of certificate: -Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/N): -Will the certificate be used for encryption (RSA ciphersuites)? (Y/N): -X.509 Certificate Information: - Version: 3 - Serial Number (hex): 485a3819 - Validity: - Not Before: Thu Jun 19 10:42:54 UTC 2008 - Not After: Wed Mar 16 10:42:57 UTC 2011 - Subject: C=US,O=SomeOrg,OU=SomeOU,L=Somewhere,ST=CA,CN=machine.example.net - Subject Public Key Algorithm: RSA - Modulus (bits 2048): - b2:4e:5b:a9:48:1e:ff:2e:73:a1:33:ee:d8:a2:af:ae - 2f:23:76:91:b8:39:94:00:23:f2:6f:25:ad:c9:6a:ab - 2d:e6:f3:62:d8:3e:6e:8a:d6:1e:3f:72:e5:d8:b9:e0 - d0:79:c2:94:21:65:0b:10:53:66:b0:36:a6:a7:cd:46 - 1e:2c:6a:9b:79:c6:ee:c6:e2:ed:b0:a9:59:e2:49:da - c7:e3:f0:1c:e0:53:98:87:0d:d5:28:db:a4:82:36:ed - 3a:1e:d1:5c:07:13:95:5d:b3:28:05:17:2a:2b:b6:8e - 8e:78:d2:cf:ac:87:13:15:fc:17:43:6b:15:c3:7d:b9 - Exponent: - 01:00:01 - Extensions: - Basic Constraints (critical): - Certificate Authority (CA): FALSE - Key Purpose (not critical): - TLS WWW Client. - TLS WWW Server. - Subject Alternative Name (not critical): - DNSname: machine.example.net - Subject Key Identifier (not critical): - 0ce1c3dbd19d31fa035b07afe2e0ef22d90b28ac - Authority Key Identifier (not critical): - fbfe968d10a73ae5b70d7b434886c8f872997b89 -Other Information: - Public Key Id: - 0ce1c3dbd19d31fa035b07afe2e0ef22d90b28ac - -Is the above information ok? (Y/N): <font color="red">y</font> - - -Signing certificate... -[root@rgf9dev sample]# <font color="red">rm -f request.pem</font> -[root@rgf9dev sample]# <font color="red">ls -l</font> -total 16 --r-------- 1 root root 887 2008-06-19 12:33 ca-key.pem --rw-r--r-- 1 root root 1029 2008-06-19 12:36 ca.pem --rw-r--r-- 1 root root 1074 2008-06-19 12:43 cert.pem --rw-r--r-- 1 root root 887 2008-06-19 12:40 key.pem -[root@rgf9dev sample]# # it may be a good idea to rename the files to indicate where they belong to -[root@rgf9dev sample]# <font color="red">mv cert.pem machine-cert.pem</font> -[root@rgf9dev sample]# <font color="red">mv key.pem machine-key.pem</font> -[root@rgf9dev sample]# -</pre></code> -<h3>Distributing Files</h3> -<p>Provide the machine with: -<ul> -<li>a copy of ca.pem -<li>cert.pem -<li>key.pem -</ul> -<p>This is how the relevant part of rsyslog.conf looks on the target machine: -<p> -<code><pre> -$DefaultNetstreamDriverCAFile /home/rger/proj/rsyslog/sample/ca.pem -$DefaultNetstreamDriverCertFile /home/rger/proj/rsyslog/sample/machine-cert.pem -$DefaultNetstreamDriverKeyFile /home/rger/proj/rsyslog/sample/machine-key.pem -</pre></code> -<p><b><font color="red">Never</font> provide anyone with ca-key.pem!</b> Also, make sure -nobody but the machine in question gets hold of key.pem. -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_scenario.html b/doc/tls_cert_scenario.html deleted file mode 100644 index 7973532..0000000 --- a/doc/tls_cert_scenario.html +++ /dev/null @@ -1,63 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: scenario</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-06-17)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -<li><a href="tls_cert_errmsgs.html">Frequently seen Error Messages</a> -</ul> - -<h3>Sample Scenario</h3> -<p>We have a quite simple scenario. There is one central syslog server, -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -named central.example.net. These server is being reported to by two Linux -machines with name zuse.example.net and turing.example.net. Also, there is a -third client - ada.example.net - which send both its own messages to the central -server but also forwards messages receive from an UDP-only capable router. We -hav decided to use ada.example.net because it is in the same local network -segment as the router and so we enjoy TLS' security benefits for forwarding the -router messages inside the corporate network. All systems (except the router) use -<a href="http://www.rsyslog.com/">rsyslog</a> as the syslog software.</p> -<p><center><img src="tls_cert_100.jpg"></center> -<p>Please note that the CA must not necessarily be connected to the rest of the -network. Actually, it may be considered a security plus if it is not. If the CA -is reachable via the regular network, it should be sufficiently secured (firewal -rules et al). Keep in mind that if the CA's security is breached, your overall -system security is breached. -<p>In case the CA is compromised, you need to regenerate the CA's certificate as well -as all individual machines certificates. -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_server.html b/doc/tls_cert_server.html deleted file mode 100644 index 9c024bc..0000000 --- a/doc/tls_cert_server.html +++ /dev/null @@ -1,127 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: central server setup</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-06-18)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Setting up the Central Server</h3> -<p>In this step, we configure the central server. We assume it accepts messages only -via TLS protected plain tcp based syslog from those peers that are explicitely permitted -to send to it. The picture below show our configuration. This step configures -the server central.example.net. -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -<p><center><img src="tls_cert_100.jpg"></center> -<p><i><font color="red"><b>Important:</b> Keep in mind that the order of configuration directives -is very important in rsyslog. As such, the samples given below do only work if the given -order is preserved.</font> Re-ordering the directives can break configurations and has broken them -in practice. If you intend to re-order them, please be sure that you fully understand how -the configuration language works and, most importantly, which statements form a block together. -Please also note that we understand the the current configuration file format is -ugly. However, there has been more important work in the way of enhancing it. If you would like -to contribute some time to improve the config file language, please let us know. Any help -is appreciated (be it doc or coding work!).</i> -<p>Steps to do: -<ul> -<li>make sure you have a functional CA (<a href="tls_cert_ca.html">Setting up the CA</a>) -<li>generate a machine certificate for central.example.net (follow instructions in - <a href="tls_cert_machine.html">Generating Machine Certificates</a>) -<li>make sure you copy over ca.pem, machine-key.pem ad machine-cert.pem to the central server. -Ensure that no user except root can access them (<b>even read permissions are really bad</b>). -<li>configure the server so that it accepts messages from all machines in the -example.net domain that have certificates from your CA. Alternatively, you may also -precisely define from which machine names messages are accepted. See sample rsyslog.conf -below. -</ul> -In this setup, we use wildcards to ease adding new systems. We permit the server to accept -messages from systems whos names match *.example.net. -<pre><code> -$InputTCPServerStreamDriverPermittedPeer *.example.net -</code></pre> -This will match zuse.example.net and -turing.example.net, but NOT pascal.otherdepartment.example.net. If the later would be desired, -you can (and need) to include additional permitted peer config statments: -<pre><code> -$InputTCPServerStreamDriverPermittedPeer *.example.net -$InputTCPServerStreamDriverPermittedPeer *.otherdepartment.example.net -$InputTCPServerStreamDriverPermittedPeer *.example.com -</code></pre> -<p>As can be seen with example.com, the different permitted peers need NOT to be in a single -domain tree. Also, individual machines can be configured. For example, if only zuse, turing -and ada should be able to talk to the server, you can achive this by: -<pre><code> -$InputTCPServerStreamDriverPermittedPeer zuse.example.net -$InputTCPServerStreamDriverPermittedPeer turing.example.net -$InputTCPServerStreamDriverPermittedPeer ada.example.net -</code></pre> -<p>As an extension to the (upcoming) IETF syslog/tls standard, you can specify some text -together with a domain component wildcard. So "*server.example.net", "server*.example.net" -are valid permitted peers. However "server*Fix.example.net" is NOT a valid wildcard. The -IETF standard permits no text along the wildcards. -<p>The reason we use wildcards in the default setup is that it makes it easy to add systems -without the need to change the central server's configuration. It is important to understand that -the central server will accept names <b>only</b> (no exception) if the client certificate was -signed by the CA we set up. So if someone tries to create a malicious certificate with -a name "zuse.example.net", the server will <b>not</b> accept it. So a wildcard is safe -as long as you ensure CA security is not breached. Actually, you authorize a client by issuing -the certificate to it. -<p><b>At this point, please be reminded once again that your security needs may be quite different from -what we assume in this tutorial. Evaluate your options based on your security needs.</b> -<h3>Sample syslog.conf</h3> -<p>Keep in mind that this rsyslog.conf accepts messages via TCP, only. The only other -source accepted is messages from the server itself. -<code><pre> -$ModLoad imuxsock # local messages -$ModLoad imtcp # TCP listener - -# make gtls driver the default -$DefaultNetstreamDriver gtls - -# certificate files -$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem -$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem -$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem - -$InputTCPServerStreamDriverAuthMode x509/name -$InputTCPServerStreamDriverPermittedPeer *.example.net -$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode -$InputTCPServerRun 10514 # start up listener at port 10514 -</pre></code> -<p><font color="red"><b>Be sure to safeguard at least the private key (machine-key.pem)!</b> -If some third party obtains it, you security is broken!</font> -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_summary.html b/doc/tls_cert_summary.html deleted file mode 100644 index 8e003bc..0000000 --- a/doc/tls_cert_summary.html +++ /dev/null @@ -1,66 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: Summary</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-07-03)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Summary</h3> -<p>If you followed the steps outlined in this documentation set, you now have -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -a reasonable (for most needs) secure setup for the following environment: -<center><img src="tls_cert_100.jpg"></center> -<p>You have learned about the security decisions involved and which we -made in this example. <b>Be once again reminded that you must make sure yourself -that whatever you do matches your security needs!</b> There is no guarantee that -what we generally find useful actually is. It may even be totally unsuitable for -your environment. -<p>In the example, we created a rsyslog certificate authority (CA). Guard the CA's -files. You need them whenever you need to create a new machine certificate. We also saw how -to generate the machine certificates themselfs and distribute them to the individual -machines. Also, you have found some configuration samples for a sever, a client and -a syslog relay. Hopefully, this will enable you to set up a similar system in many -environments. -<p>Please be warned that you defined some expiration dates for the certificates. -After they are reached, the certificates are no longer valid and rsyslog will NOT -accept them. At that point, syslog messages will no longer be transmitted (and rsyslogd -will heavily begin to complain). So it is a good idea to make sure that you renew the -certificates before they expire. Recording a reminder somewhere is probably a good -idea. -<p>If you have any more questions, please visit the <a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog forum</a> and simply ask ;) -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/tls_cert_udp_relay.html b/doc/tls_cert_udp_relay.html deleted file mode 100644 index f4740ce..0000000 --- a/doc/tls_cert_udp_relay.html +++ /dev/null @@ -1,105 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: UDP relay setup</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-07-03)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Setting up the UDP syslog relay</h3> -<p>In this step, we configure the UDP relay ada.example.net. -As a reminder, that machine relays messages from a local router, which only -supports UDP syslog, to the central syslog server. The router does not talk -directly to it, because we would like to have TLS protection for its sensitve -logs. If the router and the syslog relay are on a sufficiently secure private -network, this setup can be considered reasonable secure. In any case, it is the -best alternative among the possible configuration scenarios. -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -<p><center><img src="tls_cert_100.jpg"></center> -<p>Steps to do: -<ul> -<li>make sure you have a functional CA (<a href="tls_cert_ca.html">Setting up the CA</a>) -<li>generate a machine certificate for ada.example.net (follow instructions in - <a href="tls_cert_machine.html">Generating Machine Certificates</a>) -<li>make sure you copy over ca.pem, machine-key.pem ad machine-cert.pem to the client. -Ensure that no user except root can access them (<b>even read permissions are really bad</b>). -<li>configure the client so that it checks the server identity and sends messages only -if the server identity is known. -</ul> -<p>These were essentially the same steps as for any -<a href="tls_cert_client.html">TLS syslog client</a>. We now need to add the -capability to forward the router logs: -<ul> -<li>make sure that the firewall rules permit message recpetion on UDP port 514 (if you use -a non-standard port for UDP syslog, make sure that port number is permitted). -<li>you may want to limit who can send syslog messages via UDP. A great place to do this -is inside the firewall, but you can also do it in rsyslog.conf via an $AllowedSender -directive. We have used one in the sample config below. Please be aware that this is -a kind of weak authentication, but definitely better than nothing... -<li>add the UDP input plugin to rsyslog's config and start a UDP listener -<li>make sure that your forwarding-filter permits to forward messages received -from the remote router to the server. In our sample scenario, we do not need to -add anything special, because all messages are forwarded. This includes messages -received from remote hosts. -</ul> -<p><b>At this point, please be reminded once again that your security needs may be quite different from -what we assume in this tutorial. Evaluate your options based on your security needs.</b> -<h3>Sample syslog.conf</h3> -<p>Keep in mind that this rsyslog.conf sends messages via TCP, only. Also, we do not -show any rules to write local files. Feel free to add them. -<code><pre> -# start a UDP listener for the remote router -$ModLoad imudp # load UDP server plugin -$AllowedSender UDP, 192.0.2.1 # permit only the router -$UDPServerRun 514 # listen on default syslog UDP port 514 - -# make gtls driver the default -$DefaultNetstreamDriver gtls - -# certificate files -$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem -$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem -$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem - -$ActionSendStreamDriverAuthMode x509/name -$ActionSendStreamDriverPermittedPeer central.example.net -$ActionSendStreamDriverMode 1 # run driver in TLS-only mode -*.* @@central.example.net:10514 # forward everything to remote server -</pre></code> -<p><font color="red"><b>Be sure to safeguard at least the private key (machine-key.pem)!</b> -If some third party obtains it, you security is broken!</font> -<h2>Copyright</h2> -<p>Copyright © 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> diff --git a/doc/troubleshoot.html b/doc/troubleshoot.html index 0f0c7fc..a0303a2 100644 --- a/doc/troubleshoot.html +++ b/doc/troubleshoot.html @@ -88,15 +88,19 @@ passwords or other sensitive data. If it does, you can change it to some <b>cons meaningless value. <b>Do not delete the lines</b>, as this renders the debug log unusable (and makes Rainer quite angry for wasted time, aka significantly reduces the chance he will remain motivated to look at your problem ;)). For the same reason, make sure -whatever you change is change consistently. Really! -<p>Debug log file can get quite large. Before submitting them, it is a good idea to zip them. -Rainer has handled files of around 1 to 2 GB. If your's is larger ask before submitting. Often, -it is sufficient to submit the first 2,000 lines of the log file and around another 1,000 around -the area where you see a problem. Also, -ask you can submit a file via private mail. Private mail is usually a good way to go for large files -or files with sensitive content. However, do NOT send anything sensitive that you do not want -the outside to be known. While Rainer so far made effort no to leak any sensitive information, -there is no guarantee that doesn't happen. If you need a guarantee, you are probably a +whatever you change is changed consistently. Really! +<p>While most debug log files are moderately large, some can get quite to extremly large. +For those on the larger side, it is a good idea to zip them. If the file is less than +around 100KiB, it's probably not necessary. +<p>A good place to post your debug log is at the +<a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog support forums</a>, together with +your question. This also enables us to keep track of the case. The forums accept attachments in +various common formats, but rejects others for security reasons. The zip, txt, and log extensions +are definitely permitted, so it probably is a good idea to use one of them. For others, please +simply try and revert to another format if the forum doesn't like what you used. +<p> +Please note that all information in your debug file is publically visiable. +If this is not acceptable for you, you are probably a candidate for a <a href="professional_support.html">commercial support contract</a>. Free support comes without any guarantees, include no guarantee on confidentiality [aka "we don't want to be sued for work were are not even paid for ;)]. @@ -156,7 +160,7 @@ need to program or do anything else except get a problem solved ;) [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br> -Copyright © 2008-2010 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +Copyright © 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL version 3 or higher.</font></p> </body> diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index 2b8d600..25d9c9a 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -1259,7 +1259,7 @@ doFunc_re_extract(struct cnffunc *func, struct var *ret, void* usrptr) str = (char*) var2CString(&r[0], &bMustFree); matchnbr = (short) var2Number(&r[2], NULL); submatchnbr = (size_t) var2Number(&r[3], NULL); - if(submatchnbr > sizeof(pmatch)/sizeof(regmatch_t)) { + if(submatchnbr >= sizeof(pmatch)/sizeof(regmatch_t)) { DBGPRINTF("re_extract() submatch %d is too large\n", submatchnbr); bHadNoMatch = 1; goto finalize_it; @@ -1307,15 +1307,19 @@ doFunc_re_extract(struct cnffunc *func, struct var *ret, void* usrptr) iLenBuf); } +finalize_it: if(bMustFree) free(str); if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr); if(r[2].datatype == 'S') es_deleteStr(r[2].d.estr); if(r[3].datatype == 'S') es_deleteStr(r[3].d.estr); -finalize_it: + if(bHadNoMatch) { cnfexprEval(func->expr[4], &r[4], usrptr); estr = var2String(&r[4], &bMustFree); - if(r[4].datatype == 'S') es_deleteStr(r[4].d.estr); + /* Note that we do NOT free the string that was returned/created + * for r[4]. We pass it to the caller, which in turn frees it. + * This saves us doing one unnecessary memory alloc & write. + */ } ret->datatype = 'S'; ret->d.estr = estr; @@ -1355,6 +1359,7 @@ doFuncCall(struct cnffunc *func, struct var *ret, void* usrptr) estr = var2String(&r[0], &bMustFree); ret->d.n = es_strlen(estr); if(bMustFree) es_deleteStr(estr); + if(r[0].datatype == 'S') es_deleteStr(r[0].d.estr); } ret->datatype = 'N'; break; @@ -2274,7 +2279,8 @@ cnfstmtPrintOnly(struct cnfstmt *stmt, int indent, sbool subtree) break; case S_CALL: cstr = es_str2cstr(stmt->d.s_call.name, NULL); - doIndent(indent); dbgprintf("CALL [%s]\n", cstr); + doIndent(indent); dbgprintf("CALL [%s, queue:%d]\n", cstr, + stmt->d.s_call.ruleset == NULL ? 0 : 1); free(cstr); break; case S_ACT: @@ -2567,14 +2573,15 @@ struct cnfstmt * cnfstmtNewPROPFILT(char *propfilt, struct cnfstmt *t_then) { struct cnfstmt* cnfstmt; - rsRetVal lRet; if((cnfstmt = cnfstmtNew(S_PROPFILT)) != NULL) { cnfstmt->printable = (uchar*)propfilt; cnfstmt->d.s_propfilt.t_then = t_then; cnfstmt->d.s_propfilt.propName = NULL; cnfstmt->d.s_propfilt.regex_cache = NULL; cnfstmt->d.s_propfilt.pCSCompValue = NULL; - lRet = DecodePropFilter((uchar*)propfilt, cnfstmt); + if(DecodePropFilter((uchar*)propfilt, cnfstmt) != RS_RET_OK) { + cnfstmt->nodetype = S_NOP; /* disable action! */ + } } return cnfstmt; } @@ -2730,6 +2737,9 @@ cnfexprOptimize_CMP_severity_facility(struct cnfexpr *expr) { struct cnffunc *func; + if(expr->l->nodetype != 'V') + FINALIZE; + if(!strcmp("$syslogseverity", ((struct cnfvar*)expr->l)->name)) { if(expr->r->nodetype == 'N') { int sev = (int) ((struct cnfnumval*)expr->r)->val; @@ -2759,6 +2769,7 @@ cnfexprOptimize_CMP_severity_facility(struct cnfexpr *expr) } } } +finalize_it: return expr; } @@ -2779,7 +2790,7 @@ cnfexprOptimize_CMP_var(struct cnfexpr *expr) parser_errmsg("invalid facility '%s', expression will always " "evaluate to FALSE", cstr); } else { - /* we can acutally optimize! */ + /* we can actually optimize! */ DBGPRINTF("optimizer: change comparison OP to FUNC prifilt()\n"); func = cnffuncNew_prifilt(fac); if(expr->nodetype == CMP_NE) @@ -2858,7 +2869,7 @@ cnfexprOptimize_AND_OR(struct cnfexpr *expr) static inline void cnfexprOptimize_CMPEQ_arr(struct cnfarray *arr) { - DBGPRINTF("optimizer: sorting array for CMP_EQ/NEQ comparison\n"); + DBGPRINTF("optimizer: sorting array of %d members for CMP_EQ/NEQ comparison\n", arr->nmemb); qsort(arr->arr, arr->nmemb, sizeof(es_str_t*), qs_arrcmp); } @@ -2920,10 +2931,14 @@ cnfexprOptimize(struct cnfexpr *expr) expr->r = exprswap; } } + if(expr->r->nodetype == 'A') { + cnfexprOptimize_CMPEQ_arr((struct cnfarray *)expr->r); + } + /* This should be evaluated last because it may change expr + * to a function. + */ if(expr->l->nodetype == 'V') { expr = cnfexprOptimize_CMP_var(expr); - } else if(expr->r->nodetype == 'A') { - cnfexprOptimize_CMPEQ_arr((struct cnfarray *)expr->r); } break; case CMP_LE: @@ -3100,8 +3115,14 @@ cnfstmtOptimizeCall(struct cnfstmt *stmt) stmt->nodetype = S_NOP; goto done; } - DBGPRINTF("CALL obtained ruleset ptr %p for ruleset %s\n", pRuleset, rsName); - stmt->d.s_call.stmt = pRuleset->root; + DBGPRINTF("CALL obtained ruleset ptr %p for ruleset %s [hasQueue:%d]\n", + pRuleset, rsName, rulesetHasQueue(pRuleset)); + if(rulesetHasQueue(pRuleset)) { + stmt->d.s_call.ruleset = pRuleset; + } else { + stmt->d.s_call.ruleset = NULL; + stmt->d.s_call.stmt = pRuleset->root; + } done: free(rsName); return; diff --git a/grammar/rainerscript.h b/grammar/rainerscript.h index d00cc4c..0657330 100644 --- a/grammar/rainerscript.h +++ b/grammar/rainerscript.h @@ -5,6 +5,7 @@ #include <typedefs.h> #include <sys/types.h> #include <regex.h> +#include "typedefs.h" #define LOG_NFACILITIES 24 /* current number of syslog facilities */ @@ -164,6 +165,7 @@ struct cnfstmt { struct { es_str_t *name; struct cnfstmt *stmt; + ruleset_t *ruleset; /* non-NULL if the ruleset has a queue assigned */ } s_call; struct { uchar pmask[LOG_NFACILITIES+1]; /* priority mask */ diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 45882fb..9c824c1 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -473,7 +473,7 @@ CODESTARTnewInpInst } else if(!strcmp(inppblk.descr[i].name, "severity")) { inst->iSeverity = pvals[i].val.d.n; } else if(!strcmp(inppblk.descr[i].name, "facility")) { - inst->iSeverity = pvals[i].val.d.n; + inst->iFacility = pvals[i].val.d.n; } else if(!strcmp(inppblk.descr[i].name, "readmode")) { inst->readMode = pvals[i].val.d.n; } else if(!strcmp(inppblk.descr[i].name, "maxlinesatonce")) { @@ -832,8 +832,8 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus cs.pszFileName = NULL; free(cs.pszFileTag); cs.pszFileTag = NULL; - free(cs.pszFileTag); - cs.pszFileTag = NULL; + free(cs.pszStateFile); + cs.pszStateFile = NULL; /* set defaults... */ cs.iPollInterval = DFLT_PollInterval; diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c index 36c7e04..36c7e04 100755..100644 --- a/plugins/imjournal/imjournal.c +++ b/plugins/imjournal/imjournal.c diff --git a/plugins/immark/immark.c b/plugins/immark/immark.c index 0e946c0..ec38f4c 100644 --- a/plugins/immark/immark.c +++ b/plugins/immark/immark.c @@ -193,7 +193,7 @@ CODESTARTrunInput break; /* terminate input! */ dbgprintf("immark: injecting mark message\n"); - logmsgInternal(NO_ERRCODE, LOG_INFO, (uchar*)"-- MARK --", MARK); + logmsgInternal(NO_ERRCODE, LOG_SYSLOG|LOG_INFO, (uchar*)"-- MARK --", MARK); } ENDrunInput diff --git a/plugins/impstats/impstats.c b/plugins/impstats/impstats.c index 79749e2..4737844 100644 --- a/plugins/impstats/impstats.c +++ b/plugins/impstats/impstats.c @@ -135,9 +135,9 @@ static inline void doSubmitMsg(uchar *line) { msg_t *pMsg; - DEFiRet; - CHKiRet(msgConstruct(&pMsg)); + if(msgConstruct(&pMsg) != RS_RET_OK) + goto finalize_it; MsgSetInputName(pMsg, pInputName); MsgSetRawMsgWOSize(pMsg, (char*)line); MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c index 906521d..45562a4 100644 --- a/plugins/imptcp/imptcp.c +++ b/plugins/imptcp/imptcp.c @@ -727,13 +727,13 @@ processDataRcvd(ptcpsess_t *pThis, char c, struct syslogTime *stTime, time_t ttG DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); if(c != ' ') { errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "delimiter is not SP but has ASCII value %d.\n", c); + "delimiter is not SP but has ASCII value %d.", c); } if(pThis->iOctetsRemain < 1) { /* TODO: handle the case where the octet count is 0! */ DBGPRINTF("Framing Error: invalid octet count\n"); errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "invalid octet count %d.\n", pThis->iOctetsRemain); + "invalid octet count %d.", pThis->iOctetsRemain); } else if(pThis->iOctetsRemain > iMaxLine) { /* while we can not do anything against it, we can at least log an indication * that something went wrong) -- rgerhards, 2008-03-14 @@ -741,7 +741,7 @@ processDataRcvd(ptcpsess_t *pThis, char c, struct syslogTime *stTime, time_t ttG DBGPRINTF("truncating message with %d octets - max msg size is %d\n", pThis->iOctetsRemain, iMaxLine); errmsg.LogError(0, NO_ERRCODE, "received oversize message: size is %d bytes, " - "max msg size is %d, truncating...\n", pThis->iOctetsRemain, iMaxLine); + "max msg size is %d, truncating...", pThis->iOctetsRemain, iMaxLine); } pThis->inputState = eInMsg; } @@ -1288,7 +1288,7 @@ sessActivity(ptcpsess_t *pSess) uchar *peerName; int lenPeer; prop.GetString(pSess->peerName, &peerName, &lenPeer); - errmsg.LogError(0, RS_RET_PEER_CLOSED_CONN, "imptcp session %d closed by remote peer %s.\n", + errmsg.LogError(0, RS_RET_PEER_CLOSED_CONN, "imptcp session %d closed by remote peer %s.", pSess->sock, peerName); } CHKiRet(closeSess(pSess)); diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c index d2a0e56..e10a8ba 100644 --- a/plugins/imtcp/imtcp.c +++ b/plugins/imtcp/imtcp.c @@ -408,7 +408,7 @@ CODESTARTbeginCnfLoad loadModConf->iTCPLstnMax = 20; loadModConf->bSuppOctetFram = 1; loadModConf->iStrmDrvrMode = 0; - loadModConf->bUseFlowControl = 0; + loadModConf->bUseFlowControl = 1; loadModConf->bKeepAlive = 0; loadModConf->bEmitMsgOnClose = 0; loadModConf->iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; @@ -631,7 +631,7 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus cs.iTCPLstnMax = 20; cs.bSuppOctetFram = 1; cs.iStrmDrvrMode = 0; - cs.bUseFlowControl = 0; + cs.bUseFlowControl = 1; cs.bKeepAlive = 0; cs.bEmitMsgOnClose = 0; cs.iAddtlFrameDelim = TCPSRV_NO_ADDTL_DELIMITER; diff --git a/plugins/imttcp/imttcp.c b/plugins/imttcp/imttcp.c index 9bd11f7..4bd44dd 100644 --- a/plugins/imttcp/imttcp.c +++ b/plugins/imttcp/imttcp.c @@ -589,13 +589,13 @@ processDataRcvd(ttcpsess_t *pThis, char c, struct syslogTime *stTime, time_t ttG DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); if(c != ' ') { errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "delimiter is not SP but has ASCII value %d.\n", c); + "delimiter is not SP but has ASCII value %d.", c); } if(pThis->iOctetsRemain < 1) { /* TODO: handle the case where the octet count is 0! */ DBGPRINTF("Framing Error: invalid octet count\n"); errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "invalid octet count %d.\n", pThis->iOctetsRemain); + "invalid octet count %d.", pThis->iOctetsRemain); } else if(pThis->iOctetsRemain > iMaxLine) { /* while we can not do anything against it, we can at least log an indication * that something went wrong) -- rgerhards, 2008-03-14 @@ -603,7 +603,7 @@ processDataRcvd(ttcpsess_t *pThis, char c, struct syslogTime *stTime, time_t ttG DBGPRINTF("truncating message with %d octets - max msg size is %d\n", pThis->iOctetsRemain, iMaxLine); errmsg.LogError(0, NO_ERRCODE, "received oversize message: size is %d bytes, " - "max msg size is %d, truncating...\n", pThis->iOctetsRemain, iMaxLine); + "max msg size is %d, truncating...", pThis->iOctetsRemain, iMaxLine); } pThis->inputState = eInMsg; } @@ -953,7 +953,7 @@ sessThrd(void *arg) uchar *peerName; int lenPeer; prop.GetString(pSess->peerName, &peerName, &lenPeer); - errmsg.LogError(0, RS_RET_PEER_CLOSED_CONN, "imttcp session %d closed by remote peer %s.\n", + errmsg.LogError(0, RS_RET_PEER_CLOSED_CONN, "imttcp session %d closed by remote peer %s.", pSess->sock, peerName); } break; diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c index 312645b..a5ba6a2 100644 --- a/plugins/imudp/imudp.c +++ b/plugins/imudp/imudp.c @@ -403,7 +403,7 @@ processSocket(thrdInfo_t *pThrd, struct lstn_s *lstn, struct sockaddr_storage *f *pbIsPermitted = 1; /* no check -> everything permitted */ } - DBGPRINTF("imudp:recv(%d,%d),acl:%d,msg:%s\n", lstn->sock, (int) lenRcvBuf, *pbIsPermitted, pRcvBuf); + DBGPRINTF("imudp:recv(%d,%d),acl:%d,msg:%.128s\n", lstn->sock, (int) lenRcvBuf, *pbIsPermitted, pRcvBuf); if(*pbIsPermitted != 0) { if((runModConf->iTimeRequery == 0) || (iNbrTimeUsed++ % runModConf->iTimeRequery) == 0) { diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index c503852..df504dd 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -159,11 +159,11 @@ static int startIndexUxLocalSockets; /* process fd from that index on (used to static int nfd = 1; /* number of Unix sockets open / read-only after startup */ static int sd_fds = 0; /* number of systemd activated sockets */ -/* config vars for legacy config system */ #define DFLT_bCreatePath 0 #define DFLT_ratelimitInterval 0 #define DFLT_ratelimitBurst 200 #define DFLT_ratelimitSeverity 1 /* do not rate-limit emergency messages */ +/* config vars for the legacy config system */ static struct configSettings_s { int bOmitLocalLogging; uchar *pLogSockName; @@ -188,6 +188,7 @@ static struct configSettings_s { int bParseTrusted; /* parse trusted properties */ } cs; +/* config vars for the v2 config system (rsyslog v6+) */ struct instanceConf_s { uchar *sockName; uchar *pLogHostName; /* host name to use with this socket */ @@ -401,7 +402,7 @@ addListner(instanceConf_t *inst) listeners[nfd].flags = inst->bIgnoreTimestamp ? IGNDATE : NOFLAG; listeners[nfd].bCreatePath = inst->bCreatePath; listeners[nfd].sockName = ustrdup(inst->sockName); - listeners[nfd].bUseCreds = (inst->bDiscardOwnMsgs || inst->bWritePid || inst->ratelimitInterval || inst->bAnnotate) ? 1 : 0; + listeners[nfd].bUseCreds = (inst->bDiscardOwnMsgs || inst->bWritePid || inst->ratelimitInterval || inst->bAnnotate || inst->bUseSysTimeStamp) ? 1 : 0; listeners[nfd].bAnnotate = inst->bAnnotate; listeners[nfd].bParseTrusted = inst->bParseTrusted; listeners[nfd].bDiscardOwnMsgs = inst->bDiscardOwnMsgs; @@ -992,7 +993,7 @@ static rsRetVal readSocket(lstn_t *pLstn) if(iRcvd > 0) { cred = NULL; ts = NULL; - if(pLstn->bUseCreds || pLstn->bUseSysTimeStamp) { + if(pLstn->bUseCreds) { for(cm = CMSG_FIRSTHDR(&msgh); cm; cm = CMSG_NXTHDR(&msgh, cm)) { # if HAVE_SCM_CREDENTIALS if( pLstn->bUseCreds @@ -1062,7 +1063,7 @@ activateListeners() listeners[0].ratelimitInterval = runModConf->ratelimitIntervalSysSock; listeners[0].ratelimitBurst = runModConf->ratelimitBurstSysSock; listeners[0].ratelimitSev = runModConf->ratelimitSeveritySysSock; - listeners[0].bUseCreds = (runModConf->bWritePidSysSock || runModConf->ratelimitIntervalSysSock || runModConf->bAnnotateSysSock || runModConf->bDiscardOwnMsgs) ? 1 : 0; + listeners[0].bUseCreds = (runModConf->bWritePidSysSock || runModConf->ratelimitIntervalSysSock || runModConf->bAnnotateSysSock || runModConf->bDiscardOwnMsgs || runModConf->bUseSysTimeStamp) ? 1 : 0; listeners[0].bWritePid = runModConf->bWritePidSysSock; listeners[0].bAnnotate = runModConf->bAnnotateSysSock; listeners[0].bParseTrusted = runModConf->bParseTrusted; @@ -1256,11 +1257,14 @@ BEGINendCnfLoad CODESTARTendCnfLoad if(!loadModConf->configSetViaV2Method) { /* persist module-specific settings from legacy config system */ + /* these are used to initialize the system log socket (listeners[0]) */ loadModConf->bOmitLocalLogging = cs.bOmitLocalLogging; loadModConf->pLogSockName = cs.pLogSockName; loadModConf->bIgnoreTimestamp = cs.bIgnoreTimestampSysSock; + loadModConf->bUseSysTimeStamp = cs.bUseSysTimeStampSysSock; loadModConf->bUseFlowCtl = cs.bUseFlowCtlSysSock; loadModConf->bAnnotateSysSock = cs.bAnnotateSysSock; + loadModConf->bWritePidSysSock = cs.bWritePidSysSock; loadModConf->bParseTrusted = cs.bParseTrusted; loadModConf->ratelimitIntervalSysSock = cs.ratelimitIntervalSysSock; loadModConf->ratelimitBurstSysSock = cs.ratelimitBurstSysSock; diff --git a/plugins/mmanon/mmanon.c b/plugins/mmanon/mmanon.c index a1c99d0..16a4f34 100644 --- a/plugins/mmanon/mmanon.c +++ b/plugins/mmanon/mmanon.c @@ -170,7 +170,6 @@ CODESTARTnewActInst cstr); free(cstr); } - pData->replChar = es_getBufAddr(pvals[i].val.d.estr)[0]; } else if(!strcmp(actpblk.descr[i].name, "replacementchar")) { pData->replChar = es_getBufAddr(pvals[i].val.d.estr)[0]; } else if(!strcmp(actpblk.descr[i].name, "ipv4.bits")) { @@ -307,7 +306,7 @@ anonip(instanceData *pData, uchar *msg, int *pLenMsg, int *idx) ++i; ipstart[3] = i; octet = getnum(msg, lenMsg, &i); - if(octet > 255 || !(msg[i] == ' ' || msg[i] == ':')) goto done; + if(octet > 255) goto done; ipv4addr |= octet; /* OK, we now found an ip address */ @@ -339,6 +338,8 @@ anonip(instanceData *pData, uchar *msg, int *pLenMsg, int *idx) if(i - endpos > 0) { *pLenMsg = lenMsg - (i - endpos); memmove(msg+endpos, msg+i, lenMsg - i + 1); + /* correct index for next search! */ + i -= (i - endpos); } } diff --git a/plugins/mmnormalize/mmnormalize.c b/plugins/mmnormalize/mmnormalize.c index f93974a..7e25824 100644 --- a/plugins/mmnormalize/mmnormalize.c +++ b/plugins/mmnormalize/mmnormalize.c @@ -227,6 +227,7 @@ CODESTARTdoAction /* TODO: this is all extremly ineffcient! */ ee_fmtEventToJSON(event, &str); cstrJSON = es_str2cstr(str, NULL); + ee_deleteEvent(event); dbgprintf("mmnormalize generated: %s\n", cstrJSON); tokener = json_tokener_new(); diff --git a/plugins/omelasticsearch/omelasticsearch.c b/plugins/omelasticsearch/omelasticsearch.c index aea8e32..b82968d 100644 --- a/plugins/omelasticsearch/omelasticsearch.c +++ b/plugins/omelasticsearch/omelasticsearch.c @@ -4,7 +4,7 @@ * NOTE: read comments in module-template.h for more specifics! * * Copyright 2011 Nathan Scott. - * Copyright 2009-2012 Rainer Gerhards and Adiscon GmbH. + * Copyright 2009-2013 Rainer Gerhards and Adiscon GmbH. * * This file is part of rsyslog. * @@ -58,10 +58,10 @@ DEFobjCurrIf(errmsg) DEFobjCurrIf(statsobj) statsobj_t *indexStats; -STATSCOUNTER_DEF(indexConFail, mutIndexConFail) STATSCOUNTER_DEF(indexSubmit, mutIndexSubmit) -STATSCOUNTER_DEF(indexFailed, mutIndexFailed) -STATSCOUNTER_DEF(indexSuccess, mutIndexSuccess) +STATSCOUNTER_DEF(indexHTTPFail, mutIndexHTTPFail) +STATSCOUNTER_DEF(indexHTTPReqFail, mutIndexHTTPReqFail) +STATSCOUNTER_DEF(indexESFail, mutIndexESFail) /* REST API for elasticsearch hits this URL: * http://<hostName>:<restPort>/<searchIndex>/<searchType> @@ -91,6 +91,7 @@ typedef struct _instanceData { sbool asyncRepl; struct { es_str_t *data; + int nmemb; /* number of messages in batch (for statistics counting) */ uchar *currTpl1; uchar *currTpl2; } batch; @@ -432,6 +433,7 @@ buildBatch(instanceData *pData, uchar *message, uchar **tpls) DBGPRINTF("omelasticsearch: growing batch failed with code %d\n", r); ABORT_FINALIZE(RS_RET_ERR); } + ++pData->batch.nmemb; iRet = RS_RET_DEFER_COMMIT; finalize_it: @@ -577,12 +579,15 @@ checkResult(instanceData *pData, uchar *reqmsg) finalize_it: if(root != NULL) cJSON_Delete(root); + if(iRet != RS_RET_OK) { + STATSCOUNTER_INC(indexESFail, mutIndexESFail); + } RETiRet; } static rsRetVal -curlPost(instanceData *pData, uchar *message, int msglen, uchar **tpls) +curlPost(instanceData *pData, uchar *message, int msglen, uchar **tpls, int nmsgs) { CURLcode code; CURL *curl = pData->curlHandle; @@ -603,13 +608,13 @@ curlPost(instanceData *pData, uchar *message, int msglen, uchar **tpls) case CURLE_COULDNT_RESOLVE_PROXY: case CURLE_COULDNT_CONNECT: case CURLE_WRITE_ERROR: - STATSCOUNTER_INC(indexConFail, mutIndexConFail); + STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); + indexHTTPFail += nmsgs; DBGPRINTF("omelasticsearch: we are suspending ourselfs due " "to failure %lld of curl_easy_perform()\n", (long long) code); ABORT_FINALIZE(RS_RET_SUSPENDED); default: - STATSCOUNTER_INC(indexSubmit, mutIndexSubmit); break; } @@ -633,17 +638,19 @@ dbgprintf("omelasticsearch: beginTransaction\n"); } es_emptyStr(pData->batch.data); + pData->batch.nmemb = 0; finalize_it: ENDbeginTransaction BEGINdoAction CODESTARTdoAction + STATSCOUNTER_INC(indexSubmit, mutIndexSubmit); if(pData->bulkmode) { CHKiRet(buildBatch(pData, ppString[0], ppString)); } else { CHKiRet(curlPost(pData, ppString[0], strlen((char*)ppString[0]), - ppString)); + ppString, 1)); } finalize_it: dbgprintf("omelasticsearch: result doAction: %d (bulkmode %d)\n", iRet, pData->bulkmode); @@ -658,7 +665,7 @@ dbgprintf("omelasticsearch: endTransaction init\n"); if (pData->batch.data != NULL ) { cstr = es_str2cstr(pData->batch.data, NULL); dbgprintf("omelasticsearch: endTransaction, batch: '%s'\n", cstr); - CHKiRet(curlPost(pData, (uchar*) cstr, strlen(cstr), NULL)); + CHKiRet(curlPost(pData, (uchar*) cstr, strlen(cstr), NULL, pData->batch.nmemb)); } else dbgprintf("omelasticsearch: endTransaction, pData->batch.data is NULL, nothing to send. \n"); @@ -993,15 +1000,19 @@ CODEmodInit_QueryRegCFSLineHdlr /* support statistics gathering */ CHKiRet(statsobj.Construct(&indexStats)); - CHKiRet(statsobj.SetName(indexStats, (uchar *)"elasticsearch")); - CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"connfail", - ctrType_IntCtr, &indexConFail)); - CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"submits", + CHKiRet(statsobj.SetName(indexStats, (uchar *)"omelasticsearch")); + STATSCOUNTER_INIT(indexSubmit, mutCtrIndexSubmit); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"submitted", ctrType_IntCtr, &indexSubmit)); - CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed", - ctrType_IntCtr, &indexFailed)); - CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"success", - ctrType_IntCtr, &indexSuccess)); + STATSCOUNTER_INIT(indexHTTPFail, mutCtrIndexHTTPFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.http", + ctrType_IntCtr, &indexHTTPFail)); + STATSCOUNTER_INIT(indexHTTPReqFail, mutCtrIndexHTTPReqFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.httprequests", + ctrType_IntCtr, &indexHTTPReqFail)); + STATSCOUNTER_INIT(indexESFail, mutCtrIndexESFail); + CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.es", + ctrType_IntCtr, &indexESFail)); CHKiRet(statsobj.ConstructFinalize(indexStats)); ENDmodInit diff --git a/plugins/omhiredis/omhiredis.c b/plugins/omhiredis/omhiredis.c index 051ac0b..757d5eb 100644 --- a/plugins/omhiredis/omhiredis.c +++ b/plugins/omhiredis/omhiredis.c @@ -97,7 +97,6 @@ BEGINfreeInstance CODESTARTfreeInstance closeHiredis(pData); free(pData->server); - free(pData->tplName); ENDfreeInstance @@ -196,7 +195,7 @@ CODESTARTendTransaction for ( i = 0; i < pData->count; i++ ) { redisGetReply ( pData->conn, (void *)&pData->replies[i] ); /* TODO: add error checking here! */ - free ( pData->replies[i] ); + freeReplyObject ( pData->replies[i] ); } free ( pData->replies ); pData->count = 0; diff --git a/plugins/ommongodb/ommongodb.c b/plugins/ommongodb/ommongodb.c index 64d501d..ecfd251 100644 --- a/plugins/ommongodb/ommongodb.c +++ b/plugins/ommongodb/ommongodb.c @@ -35,7 +35,7 @@ #include <mongo.h> #include <json.h> /* For struct json_object_iter, should not be necessary in future versions */ -#include <json/json_object_private.h> +#include <json_object_private.h> #include "rsyslog.h" #include "conf.h" diff --git a/plugins/omprog/omprog.c b/plugins/omprog/omprog.c index 6926165..d821ff1 100644 --- a/plugins/omprog/omprog.c +++ b/plugins/omprog/omprog.c @@ -122,6 +122,7 @@ static void execBinary(instanceData *pData, int fdStdin) { int i; struct sigaction sigAct; + sigset_t set; char *newargv[] = { NULL }; char *newenviron[] = { NULL }; @@ -146,10 +147,12 @@ static void execBinary(instanceData *pData, int fdStdin) /* reset signal handlers to default */ memset(&sigAct, 0, sizeof(sigAct)); - sigfillset(&sigAct.sa_mask); + sigemptyset(&sigAct.sa_mask); sigAct.sa_handler = SIG_DFL; for(i = 1 ; i < NSIG ; ++i) sigaction(i, &sigAct, NULL); + sigemptyset(&set); + sigprocmask(SIG_SETMASK, &set, NULL); alarm(0); diff --git a/runtime/conf.c b/runtime/conf.c index c3c7e44..c01715c 100644 --- a/runtime/conf.c +++ b/runtime/conf.c @@ -573,6 +573,7 @@ rsRetVal DecodePropFilter(uchar *pline, struct cnfstmt *stmt) } else { errmsg.LogError(0, NO_ERRCODE, "error: invalid compare operation '%s' - ignoring selector", (char*) rsCStrGetSzStrNoNULL(pCSCompOp)); + return(RS_RET_ERR); } rsCStrDestruct(&pCSCompOp); /* no longer needed */ diff --git a/runtime/cryprov.h b/runtime/cryprov.h index 8496b74..005b33f 100644 --- a/runtime/cryprov.h +++ b/runtime/cryprov.h @@ -24,8 +24,6 @@ #ifndef INCLUDED_CRYPROV_H #define INCLUDED_CRYPROV_H -#include <gcrypt.h> - /* interface */ BEGINinterface(cryprov) /* name must also be changed in ENDinterface macro! */ rsRetVal (*Construct)(void *ppThis); diff --git a/runtime/glbl.c b/runtime/glbl.c index b3fe3a1..c57cedf 100644 --- a/runtime/glbl.c +++ b/runtime/glbl.c @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> +#include <pthread.h> #include <assert.h> #include "rsyslog.h" @@ -71,6 +72,7 @@ static int option_DisallowWarning = 1; /* complain if message from disallowed se static int bDisableDNS = 0; /* don't look up IP addresses of remote messages */ static prop_t *propLocalIPIF = NULL;/* IP address to report for the local host (default is 127.0.0.1) */ static prop_t *propLocalHostName = NULL;/* our hostname as FQDN - read-only after startup */ +static prop_t *propLocalHostNameToDelete = NULL;/* see GenerateLocalHostName function hdr comment! */ static uchar *LocalHostName = NULL;/* our hostname - read-only after startup, except HUP */ static uchar *LocalHostNameOverride = NULL;/* user-overridden hostname - read-only after startup */ static uchar *LocalFQDNName = NULL;/* our hostname as FQDN - read-only after startup, except HUP */ @@ -379,17 +381,31 @@ GetLocalDomain(void) /* generate the local hostname property. This must be done after the hostname info * has been set as well as PreserveFQDN. * rgerhards, 2009-06-30 + * NOTE: This function tries to avoid locking by not destructing the previous value + * immediately. This is so that current readers can continue to use the previous name. + * Otherwise, we would need to use read/write locks to protect the update process. + * In order to do so, we save the previous value and delete it when we are called again + * the next time. Note that this in theory is racy and can lead to a double-free. + * In practice, however, the window of exposure to trigger this is extremely short + * and as this functions is very infrequently being called (on HUP), the trigger + * condition for this bug is so highly unlikely that it never occurs in practice. + * Probably if you HUP rsyslog every few milliseconds, but who does that... + * To further reduce risk potential, we do only update the property when there + * actually is a hostname change, which makes it even less likely. + * rgerhards, 2013-10-28 */ static rsRetVal GenerateLocalHostNameProperty(void) { - DEFiRet; + uchar *pszPrev; + int lenPrev; + prop_t *hostnameNew; uchar *pszName; + DEFiRet; - if(propLocalHostName != NULL) - prop.Destruct(&propLocalHostName); + if(propLocalHostNameToDelete != NULL) + prop.Destruct(&propLocalHostNameToDelete); - CHKiRet(prop.Construct(&propLocalHostName)); if(LocalHostNameOverride == NULL) { if(LocalHostName == NULL) pszName = (uchar*) "[localhost]"; @@ -403,8 +419,20 @@ GenerateLocalHostNameProperty(void) pszName = LocalHostNameOverride; } DBGPRINTF("GenerateLocalHostName uses '%s'\n", pszName); - CHKiRet(prop.SetString(propLocalHostName, pszName, ustrlen(pszName))); - CHKiRet(prop.ConstructFinalize(propLocalHostName)); + + if(propLocalHostName == NULL) + pszPrev = (uchar*)""; /* make sure strcmp() below does not match */ + else + prop.GetString(propLocalHostName, &pszPrev, &lenPrev); + + if(ustrcmp(pszPrev, pszName)) { + /* we need to update */ + CHKiRet(prop.Construct(&hostnameNew)); + CHKiRet(prop.SetString(hostnameNew, pszName, ustrlen(pszName))); + CHKiRet(prop.ConstructFinalize(hostnameNew)); + propLocalHostNameToDelete = propLocalHostName; + propLocalHostName = hostnameNew; + } finalize_it: RETiRet; @@ -445,6 +473,14 @@ GetWorkDir(void) return(pszWorkDir == NULL ? (uchar*) "" : pszWorkDir); } +/* return the "raw" working directory, which means + * NULL if unset. + */ +const uchar * +glblGetWorkDirRaw(void) +{ + return pszWorkDir; +} /* return the current default netstream driver */ static uchar* @@ -667,6 +703,8 @@ BEGINObjClassExit(glbl, OBJ_IS_CORE_MODULE) /* class, version */ free(LocalHostNameOverride); free(LocalFQDNName); objRelease(prop, CORE_COMPONENT); + if(propLocalHostNameToDelete != NULL) + prop.Destruct(&propLocalHostNameToDelete); DESTROY_ATOMIC_HELPER_MUT(mutTerminateInputs); ENDObjClassExit(glbl) diff --git a/runtime/glbl.h b/runtime/glbl.h index e95e48f..44171f2 100644 --- a/runtime/glbl.h +++ b/runtime/glbl.h @@ -95,5 +95,6 @@ static inline void glblSetOurPid(pid_t pid) { glbl_ourpid = pid; } void glblPrepCnf(void); void glblProcessCnf(struct cnfobj *o); void glblDoneLoadCnf(void); +const uchar * glblGetWorkDirRaw(void); #endif /* #ifndef GLBL_H_INCLUDED */ diff --git a/runtime/libgcry.h b/runtime/libgcry.h index b77b0f9..692ce40 100644 --- a/runtime/libgcry.h +++ b/runtime/libgcry.h @@ -21,7 +21,7 @@ #ifndef INCLUDED_LIBGCRY_H #define INCLUDED_LIBGCRY_H #include <stdint.h> - +#include <gcrypt.h> struct gcryctx_s { uchar *key; @@ -52,6 +52,7 @@ void rsgcryCtxDel(gcryctx ctx); int gcryfileDestruct(gcryfile gf, off64_t offsLogfile); rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname); int rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len); +int gcryGetKeyFromProg(char *cmd, char **key, unsigned *keylen); /* error states */ #define RSGCRYE_EI_OPEN 1 /* error opening .encinfo file */ diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c index a9a5079..972b5a4 100644 --- a/runtime/librsgt_read.c +++ b/runtime/librsgt_read.c @@ -267,7 +267,7 @@ rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec) rec->tlvlen = c; } if(fread(rec->data, (size_t) rec->tlvlen, 1, fp) != 1) { - r = RSGTE_IO; + r = feof(fp) ? RSGTE_EOF : RSGTE_IO; goto done; } diff --git a/runtime/msg.c b/runtime/msg.c index 36cbd26..10ecf48 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -43,7 +43,7 @@ #include <libestr.h> #include <json.h> /* For struct json_object_iter, should not be necessary in future versions */ -#include <json/json_object_private.h> +#include <json_object_private.h> #if HAVE_MALLOC_H # include <malloc.h> #endif @@ -3934,6 +3934,12 @@ msgAddJSON(msg_t *pM, uchar *name, struct json_object *json) } leaf = jsonPathGetLeaf(name, ustrlen(name)); CHKiRet(jsonPathFindParent(pM, name, leaf, &parent, 1)); + if (json_object_get_type(parent) != json_type_object) { + DBGPRINTF("msgAddJSON: not a container in json path," + "name is '%s'\n", name); + json_object_put(json); + ABORT_FINALIZE(RS_RET_INVLD_SETOP); + } leafnode = json_object_object_get(parent, (char*)leaf); if(leafnode == NULL) { json_object_object_add(parent, (char*)leaf, json); diff --git a/runtime/msg.h b/runtime/msg.h index ac220b6..e7babdb 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -62,7 +62,6 @@ struct msg { once data has entered the queue, this property is no longer needed. */ pthread_mutex_t mut; int iRefCount; /* reference counter (0 = unused) */ - sbool bAlreadyFreed; /* aid to help detect a well-hidden bad bug -- TODO: remove when no longer needed */ sbool bParseSuccess; /* set to reflect state of last executed higher level parser */ short iSeverity; /* the severity 0..7 */ short iFacility; /* Facility code 0 .. 23*/ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 6ef4feb..1110c7a 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2,7 +2,7 @@ * * An implementation of the nsd interface for GnuTLS. * - * Copyright (C) 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * Copyright (C) 2007-2013 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -547,10 +547,20 @@ gtlsAddOurCert(void) keyFile = glbl.GetDfltNetstrmDrvrKeyFile(); dbgprintf("GTLS certificate file: '%s'\n", certFile); dbgprintf("GTLS key file: '%s'\n", keyFile); + if(certFile == NULL) { + errmsg.LogError(0, RS_RET_CERT_MISSING, "error: certificate file is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CERT_MISSING); + } + if(keyFile == NULL) { + errmsg.LogError(0, RS_RET_CERTKEY_MISSING, "error: key file is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CERTKEY_MISSING); + } CHKgnutls(gnutls_certificate_set_x509_key_file(xcred, (char*)certFile, (char*)keyFile, GNUTLS_X509_FMT_PEM)); finalize_it: - if(iRet != RS_RET_OK) { + if(iRet != RS_RET_OK && iRet != RS_RET_CERT_MISSING && iRet != RS_RET_CERTKEY_MISSING) { pGnuErr = gtlsStrerror(gnuRet); errno = 0; errmsg.LogError(0, iRet, "error adding our certificate. GnuTLS error %d, message: '%s', " @@ -580,6 +590,11 @@ gtlsGlblInit(void) /* sets the trusted cas file */ cafile = glbl.GetDfltNetstrmDrvrCAF(); + if(cafile == NULL) { + errmsg.LogError(0, RS_RET_CA_CERT_MISSING, "error: ca certificate is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CA_CERT_MISSING); + } dbgprintf("GTLS CA file: '%s'\n", cafile); gnuRet = gnutls_certificate_set_x509_trust_file(xcred, (char*)cafile, GNUTLS_X509_FMT_PEM); if(gnuRet < 0) { diff --git a/runtime/queue.c b/runtime/queue.c index 935a810..29549cd 100644 --- a/runtime/queue.c +++ b/runtime/queue.c @@ -12,7 +12,7 @@ * function names - this makes it really hard to read and does not provide much * benefit, at least I (now) think so... * - * Copyright 2008-2011 Rainer Gerhards and Adiscon GmbH. + * Copyright 2008-2013 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -87,6 +87,7 @@ static rsRetVal qDestructDirect(qqueue_t __attribute__((unused)) *pThis); static rsRetVal qConstructDirect(qqueue_t __attribute__((unused)) *pThis); static rsRetVal qDelDirect(qqueue_t __attribute__((unused)) *pThis); static rsRetVal qDestructDisk(qqueue_t *pThis); +rsRetVal qqueueSetSpoolDir(qqueue_t *pThis, uchar *pszSpoolDir, int lenSpoolDir); /* some constants for queuePersist () */ #define QUEUE_CHECKPOINT 1 @@ -256,7 +257,7 @@ qqueueDbgPrint(qqueue_t *pThis) (pThis->pszFilePrefix == NULL) ? "[NONE]" : (char*)pThis->pszFilePrefix); dbgoprint((obj_t*) pThis, "queue.size: %d\n", pThis->iMaxQueueSize); dbgoprint((obj_t*) pThis, "queue.dequeuebatchsize: %d\n", pThis->iDeqBatchSize); - dbgoprint((obj_t*) pThis, "queue.maxdiskspace: %lld\n", pThis->iMaxFileSize); + dbgoprint((obj_t*) pThis, "queue.maxdiskspace: %lld\n", pThis->sizeOnDiskMax); dbgoprint((obj_t*) pThis, "queue.highwatermark: %d\n", pThis->iHighWtrMrk); dbgoprint((obj_t*) pThis, "queue.lowwatermark: %d\n", pThis->iLowWtrMrk); dbgoprint((obj_t*) pThis, "queue.fulldelaymark: %d\n", pThis->iFullDlyMrk); @@ -418,6 +419,7 @@ StartDA(qqueue_t *pThis) CHKiRet(qqueueSetiDeqSlowdown(pThis->pqDA, pThis->iDeqSlowdown)); CHKiRet(qqueueSetMaxFileSize(pThis->pqDA, pThis->iMaxFileSize)); CHKiRet(qqueueSetFilePrefix(pThis->pqDA, pThis->pszFilePrefix, pThis->lenFilePrefix)); + CHKiRet(qqueueSetSpoolDir(pThis->pqDA, pThis->pszSpoolDir, pThis->lenSpoolDir)); CHKiRet(qqueueSetiPersistUpdCnt(pThis->pqDA, pThis->iPersistUpdCnt)); CHKiRet(qqueueSetbSyncQueueFiles(pThis->pqDA, pThis->bSyncQueueFiles)); CHKiRet(qqueueSettoActShutdown(pThis->pqDA, pThis->toActShutdown)); @@ -731,7 +733,7 @@ qqueueLoadPersStrmInfoFixup(strm_t *pStrm, qqueue_t __attribute__((unused)) *pTh DEFiRet; ISOBJ_TYPE_assert(pStrm, strm); ISOBJ_TYPE_assert(pThis, qqueue); - CHKiRet(strm.SetDir(pStrm, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + CHKiRet(strm.SetDir(pStrm, pThis->pszSpoolDir, pThis->lenSpoolDir)); finalize_it: RETiRet; } @@ -830,7 +832,7 @@ static rsRetVal qConstructDisk(qqueue_t *pThis) } else { CHKiRet(strm.Construct(&pThis->tVars.disk.pWrite)); CHKiRet(strm.SetbSync(pThis->tVars.disk.pWrite, pThis->bSyncQueueFiles)); - CHKiRet(strm.SetDir(pThis->tVars.disk.pWrite, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + CHKiRet(strm.SetDir(pThis->tVars.disk.pWrite, pThis->pszSpoolDir, pThis->lenSpoolDir)); CHKiRet(strm.SetiMaxFiles(pThis->tVars.disk.pWrite, 10000000)); CHKiRet(strm.SettOperationsMode(pThis->tVars.disk.pWrite, STREAMMODE_WRITE)); CHKiRet(strm.SetsType(pThis->tVars.disk.pWrite, STREAMTYPE_FILE_CIRCULAR)); @@ -838,7 +840,7 @@ static rsRetVal qConstructDisk(qqueue_t *pThis) CHKiRet(strm.Construct(&pThis->tVars.disk.pReadDeq)); CHKiRet(strm.SetbDeleteOnClose(pThis->tVars.disk.pReadDeq, 0)); - CHKiRet(strm.SetDir(pThis->tVars.disk.pReadDeq, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + CHKiRet(strm.SetDir(pThis->tVars.disk.pReadDeq, pThis->pszSpoolDir, pThis->lenSpoolDir)); CHKiRet(strm.SetiMaxFiles(pThis->tVars.disk.pReadDeq, 10000000)); CHKiRet(strm.SettOperationsMode(pThis->tVars.disk.pReadDeq, STREAMMODE_READ)); CHKiRet(strm.SetsType(pThis->tVars.disk.pReadDeq, STREAMTYPE_FILE_CIRCULAR)); @@ -847,7 +849,7 @@ static rsRetVal qConstructDisk(qqueue_t *pThis) CHKiRet(strm.Construct(&pThis->tVars.disk.pReadDel)); CHKiRet(strm.SetbSync(pThis->tVars.disk.pReadDel, pThis->bSyncQueueFiles)); CHKiRet(strm.SetbDeleteOnClose(pThis->tVars.disk.pReadDel, 1)); - CHKiRet(strm.SetDir(pThis->tVars.disk.pReadDel, glbl.GetWorkDir(), strlen((char*)glbl.GetWorkDir()))); + CHKiRet(strm.SetDir(pThis->tVars.disk.pReadDel, pThis->pszSpoolDir, pThis->lenSpoolDir)); CHKiRet(strm.SetiMaxFiles(pThis->tVars.disk.pReadDel, 10000000)); CHKiRet(strm.SettOperationsMode(pThis->tVars.disk.pReadDel, STREAMMODE_READ)); CHKiRet(strm.SetsType(pThis->tVars.disk.pReadDel, STREAMTYPE_FILE_CIRCULAR)); @@ -1302,6 +1304,7 @@ rsRetVal qqueueConstruct(qqueue_t **ppThis, queueType_t qType, int iWorkerThread { DEFiRet; qqueue_t *pThis; + const uchar *const workDir = glblGetWorkDirRaw(); ASSERT(ppThis != NULL); ASSERT(pConsumer != NULL); @@ -1311,13 +1314,15 @@ rsRetVal qqueueConstruct(qqueue_t **ppThis, queueType_t qType, int iWorkerThread /* we have an object, so let's fill the properties */ objConstructSetObjInfo(pThis); - if((pThis->pszSpoolDir = (uchar*) strdup((char*)glbl.GetWorkDir())) == NULL) - ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + if(workDir != NULL) { + if((pThis->pszSpoolDir = ustrdup(workDir)) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + pThis->lenSpoolDir = ustrlen(pThis->pszSpoolDir); + } /* set some water marks so that we have useful defaults if none are set specifically */ pThis->iFullDlyMrk = -1; pThis->iLightDlyMrk = -1; - pThis->lenSpoolDir = ustrlen(pThis->pszSpoolDir); pThis->iMaxFileSize = 1024 * 1024; /* default is 1 MiB */ pThis->iQueueSize = 0; pThis->nLogDeq = 0; @@ -2039,6 +2044,16 @@ qqueueStart(qqueue_t *pThis) /* this is the ConstructionFinalizer */ ASSERT(pThis != NULL); + dbgoprint((obj_t*) pThis, "starting queue\n"); + + if(pThis->pszSpoolDir == NULL) { + /* note: we need to pick the path so late as we do not have + * the workdir during early config load + */ + if((pThis->pszSpoolDir = (uchar*) strdup((char*)glbl.GetWorkDir())) == NULL) + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + pThis->lenSpoolDir = ustrlen(pThis->pszSpoolDir); + } /* set type-specific handlers and other very type-specific things * (we can not totally hide it...) */ @@ -2070,7 +2085,7 @@ qqueueStart(qqueue_t *pThis) /* this is the ConstructionFinalizer */ pThis->iNumWorkerThreads = 1; /* we need exactly one worker */ /* pre-construct file name for .qi file */ pThis->lenQIFNam = snprintf((char*)pszQIFNam, sizeof(pszQIFNam) / sizeof(uchar), - "%s/%s.qi", (char*) glbl.GetWorkDir(), (char*)pThis->pszFilePrefix); + "%s/%s.qi", (char*) pThis->pszSpoolDir, (char*)pThis->pszFilePrefix); pThis->pszQIFNam = ustrdup(pszQIFNam); DBGOPRINT((obj_t*) pThis, ".qi file name is '%s', len %d\n", pThis->pszQIFNam, (int) pThis->lenQIFNam); @@ -2084,16 +2099,25 @@ qqueueStart(qqueue_t *pThis) /* this is the ConstructionFinalizer */ break; } - if(pThis->iFullDlyMrk == -1) + if(pThis->iMaxQueueSize < 100 + && (pThis->qType == QUEUETYPE_LINKEDLIST || pThis->qType == QUEUETYPE_FIXED_ARRAY)) { + errmsg.LogError(0, RS_RET_OK_WARN, "Note: queue.size=\"%d\" is very " + "low and can lead to unpredictable results. See also " + "http://www.rsyslog.com/lower-bound-for-queue-sizes/", + pThis->iMaxQueueSize); + } + + /* we need to do a quick check if our water marks are set plausible. If not, + * we correct the most important shortcomings. + */ + if(pThis->iFullDlyMrk == -1 || pThis->iFullDlyMrk > pThis->iMaxQueueSize) pThis->iFullDlyMrk = pThis->iMaxQueueSize - (pThis->iMaxQueueSize / 100) * 3; /* default 97% */ - if(pThis->iLightDlyMrk == -1) + if(pThis->iLightDlyMrk == -1 || pThis->iLightDlyMrk > pThis->iMaxQueueSize) pThis->iLightDlyMrk = pThis->iMaxQueueSize - (pThis->iMaxQueueSize / 100) * 30; /* default 70% */ - - /* we need to do a quick check if our water marks are set plausible. If not, - * we correct the most important shortcomings. TODO: do that!!!! -- rgerhards, 2008-03-14 - */ + if(pThis->iMaxQueueSize > 0 && pThis->iDeqBatchSize > pThis->iMaxQueueSize) + pThis->iDeqBatchSize = pThis->iMaxQueueSize; /* finalize some initializations that could not yet be done because it is * influenced by properties which might have been set after queueConstruct () @@ -2126,9 +2150,9 @@ qqueueStart(qqueue_t *pThis) /* this is the ConstructionFinalizer */ pThis->iFullDlyMrk = wrk; } - DBGOPRINT((obj_t*) pThis, "type %d, enq-only %d, disk assisted %d, maxFileSz %lld, maxQSize %d, lqsize %d, pqsize %d, child %d, " + DBGOPRINT((obj_t*) pThis, "type %d, enq-only %d, disk assisted %d, spoolDir '%s', maxFileSz %lld, maxQSize %d, lqsize %d, pqsize %d, child %d, " "full delay %d, light delay %d, deq batch size %d starting, high wtrrmrk %d, low wtrmrk %d\n", - pThis->qType, pThis->bEnqOnly, pThis->bIsDA, pThis->iMaxFileSize, pThis->iMaxQueueSize, + pThis->qType, pThis->bEnqOnly, pThis->bIsDA, pThis->pszSpoolDir, pThis->iMaxFileSize, pThis->iMaxQueueSize, getLogicalQueueSize(pThis), getPhysicalQueueSize(pThis), pThis->pqParent == NULL ? 0 : 1, pThis->iFullDlyMrk, pThis->iLightDlyMrk, pThis->iDeqBatchSize, pThis->iHighWtrMrk, pThis->iLowWtrMrk); @@ -2433,6 +2457,24 @@ CODESTARTobjDestruct(qqueue) ENDobjDestruct(qqueue) +/* set the queue's spool directory. The directory MUST NOT be NULL. + * The passed-in string is duplicated. So if the caller does not need + * it any longer, it must free it. + */ +rsRetVal +qqueueSetSpoolDir(qqueue_t *pThis, uchar *pszSpoolDir, int lenSpoolDir) +{ + DEFiRet; + + free(pThis->pszSpoolDir); + CHKmalloc(pThis->pszSpoolDir = ustrdup(pszSpoolDir)); + pThis->lenSpoolDir = lenSpoolDir; + +finalize_it: + RETiRet; +} + + /* set the queue's file prefix * The passed-in string is duplicated. So if the caller does not need * it any longer, it must free it. @@ -2564,7 +2606,7 @@ doEnqSingleObj(qqueue_t *pThis, flowControl_t flowCtlType, msg_t *pMsg) * the queue to become ready or drop the new message. -- rgerhards, 2008-03-14 */ while( (pThis->iMaxQueueSize > 0 && pThis->iQueueSize >= pThis->iMaxQueueSize) - || (pThis->qType == QUEUETYPE_DISK && pThis->sizeOnDiskMax != 0 + || ((pThis->qType == QUEUETYPE_DISK || pThis->bIsDA) && pThis->sizeOnDiskMax != 0 && pThis->tVars.disk.sizeOnDisk > pThis->sizeOnDiskMax)) { STATSCOUNTER_INC(pThis->ctrFull, pThis->mutCtrFull); if(pThis->toEnq == 0 || pThis->bEnqOnly) { @@ -2753,7 +2795,7 @@ qqueueApplyCnfParam(qqueue_t *pThis, struct cnfparamvals *pvals) } else if(!strcmp(pblk.descr[i].name, "queue.dequeuebatchsize")) { pThis->iDeqBatchSize = pvals[i].val.d.n; } else if(!strcmp(pblk.descr[i].name, "queue.maxdiskspace")) { - pThis->iMaxFileSize = pvals[i].val.d.n; + pThis->sizeOnDiskMax = pvals[i].val.d.n; } else if(!strcmp(pblk.descr[i].name, "queue.highwatermark")) { pThis->iHighWtrMrk = pvals[i].val.d.n; } else if(!strcmp(pblk.descr[i].name, "queue.lowwatermark")) { @@ -2826,6 +2868,7 @@ DEFpropSetMeth(qqueue, iFullDlyMrk, int) DEFpropSetMeth(qqueue, iDiscardSeverity, int) DEFpropSetMeth(qqueue, iLightDlyMrk, int) DEFpropSetMeth(qqueue, bIsDA, int) +DEFpropSetMeth(qqueue, iNumWorkerThreads, int) DEFpropSetMeth(qqueue, iMinMsgsPerWrkr, int) DEFpropSetMeth(qqueue, bSaveOnShutdown, int) DEFpropSetMeth(qqueue, pAction, action_t*) diff --git a/runtime/queue.h b/runtime/queue.h index 886fac8..7977108 100644 --- a/runtime/queue.h +++ b/runtime/queue.h @@ -219,6 +219,7 @@ PROTOTYPEpropSetMeth(qqueue, iLowWtrMrk, int); PROTOTYPEpropSetMeth(qqueue, iDiscardMrk, int); PROTOTYPEpropSetMeth(qqueue, iDiscardSeverity, int); PROTOTYPEpropSetMeth(qqueue, iMinMsgsPerWrkr, int); +PROTOTYPEpropSetMeth(qqueue, iNumWorkerThreads, int); PROTOTYPEpropSetMeth(qqueue, bSaveOnShutdown, int); PROTOTYPEpropSetMeth(qqueue, pAction, action_t*); PROTOTYPEpropSetMeth(qqueue, iDeqSlowdown, int); diff --git a/runtime/ratelimit.c b/runtime/ratelimit.c index a808e04..016fd3c 100644 --- a/runtime/ratelimit.c +++ b/runtime/ratelimit.c @@ -73,16 +73,8 @@ static inline rsRetVal doLastMessageRepeatedNTimes(ratelimit_t *ratelimit, msg_t *pMsg, msg_t **ppRepMsg) { int bNeedUnlockMutex = 0; - rsRetVal localRet; DEFiRet; - if((pMsg->msgFlags & NEEDS_PARSING) != 0) { - if((localRet = parser.ParseMsg(pMsg)) != RS_RET_OK) { - DBGPRINTF("Message discarded, parsing error %d\n", localRet); - ABORT_FINALIZE(RS_RET_DISCARDMSG); - } - } - if(ratelimit->bThreadSafe) { pthread_mutex_lock(&ratelimit->mut); bNeedUnlockMutex = 1; @@ -209,6 +201,14 @@ rsRetVal ratelimitMsg(ratelimit_t *ratelimit, msg_t *pMsg, msg_t **ppRepMsg) { DEFiRet; + rsRetVal localRet; + + if((pMsg->msgFlags & NEEDS_PARSING) != 0) { + if((localRet = parser.ParseMsg(pMsg)) != RS_RET_OK) { + DBGPRINTF("Message discarded, parsing error %d\n", localRet); + ABORT_FINALIZE(RS_RET_DISCARDMSG); + } + } *ppRepMsg = NULL; /* Only the messages having severity level at or below the @@ -223,6 +223,10 @@ ratelimitMsg(ratelimit_t *ratelimit, msg_t *pMsg, msg_t **ppRepMsg) CHKiRet(doLastMessageRepeatedNTimes(ratelimit, pMsg, ppRepMsg)); } finalize_it: + if(Debug) { + if(iRet == RS_RET_DISCARDMSG) + dbgprintf("message discarded by ratelimiting\n"); + } RETiRet; } diff --git a/runtime/rsconf.c b/runtime/rsconf.c index d8b81f1..960a34c 100644 --- a/runtime/rsconf.c +++ b/runtime/rsconf.c @@ -585,6 +585,7 @@ dropPrivileges(rsconf_t *cnf) static inline void tellCoreConfigLoadDone(void) { + DBGPRINTF("telling rsyslog core that config load for %p is done\n", loadConf); glblDoneLoadCnf(); } diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 47b3478..e62ba86 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -3,7 +3,7 @@ * * Begun 2005-09-15 RGerhards * - * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH + * Copyright (C) 2005-2013 by Rainer Gerhards and Adiscon GmbH * * This file is part of the rsyslog runtime library. * @@ -413,6 +413,9 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_CRY_INVLD_ALGO = -2326,/**< user specified invalid (unkonwn) crypto algorithm */ RS_RET_CRY_INVLD_MODE = -2327,/**< user specified invalid (unkonwn) crypto mode */ RS_RET_QUEUE_DISK_NO_FN = -2328,/**< disk queue configured, but filename not set */ + RS_RET_CA_CERT_MISSING = -2329,/**< a CA cert is missing where one is required (e.g. TLS) */ + RS_RET_CERT_MISSING = -2330,/**< a cert is missing where one is required (e.g. TLS) */ + RS_RET_CERTKEY_MISSING = -2331,/**< a cert (private) key is missing where one is required (e.g. TLS) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/runtime/ruleset.c b/runtime/ruleset.c index 5bf7ac0..1afb403 100644 --- a/runtime/ruleset.c +++ b/runtime/ruleset.c @@ -284,6 +284,30 @@ execStop(batch_t *pBatch, sbool *active) } RETiRet; } +static rsRetVal +execCall(struct cnfstmt *stmt, batch_t *pBatch, sbool *active) +{ + msg_t *pMsg; + int i; + DEFiRet; + if(stmt->d.s_call.ruleset == NULL) { + scriptExec(stmt->d.s_call.stmt, pBatch, active); + } else { + for(i = 0 ; i < batchNumMsgs(pBatch) ; ++i) { + CHKmalloc(pMsg = MsgDup((msg_t*) pBatch->pElem[i].pMsg)); + DBGPRINTF("CALL: forwarding message %d to async ruleset %p\n", + i, stmt->d.s_call.ruleset->pQueue); + MsgSetFlowControlType(pMsg, eFLOWCTL_NO_DELAY); + MsgSetRuleset(pMsg, stmt->d.s_call.ruleset); + /* Note: we intentionally use submitMsg2() here, as we process messages + * that were already run through the rate-limiter. + */ + submitMsg2(pMsg); + } + } +finalize_it: + RETiRet; +} /* for details, see scriptExec() header comment! */ // save current filter, evaluate new one @@ -535,7 +559,7 @@ scriptExec(struct cnfstmt *root, batch_t *pBatch, sbool *active) execUnset(stmt, pBatch, active); break; case S_CALL: - scriptExec(stmt->d.s_call.stmt, pBatch, active); + execCall(stmt, pBatch, active); break; case S_IF: execIf(stmt, pBatch, active); diff --git a/runtime/ruleset.h b/runtime/ruleset.h index cbf8243..64fe92f 100644 --- a/runtime/ruleset.h +++ b/runtime/ruleset.h @@ -90,6 +90,13 @@ rulesetGetName(ruleset_t *pRuleset) return pRuleset->pszName; } +/* returns 1 if the ruleset has a queue associtated, 0 if not */ +static inline int +rulesetHasQueue(ruleset_t *pRuleset) +{ + return pRuleset->pQueue == NULL ? 0 : 1; +} + /* we will most probably convert this module back to traditional C * calling sequence, so here we go... diff --git a/runtime/stringbuf.c b/runtime/stringbuf.c index cb4f045..13f3871 100644 --- a/runtime/stringbuf.c +++ b/runtime/stringbuf.c @@ -107,7 +107,8 @@ finalize_it: /* a helper function for rsCStr*Strf() */ -static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, uchar *fmt, va_list ap) +static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, char *fmt, va_list ap) __attribute__((format(gnu_printf,2, 0))); +static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, char *fmt, va_list ap) { DEFiRet; cstr_t *pThis; @@ -147,7 +148,7 @@ rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, char *fmt, ...) va_list ap; va_start(ap, fmt); - iRet = rsCStrConstructFromszStrv(ppThis, (uchar*)fmt, ap); + iRet = rsCStrConstructFromszStrv(ppThis, fmt, ap); va_end(ap); RETiRet; @@ -315,7 +316,7 @@ rsRetVal rsCStrAppendStrf(cstr_t *pThis, uchar *fmt, ...) cstr_t *pStr = NULL; va_start(ap, fmt); - iRet = rsCStrConstructFromszStrv(&pStr, fmt, ap); + iRet = rsCStrConstructFromszStrv(&pStr, (char*)fmt, ap); va_end(ap); CHKiRet(iRet); @@ -563,7 +564,7 @@ rsRetVal cstrTrimTrailingWhiteSpace(cstr_t *pThis) } /* i now is the new string length! */ pThis->iStrLen = i; - pThis->pBuf[pThis->iStrLen] = '0'; /* we always have this space */ + pThis->pBuf[pThis->iStrLen] = '\0'; /* we always have this space */ done: return RS_RET_OK; } diff --git a/runtime/typedefs.h b/runtime/typedefs.h index d3f68b4..2720109 100644 --- a/runtime/typedefs.h +++ b/runtime/typedefs.h @@ -25,14 +25,10 @@ */ #ifndef INCLUDED_TYPEDEFS_H #define INCLUDED_TYPEDEFS_H -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || !defined(HAVE_LSEEK64) #include <sys/types.h> #endif -#ifndef HAVE_LSEEK64 -#include <unistd.h> -#endif - /* some universal fixed size integer defines ... */ typedef long long int64; typedef long long unsigned uint64; diff --git a/runtime/unicode-helper.h b/runtime/unicode-helper.h index b7db276..db98ca3 100644 --- a/runtime/unicode-helper.h +++ b/runtime/unicode-helper.h @@ -53,7 +53,7 @@ static inline int ustrcmp(uchar *psz1, uchar *psz2) return strcmp((char*) psz1, (char*) psz2); } -static inline int ustrlen(uchar *psz) +static inline int ustrlen(const uchar *psz) { return strlen((char*) psz); } diff --git a/tcps_sess.c b/tcps_sess.c index 5821e44..0978cee 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -307,7 +307,7 @@ PrepareClose(tcps_sess_t *pThis) * generate an error message and discard the frame. */ errmsg.LogError(0, NO_ERRCODE, "Incomplete frame at end of stream in session %p - " - "ignoring extra data (a message may be lost).\n", pThis->pStrm); + "ignoring extra data (a message may be lost).", pThis->pStrm); /* nothing more to do */ } else { /* here, we have traditional framing. Missing LF at the end * of message may occur. As such, we process the message in @@ -375,13 +375,13 @@ processDataRcvd(tcps_sess_t *pThis, char c, struct syslogTime *stTime, time_t tt DBGPRINTF("TCP Message with octet-counter, size %d.\n", pThis->iOctetsRemain); if(c != ' ') { errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "delimiter is not SP but has ASCII value %d.\n", c); + "delimiter is not SP but has ASCII value %d.", c); } if(pThis->iOctetsRemain < 1) { /* TODO: handle the case where the octet count is 0! */ DBGPRINTF("Framing Error: invalid octet count\n"); errmsg.LogError(0, NO_ERRCODE, "Framing Error in received TCP message: " - "invalid octet count %d.\n", pThis->iOctetsRemain); + "invalid octet count %d.", pThis->iOctetsRemain); } else if(pThis->iOctetsRemain > iMaxLine) { /* while we can not do anything against it, we can at least log an indication * that something went wrong) -- rgerhards, 2008-03-14 @@ -389,7 +389,7 @@ processDataRcvd(tcps_sess_t *pThis, char c, struct syslogTime *stTime, time_t tt DBGPRINTF("truncating message with %d octets - max msg size is %d\n", pThis->iOctetsRemain, iMaxLine); errmsg.LogError(0, NO_ERRCODE, "received oversize message: size is %d bytes, " - "max msg size is %d, truncating...\n", pThis->iOctetsRemain, iMaxLine); + "max msg size is %d, truncating...", pThis->iOctetsRemain, iMaxLine); } pThis->inputState = eInMsg; } @@ -948,6 +948,8 @@ finalize_it: if(iRet != RS_RET_OK) { if(pThis->pNS != NULL) netstrms.Destruct(&pThis->pNS); + errmsg.LogError(0, iRet, "tcpsrv could not create listener (inputname: '%s')", + (pThis->pszInputName == NULL) ? (uchar*)"*UNSET*" : pThis->pszInputName); } RETiRet; } @@ -1384,8 +1386,6 @@ stopWorkerPool(void) pthread_cond_destroy(&wrkrInfo[i].run); } pthread_cond_destroy(&wrkrIdle); - pthread_mutex_destroy(&wrkrMut); - } @@ -1393,10 +1393,14 @@ stopWorkerPool(void) BEGINmodExit CODESTARTmodExit - stopWorkerPool(); + if(bWrkrRunning) { + stopWorkerPool(); + bWrkrRunning = 0; + } /* de-init in reverse order! */ tcpsrvClassExit(); tcps_sessClassExit(); + pthread_mutex_destroy(&wrkrMut); ENDmodExit diff --git a/tests/Makefile.am b/tests/Makefile.am index b339e79..fd1dbce 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -6,6 +6,7 @@ TESTS = $(TESTRUNS) if ENABLE_IMDIAG TESTS += \ + stop-localvar.sh \ arrayqueue.sh \ da-mainmsg-q.sh \ validation-run.sh \ @@ -53,7 +54,7 @@ TESTS += \ imuxsock_ccmiddle_root.sh \ udp-msgreduc-vg.sh \ udp-msgreduc-orgmsg-vg.sh \ - queue-persist.sh + queue-persist.sh \ discard-rptdmsg.sh \ discard-allmark.sh \ discard.sh \ @@ -289,6 +290,8 @@ EXTRA_DIST= 1.rstest 2.rstest 3.rstest err1.rstest \ testsuites/rscript_stop.conf \ rscript_stop2.sh \ testsuites/rscript_stop2.conf \ + stop-localvar.sh \ + testsuites/stop-localvar.conf \ rscript_prifilt.sh \ testsuites/rscript_prifilt.conf \ rscript_optimizer1.sh \ diff --git a/tests/Makefile.in b/tests/Makefile.in index c8c959e..06c6453 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -51,6 +51,7 @@ host_triplet = @host@ @ENABLE_TESTBENCH_TRUE@ $(am__append_13) #TESTS = $(TESTRUNS) cfg.sh @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@am__append_1 = \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ stop-localvar.sh \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ arrayqueue.sh \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ da-mainmsg-q.sh \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ validation-run.sh \ @@ -98,7 +99,31 @@ host_triplet = @host@ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ imuxsock_ccmiddle_root.sh \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ udp-msgreduc-vg.sh \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ udp-msgreduc-orgmsg-vg.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ queue-persist.sh +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ queue-persist.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard-rptdmsg.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard-allmark.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-async.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-double.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-basic.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-rptd.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-no-rptd.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-no-basic.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rcvr_fail_restore.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_contains.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_field.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_stop.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_stop2.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_prifilt.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_optimizer1.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_ruleset_call.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ cee_simple.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ cee_diskqueue.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir_wildcard.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir_empty_wildcard.sh \ +@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ linkedlistqueue.sh @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@@HAVE_VALGRIND_TRUE@am__append_2 = \ @ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@@HAVE_VALGRIND_TRUE@ discard-rptdmsg-vg.sh \ @@ -561,6 +586,8 @@ EXTRA_DIST = 1.rstest 2.rstest 3.rstest err1.rstest \ testsuites/rscript_stop.conf \ rscript_stop2.sh \ testsuites/rscript_stop2.conf \ + stop-localvar.sh \ + testsuites/stop-localvar.conf \ rscript_prifilt.sh \ testsuites/rscript_prifilt.conf \ rscript_optimizer1.sh \ @@ -1257,30 +1284,6 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard-rptdmsg.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard-allmark.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ discard.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-async.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-double.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-basic.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-rptd.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-no-rptd.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ failover-no-basic.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rcvr_fail_restore.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_contains.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_field.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_stop.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_stop2.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_prifilt.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_optimizer1.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ rscript_ruleset_call.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ cee_simple.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ cee_diskqueue.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir_wildcard.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ incltest_dir_empty_wildcard.sh \ -@ENABLE_IMDIAG_TRUE@@ENABLE_TESTBENCH_TRUE@ linkedlistqueue.sh @ENABLE_GNUTLS_TRUE@@ENABLE_TESTBENCH_TRUE@@HAVE_VALGRIND_TRUE@ manytcp-too-few-tls-vg.sh # rtinit tests disabled for the moment - also questionable if they diff --git a/tests/stop-localvar.sh b/tests/stop-localvar.sh new file mode 100755 index 0000000..9157301 --- /dev/null +++ b/tests/stop-localvar.sh @@ -0,0 +1,12 @@ +# Test for "stop" statement +# This file is part of the rsyslog project, released under ASL 2.0 +echo =============================================================================== +echo \[stop-localvar.sh\]: testing stop statement together with local variables +source $srcdir/diag.sh init +source $srcdir/diag.sh startup stop-localvar.conf +sleep 1 +source $srcdir/diag.sh tcpflood -m2000 -i1 +source $srcdir/diag.sh shutdown-when-empty # shut down rsyslogd when done processing messages +source $srcdir/diag.sh wait-shutdown +source $srcdir/diag.sh seq-check 100 999 +source $srcdir/diag.sh exit diff --git a/tests/testsuites/stop-localvar.conf b/tests/testsuites/stop-localvar.conf new file mode 100644 index 0000000..020ebd8 --- /dev/null +++ b/tests/testsuites/stop-localvar.conf @@ -0,0 +1,21 @@ +/* note: variables are strings (at least in v7), so we need to convert + * to a number when we check the conditon. + * Even if we change the variable representation at some later point, + * we should NOT change this test here, but better add a new one. + * rgerhards, 2013-11-19 + */ +$IncludeConfig diag-common.conf +template(name="outfmt" type="string" string="%$!nbr%\n") + +module(load="../plugins/imtcp/.libs/imtcp") +input(type="imtcp" port="13514") + +if $msg contains "msgnum:" then { + set $!nbr = field($msg, 58, 2); + if cnum($!nbr) < 100 then + stop + /* check is intentionally more complex than needed! */ + else if not (cnum($!nbr) > 999) then { + action(type="omfile" file="rsyslog.out.log" template="outfmt") + } +} diff --git a/tools/omfile.c b/tools/omfile.c index ba9f7f7..3dca347 100644 --- a/tools/omfile.c +++ b/tools/omfile.c @@ -133,7 +133,7 @@ typedef struct s_dynaFileCacheEntry dynaFileCacheEntry; typedef struct _instanceData { - uchar *f_fname; /* file or template name (display only) */ + uchar *fname; /* file or template name (display only) */ uchar *tplName; /* name of assigned template */ strm_t *pStrm; /* our output stream */ char bDynamicName; /* 0 - static name, 1 - dynamic name (with properties) */ @@ -287,11 +287,11 @@ CODESTARTdbgPrintInstInfo if(pData->bDynamicName) { dbgprintf("[dynamic]\n"); } else { /* regular file */ - dbgprintf("%s%s\n", pData->f_fname, + dbgprintf("%s%s\n", pData->fname, (pData->pStrm == NULL) ? " (closed)" : ""); } - dbgprintf("\ttemplate='%s'\n", pData->f_fname); + dbgprintf("\ttemplate='%s'\n", pData->fname); dbgprintf("\tuse async writer=%d\n", pData->bUseAsyncWriter); dbgprintf("\tflush on TX end=%d\n", pData->bFlushOnTXEnd); dbgprintf("\tflush interval=%d\n", pData->iFlushInterval); @@ -411,7 +411,7 @@ static rsRetVal cflineParseOutchannel(instanceData *pData, uchar* p, omodStringR } /* OK, we finally got a correct template. So let's use it... */ - pData->f_fname = ustrdup(pOch->pszFileTemplate); + pData->fname = ustrdup(pOch->pszFileTemplate); pData->iSizeLimit = pOch->uSizeLimit; /* WARNING: It is dangerous "just" to pass the pointer. As we * never rebuild the output channel description, this is acceptable here. @@ -796,9 +796,9 @@ writeFile(uchar **ppString, unsigned iMsgOpts, instanceData *pData) CHKiRet(prepareDynFile(pData, ppString[1], iMsgOpts)); } else { /* "regular", non-dynafile */ if(pData->pStrm == NULL) { - CHKiRet(prepareFile(pData, pData->f_fname)); + CHKiRet(prepareFile(pData, pData->fname)); if(pData->pStrm == NULL) { - errmsg.LogError(0, RS_RET_NO_FILE_ACCESS, "Could no open output file '%s'", pData->f_fname); + errmsg.LogError(0, RS_RET_NO_FILE_ACCESS, "Could no open output file '%s'", pData->fname); } } } @@ -885,7 +885,7 @@ ENDcreateInstance BEGINfreeInstance CODESTARTfreeInstance free(pData->tplName); - free(pData->f_fname); + free(pData->fname); if(pData->bDynamicName) { dynaFileFreeCache(pData); } else if(pData->pStrm != NULL) @@ -935,7 +935,7 @@ ENDendTransaction BEGINdoAction CODESTARTdoAction DBGPRINTF("file to log to: %s\n", - (pData->bDynamicName) ? ppString[1] : pData->f_fname); + (pData->bDynamicName) ? ppString[1] : pData->fname); DBGPRINTF("omfile: start of data: '%.128s'\n", ppString[0]); STATSCOUNTER_INC(pData->ctrRequests, pData->mutCtrRequests); CHKiRet(writeFile(ppString, iMsgOpts, pData)); @@ -951,7 +951,7 @@ ENDdoAction static inline void setInstParamDefaults(instanceData *pData) { - pData->f_fname = NULL; + pData->fname = NULL; pData->tplName = NULL; pData->fileUID = -1; pData->fileGID = -1; @@ -987,7 +987,7 @@ setupInstStatsCtrs(instanceData *pData) } /* support statistics gathering */ - snprintf((char*)ctrName, sizeof(ctrName), "dynafile cache %s", pData->f_fname); + snprintf((char*)ctrName, sizeof(ctrName), "dynafile cache %s", pData->fname); ctrName[sizeof(ctrName)-1] = '\0'; /* be on the save side */ CHKiRet(statsobj.Construct(&(pData->stats))); CHKiRet(statsobj.SetName(pData->stats, ctrName)); @@ -1156,11 +1156,11 @@ CODESTARTnewActInst } else if(!strcmp(actpblk.descr[i].name, "createdirs")) { pData->bCreateDirs = (int) pvals[i].val.d.n; } else if(!strcmp(actpblk.descr[i].name, "file")) { - pData->f_fname = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + pData->fname = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); CODE_STD_STRING_REQUESTnewActInst(1) pData->bDynamicName = 0; } else if(!strcmp(actpblk.descr[i].name, "dynafile")) { - pData->f_fname = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + pData->fname = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); CODE_STD_STRING_REQUESTnewActInst(2) pData->bDynamicName = 1; } else if(!strcmp(actpblk.descr[i].name, "template")) { @@ -1175,7 +1175,7 @@ CODESTARTnewActInst } } - if(pData->f_fname == NULL) { + if(pData->fname == NULL) { errmsg.LogError(0, RS_RET_MISSING_CNFPARAMS, "omfile: either the \"file\" or " "\"dynfile\" parameter must be given"); ABORT_FINALIZE(RS_RET_MISSING_CNFPARAMS); @@ -1196,7 +1196,7 @@ CODESTARTnewActInst /* "filename" is actually a template name, we need this as string 1. So let's add it * to the pOMSR. -- rgerhards, 2007-07-27 */ - CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->f_fname), OMSR_NO_RQD_TPL_OPTS)); + CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->fname), OMSR_NO_RQD_TPL_OPTS)); // TODO: create unified code for this (legacy+v6 system) /* we now allocate the cache table */ CHKmalloc(pData->dynCache = (dynaFileCacheEntry**) @@ -1255,13 +1255,13 @@ CODESTARTparseSelectorAct CODE_STD_STRING_REQUESTparseSelectorAct(2) ++p; /* eat '?' */ CHKiRet(cflineParseFileName(p, fname, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, getDfltTpl())); - pData->f_fname = ustrdup(fname); + pData->fname = ustrdup(fname); pData->bDynamicName = 1; pData->iCurrElt = -1; /* no current element */ /* "filename" is actually a template name, we need this as string 1. So let's add it * to the pOMSR. -- rgerhards, 2007-07-27 */ - CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->f_fname), OMSR_NO_RQD_TPL_OPTS)); + CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pData->fname), OMSR_NO_RQD_TPL_OPTS)); /* we now allocate the cache table */ CHKmalloc(pData->dynCache = (dynaFileCacheEntry**) calloc(cs.iDynaFileCacheSize, sizeof(dynaFileCacheEntry*))); @@ -1271,7 +1271,7 @@ CODESTARTparseSelectorAct case '.': CODE_STD_STRING_REQUESTparseSelectorAct(1) CHKiRet(cflineParseFileName(p, fname, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, getDfltTpl())); - pData->f_fname = ustrdup(fname); + pData->fname = ustrdup(fname); pData->bDynamicName = 0; break; default: diff --git a/tools/recover_qi.pl b/tools/recover_qi.pl index 4e2cf9d..eb8de55 100755 --- a/tools/recover_qi.pl +++ b/tools/recover_qi.pl @@ -1,207 +1,207 @@ -#!/usr/bin/perl -w
-# recover rsyslog disk queue index (.qi) from queue files (.nnnnnnnn).
-#
-# See:
-# runtime/queue.c: qqueuePersist()
-# runtime/queue.c: qqueueTryLoadPersistedInfo()
-#
-# kaiwang.chen@gmail.com 2012-03-14
-#
-use strict;
-use Getopt::Long;
-
-my %opt = ();
-GetOptions(\%opt,"spool|w=s","basename|f=s","digits|d=i","help!");
-if ($opt{help}) {
- print "Usage:
-\t$0 -w WorkDirectory -f QueueFileName -d 8 > QueueFileName.qi
-";
- exit;
-}
-
-# runtime/queue.c: qConstructDisk()
-my $iMaxFiles = 10000000; # 0+"1".( "0"x($opt{digits} - 1));
-
-# get the list of queue files, spool directory excluded
-my $re = qr/^\Q$opt{basename}\E\.\d{$opt{digits}}$/;
-opendir(DIR, $opt{spool}) or die "can’t open spool: $!";
-my @qf = grep { /$re/ && -f "$opt{spool}/$_" } readdir(DIR);
-closedir DIR;
-
-# ensure order and continuity
-@qf = sort @qf;
-my ($head) = ($qf[0] =~ /(\d+)$/);
-my ($tail) = ($qf[-1] =~ /(\d+)$/);
-$head += 0;
-$tail += 0;
-if ($tail-$head+1 != @qf || $tail > $iMaxFiles) {
- die "broken queue: missing file(s) or wrong tail\n";
-}
-
-# collect some counters about the queue, assuming all are unprocessed entries.
-my $sizeOnDisk = 0;
-my $iQueueSize = 0;
-chdir($opt{spool}) or die "can't chdir to spool: $!";
-print STDERR "traversing ". @qf ." files, please wait...\n";
-for (@qf) {
- open FH, "<", $_ or die "can't read queue file $_\n";
- $sizeOnDisk += (stat FH)[7];
- while (<FH>) {
- $iQueueSize++ if /^<Obj/; # runtime/msg.c: MsgSerialize()
- }
- close FH;
-}
-# happen to reuse last stat
-my $iCurrOffs_Write = (stat(_))[7];
-
-# runtime/queue.c: qqueuePersist()
-my $qqueue = Rsyslog::OPB->new("qqueue",1);
-$qqueue->property("iQueueSize", "INT", $iQueueSize);
-$qqueue->property("tVars.disk.sizeOnDisk", "INT64", $sizeOnDisk);
-$qqueue->property("tVars.disk.bytesRead", "INT64", 0);
-
-# runtime/stream.h: strmType_t
-my $STREAMTYPE_FILE_CIRCULAR = 1;
-# runtime/stream.h: strmMode_t
-my $STREAMMODE_READ = 1;
-my $STREAMMODE_WRITE_APPEND = 4;
-
-# runtime/stream.c: strmSerialize()
-# write to end
-my $strm_Write = Rsyslog::Obj->new("strm",1);
-$strm_Write->property( "iCurrFNum", "INT", $tail);
-$strm_Write->property( "pszFName", "PSZ", $opt{basename});
-$strm_Write->property( "iMaxFiles", "INT", $iMaxFiles);
-$strm_Write->property( "bDeleteOnClose", "INT", 0);
-$strm_Write->property( "sType", "INT", $STREAMTYPE_FILE_CIRCULAR);
-$strm_Write->property("tOperationsMode", "INT", $STREAMMODE_WRITE_APPEND);
-$strm_Write->property( "tOpenMode", "INT", 0600);
-$strm_Write->property( "iCurrOffs","INT64", $iCurrOffs_Write);
-# read from head
-my $strm_ReadDel = Rsyslog::Obj->new("strm",1);
-$strm_ReadDel->property( "iCurrFNum", "INT", $head);
-$strm_ReadDel->property( "pszFName", "PSZ", $opt{basename});
-$strm_ReadDel->property( "iMaxFiles", "INT", $iMaxFiles);
-$strm_ReadDel->property( "bDeleteOnClose", "INT", 1);
-$strm_ReadDel->property( "sType", "INT", $STREAMTYPE_FILE_CIRCULAR);
-$strm_ReadDel->property("tOperationsMode", "INT", $STREAMMODE_READ);
-$strm_ReadDel->property( "tOpenMode", "INT", 0600);
-$strm_ReadDel->property( "iCurrOffs","INT64", 0);
-
-# .qi
-print $qqueue->serialize();
-print $strm_Write->serialize();
-print $strm_ReadDel->serialize();
-
-exit;
-#-----------------------------------------------------------------------------
-
-package Rsyslog::Serializable;
-# runtime/obj.c
-sub COOKIE_OBJLINE { '<' }
-sub COOKIE_PROPLINE { '+' }
-sub COOKIE_ENDLINE { '>' }
-sub COOKIE_BLANKLINE { '.' }
-# VARTYPE(short_ptype)
-sub VARTYPE {
- my ($t) = @_;
- # runtime/obj-types.h: propType_t
- my $ptype = "PROPTYPE_".$t;
- # runtime/var.h: varType_t
- my %vm = (
- VARTYPE_NONE => 0,
- VARTYPE_STR => 1,
- VARTYPE_NUMBER => 2,
- VARTYPE_SYSLOGTIME => 3,
- );
- # runtime/obj.c: SerializeProp()
- my %p2v = (
- #PROPTYPE_NONE => "",
- PROPTYPE_PSZ => "VARTYPE_STR",
- PROPTYPE_SHORT => "VARTYPE_NUMBER",
- PROPTYPE_INT => "VARTYPE_NUMBER",
- PROPTYPE_LONG => "VARTYPE_NUMBER",
- PROPTYPE_INT64 => "VARTYPE_NUMBER",
- PROPTYPE_CSTR => "VARTYPE_STR",
- #PROPTYPE_SYSLOGTIME => "VARTYPE_SYSLOGTIME",
- );
- my $vtype = $p2v{$ptype};
- unless ($vtype) {
- die "property type $t is not supported!\n";
- }
- return $vm{$vtype};
-}
-sub serialize {
- my $self = shift;
- # runtime/obj.c: objSerializeHeader()
- my $x = COOKIE_OBJLINE();
- $x .= join(":", $self->type(), $self->cver(), $self->id(), $self->version());
- $x .= ":\n";
- for ( values %{$self->{props}} ) {
- # runtime/obj.c: SerializeProp()
- $x .= COOKIE_PROPLINE();
- $x .= join(":",
- $_->{name},
- VARTYPE($_->{type}),
- length($_->{value}),
- $_->{value});
- $x .= ":\n";
- }
- # runtime/obj.c: EndSerialize()
- $x .= COOKIE_ENDLINE() . "End\n";
- $x .= COOKIE_BLANKLINE() . "\n";
-}
-# constructor: new(id,version)
-sub new {
- my ($class, $id, $version) = @_;
- $class = ref $class if ref $class;
- bless {
- id => $id,
- version => $version,
- props => {},
- }, $class;
-}
-sub id {
- my $self = shift;
- if (@_) {
- my $x = $self->{id};
- $self->{id} = shift;
- return $x;
- }
- return $self->{id};
-}
-sub version {
- my $self = shift;
- if (@_) {
- my $x = $self->{version};
- $self->{version} = shift;
- return $x;
- }
- return $self->{version};
-}
-# property(name, type, value)
-sub property {
- my $self = shift;
- my $name = shift;
- if (@_) {
- my $x = $self->{props}{$name};
- $self->{props}{$name}{name} = $name;
- $self->{props}{$name}{type} = shift;
- $self->{props}{$name}{value} = shift;
- return $x;
- }
- return $self->{props}{$name};
-}
-1;
-package Rsyslog::OPB;
-use base qw(Rsyslog::Serializable);
-sub type { 'OPB' }
-sub cver { 1 }
-sub new { shift->SUPER::new(@_) }
-1;
-package Rsyslog::Obj;
-use base qw(Rsyslog::Serializable);
-sub type { 'Obj' }
-sub cver { 1 }
-sub new { shift->SUPER::new(@_) }
-1;
+#!/usr/bin/perl -w +# recover rsyslog disk queue index (.qi) from queue files (.nnnnnnnn). +# +# See: +# runtime/queue.c: qqueuePersist() +# runtime/queue.c: qqueueTryLoadPersistedInfo() +# +# kaiwang.chen@gmail.com 2012-03-14 +# +use strict; +use Getopt::Long; + +my %opt = (); +GetOptions(\%opt,"spool|w=s","basename|f=s","digits|d=i","help!"); +if ($opt{help}) { + print "Usage: +\t$0 -w WorkDirectory -f QueueFileName -d 8 > QueueFileName.qi +"; + exit; +} + +# runtime/queue.c: qConstructDisk() +my $iMaxFiles = 10000000; # 0+"1".( "0"x($opt{digits} - 1)); + +# get the list of queue files, spool directory excluded +my $re = qr/^\Q$opt{basename}\E\.\d{$opt{digits}}$/; +opendir(DIR, $opt{spool}) or die "can’t open spool: $!"; +my @qf = grep { /$re/ && -f "$opt{spool}/$_" } readdir(DIR); +closedir DIR; + +# ensure order and continuity +@qf = sort @qf; +my ($head) = ($qf[0] =~ /(\d+)$/); +my ($tail) = ($qf[-1] =~ /(\d+)$/); +$head += 0; +$tail += 0; +if ($tail-$head+1 != @qf || $tail > $iMaxFiles) { + die "broken queue: missing file(s) or wrong tail\n"; +} + +# collect some counters about the queue, assuming all are unprocessed entries. +my $sizeOnDisk = 0; +my $iQueueSize = 0; +chdir($opt{spool}) or die "can't chdir to spool: $!"; +print STDERR "traversing ". @qf ." files, please wait...\n"; +for (@qf) { + open FH, "<", $_ or die "can't read queue file $_\n"; + $sizeOnDisk += (stat FH)[7]; + while (<FH>) { + $iQueueSize++ if /^<Obj/; # runtime/msg.c: MsgSerialize() + } + close FH; +} +# happen to reuse last stat +my $iCurrOffs_Write = (stat(_))[7]; + +# runtime/queue.c: qqueuePersist() +my $qqueue = Rsyslog::OPB->new("qqueue",1); +$qqueue->property("iQueueSize", "INT", $iQueueSize); +$qqueue->property("tVars.disk.sizeOnDisk", "INT64", $sizeOnDisk); +$qqueue->property("tVars.disk.bytesRead", "INT64", 0); + +# runtime/stream.h: strmType_t +my $STREAMTYPE_FILE_CIRCULAR = 1; +# runtime/stream.h: strmMode_t +my $STREAMMODE_READ = 1; +my $STREAMMODE_WRITE_APPEND = 4; + +# runtime/stream.c: strmSerialize() +# write to end +my $strm_Write = Rsyslog::Obj->new("strm",1); +$strm_Write->property( "iCurrFNum", "INT", $tail); +$strm_Write->property( "pszFName", "PSZ", $opt{basename}); +$strm_Write->property( "iMaxFiles", "INT", $iMaxFiles); +$strm_Write->property( "bDeleteOnClose", "INT", 0); +$strm_Write->property( "sType", "INT", $STREAMTYPE_FILE_CIRCULAR); +$strm_Write->property("tOperationsMode", "INT", $STREAMMODE_WRITE_APPEND); +$strm_Write->property( "tOpenMode", "INT", 0600); +$strm_Write->property( "iCurrOffs","INT64", $iCurrOffs_Write); +# read from head +my $strm_ReadDel = Rsyslog::Obj->new("strm",1); +$strm_ReadDel->property( "iCurrFNum", "INT", $head); +$strm_ReadDel->property( "pszFName", "PSZ", $opt{basename}); +$strm_ReadDel->property( "iMaxFiles", "INT", $iMaxFiles); +$strm_ReadDel->property( "bDeleteOnClose", "INT", 1); +$strm_ReadDel->property( "sType", "INT", $STREAMTYPE_FILE_CIRCULAR); +$strm_ReadDel->property("tOperationsMode", "INT", $STREAMMODE_READ); +$strm_ReadDel->property( "tOpenMode", "INT", 0600); +$strm_ReadDel->property( "iCurrOffs","INT64", 0); + +# .qi +print $qqueue->serialize(); +print $strm_Write->serialize(); +print $strm_ReadDel->serialize(); + +exit; +#----------------------------------------------------------------------------- + +package Rsyslog::Serializable; +# runtime/obj.c +sub COOKIE_OBJLINE { '<' } +sub COOKIE_PROPLINE { '+' } +sub COOKIE_ENDLINE { '>' } +sub COOKIE_BLANKLINE { '.' } +# VARTYPE(short_ptype) +sub VARTYPE { + my ($t) = @_; + # runtime/obj-types.h: propType_t + my $ptype = "PROPTYPE_".$t; + # runtime/var.h: varType_t + my %vm = ( + VARTYPE_NONE => 0, + VARTYPE_STR => 1, + VARTYPE_NUMBER => 2, + VARTYPE_SYSLOGTIME => 3, + ); + # runtime/obj.c: SerializeProp() + my %p2v = ( + #PROPTYPE_NONE => "", + PROPTYPE_PSZ => "VARTYPE_STR", + PROPTYPE_SHORT => "VARTYPE_NUMBER", + PROPTYPE_INT => "VARTYPE_NUMBER", + PROPTYPE_LONG => "VARTYPE_NUMBER", + PROPTYPE_INT64 => "VARTYPE_NUMBER", + PROPTYPE_CSTR => "VARTYPE_STR", + #PROPTYPE_SYSLOGTIME => "VARTYPE_SYSLOGTIME", + ); + my $vtype = $p2v{$ptype}; + unless ($vtype) { + die "property type $t is not supported!\n"; + } + return $vm{$vtype}; +} +sub serialize { + my $self = shift; + # runtime/obj.c: objSerializeHeader() + my $x = COOKIE_OBJLINE(); + $x .= join(":", $self->type(), $self->cver(), $self->id(), $self->version()); + $x .= ":\n"; + for ( values %{$self->{props}} ) { + # runtime/obj.c: SerializeProp() + $x .= COOKIE_PROPLINE(); + $x .= join(":", + $_->{name}, + VARTYPE($_->{type}), + length($_->{value}), + $_->{value}); + $x .= ":\n"; + } + # runtime/obj.c: EndSerialize() + $x .= COOKIE_ENDLINE() . "End\n"; + $x .= COOKIE_BLANKLINE() . "\n"; +} +# constructor: new(id,version) +sub new { + my ($class, $id, $version) = @_; + $class = ref $class if ref $class; + bless { + id => $id, + version => $version, + props => {}, + }, $class; +} +sub id { + my $self = shift; + if (@_) { + my $x = $self->{id}; + $self->{id} = shift; + return $x; + } + return $self->{id}; +} +sub version { + my $self = shift; + if (@_) { + my $x = $self->{version}; + $self->{version} = shift; + return $x; + } + return $self->{version}; +} +# property(name, type, value) +sub property { + my $self = shift; + my $name = shift; + if (@_) { + my $x = $self->{props}{$name}; + $self->{props}{$name}{name} = $name; + $self->{props}{$name}{type} = shift; + $self->{props}{$name}{value} = shift; + return $x; + } + return $self->{props}{$name}; +} +1; +package Rsyslog::OPB; +use base qw(Rsyslog::Serializable); +sub type { 'OPB' } +sub cver { 1 } +sub new { shift->SUPER::new(@_) } +1; +package Rsyslog::Obj; +use base qw(Rsyslog::Serializable); +sub type { 'Obj' } +sub cver { 1 } +sub new { shift->SUPER::new(@_) } +1; diff --git a/tools/rsgtutil.c b/tools/rsgtutil.c index 567dcf4..62c33ed 100644 --- a/tools/rsgtutil.c +++ b/tools/rsgtutil.c @@ -259,8 +259,17 @@ verify(char *name) if(bs != NULL) rsgt_objfree(0x0902, bs); if((r = rsgt_getBlockParams(sigfp, 1, &bs, &bHasRecHashes, - &bHasIntermedHashes)) != 0) + &bHasIntermedHashes)) != 0) { + if(ectx.blkNum == 0) { + fprintf(stderr, "EOF before finding any signature block - " + "is the file still open and being written to?\n"); + } else { + if(verbose) + fprintf(stderr, "EOF after signature block %lld\n", + ectx.blkNum); + } goto done; + } rsgt_vrfyBlkInit(gf, bs, bHasRecHashes, bHasIntermedHashes); ectx.recNum = 0; ++ectx.blkNum; diff --git a/tools/syslogd.c b/tools/syslogd.c index a8a733d..f14e8d5 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -436,15 +436,31 @@ submitMsgWithDfltRatelimiter(msg_t *pMsg) * to log a message orginating from the syslogd itself. */ rsRetVal -logmsgInternal(int iErr, int pri, uchar *msg, int flags) +logmsgInternal(int iErr, int pri, const uchar *const msg, int flags) { uchar pszTag[33]; + size_t lenMsg; + unsigned i; + char *bufModMsg = NULL; /* buffer for modified message, should we need to modify */ msg_t *pMsg; DEFiRet; + /* we first do a path the remove control characters that may have accidently + * introduced (program error!). This costs performance, but we do not expect + * to be called very frequently in any case ;) -- rgerhards, 2013-12-19. + */ + lenMsg = ustrlen(msg); + for(i = 0 ; i < lenMsg ; ++i) { + if(msg[i] < 0x20 || msg[i] == 0x7f) { + if(bufModMsg == NULL) { + CHKmalloc(bufModMsg = strdup((char*) msg)); + } + bufModMsg[i] = ' '; + } + } CHKiRet(msgConstruct(&pMsg)); MsgSetInputName(pMsg, pInternalInputName); - MsgSetRawMsgWOSize(pMsg, (char*)msg); + MsgSetRawMsg(pMsg, (bufModMsg == NULL) ? (char*)msg : bufModMsg, lenMsg); MsgSetHOSTNAME(pMsg, glbl.GetLocalHostName(), ustrlen(glbl.GetLocalHostName())); MsgSetRcvFrom(pMsg, glbl.GetLocalHostNameProp()); MsgSetRcvFromIP(pMsg, glbl.GetLocalHostIP()); @@ -474,7 +490,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) */ if(((Debug == DEBUG_FULL || !doFork) && ourConf->globals.bErrMsgToStderr) || iConfigVerify) { if(LOG_PRI(pri) == LOG_ERR) - fprintf(stderr, "rsyslogd: %s\n", msg); + fprintf(stderr, "rsyslogd: %s\n", (bufModMsg == NULL) ? (char*)msg : bufModMsg); } if(bHaveMainQueue == 0) { /* not yet in queued mode */ @@ -484,9 +500,9 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) * message to the queue engine. */ ratelimitAddMsg(internalMsg_ratelimiter, NULL, pMsg); - //submitMsgWithDfltRatelimiter(pMsg); } finalize_it: + free(bufModMsg); RETiRet; } |