diff options
| -rw-r--r-- | ChangeLog | 15 | ||||
| -rwxr-xr-x | configure | 119 | ||||
| -rw-r--r-- | configure.ac | 18 | ||||
| -rw-r--r-- | doc/Makefile.am | 1 | ||||
| -rw-r--r-- | doc/Makefile.in | 1 | ||||
| -rw-r--r-- | doc/imjournal.html | 45 | ||||
| -rw-r--r-- | doc/manual.html | 2 | ||||
| -rw-r--r-- | doc/rsyslog_conf_global.html | 190 | ||||
| -rw-r--r-- | doc/rsyslog_conf_modules.html | 1 | ||||
| -rwxr-xr-x[-rw-r--r--] | plugins/imjournal/imjournal.c | 38 | ||||
| -rw-r--r-- | plugins/omrelp/omrelp.c | 58 | ||||
| -rw-r--r-- | runtime/libgcry_common.c | 2 | ||||
| -rw-r--r-- | runtime/librsgt.c | 2 | ||||
| -rw-r--r-- | runtime/librsgt_read.c | 4 | ||||
| -rw-r--r-- | runtime/queue.c | 6 | ||||
| -rw-r--r-- | runtime/rsyslog.h | 1 | ||||
| -rw-r--r-- | runtime/stringbuf.c | 13 | ||||
| -rw-r--r-- | runtime/stringbuf.h | 2 | ||||
| -rw-r--r-- | tools/Makefile.am | 2 | ||||
| -rw-r--r-- | tools/Makefile.in | 4 | ||||
| -rw-r--r-- | tools/rscryutil.1 | 202 | ||||
| -rw-r--r-- | tools/rsgtutil.1 | 179 |
22 files changed, 677 insertions, 228 deletions
@@ -1,4 +1,19 @@ --------------------------------------------------------------------------- +Version 7.3.15 [beta] 2013-05-15 +- bugfix: problem in build system (especially when cross-compiling) + Thanks to Tomas Heinrich and winfried_mb2@xmsnet.nl for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=445 +- bugfix: imjournal had problem with systemd journal API change +- imjournal: now obtain and include PID +- bugfix: .logsig files had tlv16 indicator bit at wrong offset +- bugfix: omrelp legacy config parameters set a timeout of zero + which lead the legacy config to be unusable. +- bugfix: segfault on startup if a disk queue was configure without file + name + Now this triggers an error message and the queue is changed to + linkedList type. +- bugfix: invalid addressing in string class (recent regression) +--------------------------------------------------------------------------- Version 7.3.14 [beta] 2013-05-06 - bugfix: some man pages were not properly installed either rscryutil or rsgtutil man was installed, but not both @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for rsyslog 7.3.14. +# Generated by GNU Autoconf 2.68 for rsyslog 7.3.15. # # Report bugs to <rsyslog@lists.adiscon.com>. # @@ -570,8 +570,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='rsyslog' PACKAGE_TARNAME='rsyslog' -PACKAGE_VERSION='7.3.14' -PACKAGE_STRING='rsyslog 7.3.14' +PACKAGE_VERSION='7.3.15' +PACKAGE_STRING='rsyslog 7.3.15' PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com' PACKAGE_URL='' @@ -681,6 +681,7 @@ ENABLE_RFC3195_FALSE ENABLE_RFC3195_TRUE LIBLOGGING_LIBS LIBLOGGING_CFLAGS +RST2MAN ENABLE_GUARDTIME_FALSE ENABLE_GUARDTIME_TRUE GUARDTIME_LIBS @@ -806,7 +807,6 @@ LIBESTR_CFLAGS PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG -RST2MAN OTOOL64 OTOOL LIPO @@ -1593,7 +1593,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rsyslog 7.3.14 to adapt to many kinds of systems. +\`configure' configures rsyslog 7.3.15 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1663,7 +1663,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rsyslog 7.3.14:";; + short | recursive ) echo "Configuration of rsyslog 7.3.15:";; esac cat <<\_ACEOF @@ -1905,7 +1905,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rsyslog configure 7.3.14 +rsyslog configure 7.3.15 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2484,7 +2484,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rsyslog $as_me 7.3.14, which was +It was created by rsyslog $as_me 7.3.15, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3299,7 +3299,7 @@ fi # Define the identity of the package. PACKAGE='rsyslog' - VERSION='7.3.14' + VERSION='7.3.15' cat >>confdefs.h <<_ACEOF @@ -13075,46 +13075,6 @@ CC="$lt_save_CC" -# Extract the first word of "rst2man", so it can be a program name with args. -set dummy rst2man; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_RST2MAN+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $RST2MAN in - [\\/]* | ?:[\\/]*) - ac_cv_path_RST2MAN="$RST2MAN" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_RST2MAN="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -RST2MAN=$ac_cv_path_RST2MAN -if test -n "$RST2MAN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RST2MAN" >&5 -$as_echo "$RST2MAN" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - @@ -17863,8 +17823,8 @@ else ENABLE_RSYSLOGRT_FALSE= fi -RSRT_CFLAGS="\$(RSRT_CFLAGS1) \$(LIBESTR_CFLAGS) \$(JSON_C_FLAGS)" -RSRT_LIBS="\$(RSRT_LIBS1) \$(LIBESTR_LIBS) \$(JSON_C_LIBS)" +RSRT_CFLAGS="\$(RSRT_CFLAGS1) \$(LIBEE_CFLAGS) \$(LIBESTR_CFLAGS) \$(JSON_C_FLAGS)" +RSRT_LIBS="\$(RSRT_LIBS1) \$(LIBEE_LIBS) \$(LIBESTR_LIBS) \$(JSON_C_LIBS)" @@ -18600,6 +18560,59 @@ else fi + +# obtain path for rst2man +if test "x$enable_libgcrypt" = "xyes" || \ + "x$enable_guardtime" = "xyes"; then + # Extract the first word of "rst2man", so it can be a program name with args. +set dummy rst2man; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_RST2MAN+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $RST2MAN in + [\\/]* | ?:[\\/]*) + ac_cv_path_RST2MAN="$RST2MAN" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_RST2MAN="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +RST2MAN=$ac_cv_path_RST2MAN +if test -n "$RST2MAN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RST2MAN" >&5 +$as_echo "$RST2MAN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x${RST2MAN}" == "x"; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "rst2man not found in PATH +See \`config.log' for more details" "$LINENO" 5; } + fi +fi + + # RFC 3195 support # Check whether --enable-rfc3195 was given. if test "${enable_rfc3195+set}" = set; then : @@ -20754,7 +20767,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rsyslog $as_me 7.3.14, which was +This file was extended by rsyslog $as_me 7.3.15, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20820,7 +20833,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -rsyslog config.status 7.3.14 +rsyslog config.status 7.3.15 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index e18a0a7..75e88d4 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[7.3.14],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[7.3.15],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -28,7 +28,6 @@ fi AC_DISABLE_STATIC AC_PROG_LIBTOOL AC_CANONICAL_HOST -AC_PATH_PROG([RST2MAN], [rst2man]) PKG_PROG_PKG_CONFIG @@ -823,8 +822,8 @@ if test "x$enable_rsyslogrt" = "xyes"; then RSRT_LIBS1="\$(top_builddir)/runtime/librsyslog.la" fi AM_CONDITIONAL(ENABLE_RSYSLOGRT, test x$enable_rsyslogrt = xyes) -RSRT_CFLAGS="\$(RSRT_CFLAGS1) \$(LIBESTR_CFLAGS) \$(JSON_C_FLAGS)" -RSRT_LIBS="\$(RSRT_LIBS1) \$(LIBESTR_LIBS) \$(JSON_C_LIBS)" +RSRT_CFLAGS="\$(RSRT_CFLAGS1) \$(LIBEE_CFLAGS) \$(LIBESTR_CFLAGS) \$(JSON_C_FLAGS)" +RSRT_LIBS="\$(RSRT_LIBS1) \$(LIBEE_LIBS) \$(LIBESTR_LIBS) \$(JSON_C_LIBS)" AC_SUBST(RSRT_CFLAGS1) AC_SUBST(RSRT_LIBS1) AC_SUBST(RSRT_CFLAGS) @@ -1000,6 +999,17 @@ if test "x$enable_guardtime" = "xyes"; then fi AM_CONDITIONAL(ENABLE_GUARDTIME, test x$enable_guardtime = xyes) + +# obtain path for rst2man +if test "x$enable_libgcrypt" = "xyes" || \ + "x$enable_guardtime" = "xyes"; then + AC_PATH_PROG([RST2MAN], [rst2man]) + if test "x${RST2MAN}" == "x"; then + AC_MSG_FAILURE([rst2man not found in PATH]) + fi +fi + + # RFC 3195 support AC_ARG_ENABLE(rfc3195, [AS_HELP_STRING([--enable-rfc3195],[Enable RFC3195 support @<:@default=no@:>@])], diff --git a/doc/Makefile.am b/doc/Makefile.am index 46afd90..e175764 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -35,6 +35,7 @@ html_files = \ omfwd.html \ omfile.html \ omjournal.html \ + imjournal.html \ mmanon.html \ omusrmsg.html \ omstdout.html \ diff --git a/doc/Makefile.in b/doc/Makefile.in index e83e568..1e2237a 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -280,6 +280,7 @@ html_files = \ omfwd.html \ omfile.html \ omjournal.html \ + imjournal.html \ mmanon.html \ omusrmsg.html \ omstdout.html \ diff --git a/doc/imjournal.html b/doc/imjournal.html new file mode 100644 index 0000000..e3f6450 --- /dev/null +++ b/doc/imjournal.html @@ -0,0 +1,45 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<meta http-equiv="Content-Language" content="en"><title>Text File Input Monitor</title></head> +<body> +<a href="rsyslog_conf_modules.html">back</a> + +<h1>Systemd Journal Input Module</h1> +<p><b>Module Name: imjournal</b></p> +<p><b>Author: </b>Milan Bartos +<mbartos@redhat.com></p> +<p><b>Description</b>:</p> +<p>Provides the ability to import structured log messages from systemd journal +to syslog.</p> + +<p><b>Configuration Directives</b>:</p> +<p><b>Module Directives</b></p> +<ul> +<li><span style="font-weight: bold;">PersistStateInterval +messages</span><br> +This is a global setting. It specifies how often should the journal state be persisted. +This option is useful for rsyslog to start reding from the last journal message it read. + +<li><span style="font-weight: bold;">StateFile +/path/to/file</span><br> +This is a global setting. It specifies where the state file for persisting +journal state is located. +</ul> +<b>Caveats/Known Bugs:</b> +<p> +</p> +<p><b>Sample:</b></p> +<p> +The following example shows pulling structured imjournal messages and saving them into /var/log/ceelog +</p> +<textarea rows="15" cols="60"> +module(load="imjournal" PersistStateInterval="100" StateFile="/path/to/file") #load imjournal module +module(load="mmjsonparse") #load mmjsonparse module for structured logs + +$template CEETemplate,"%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%\n" #template for messages + +*.* :mmjsonparse: +*.* /var/log/ceelog;CEETemplate +</textarea> +</body> +</html> diff --git a/doc/manual.html b/doc/manual.html index 5a74c8c..746e83c 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ professional services</a> available directly from the source!</p> <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a> to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the project goals.</p> -<p><b>This documentation is for version 7.3.14 (beta branch) of rsyslog.</b> +<p><b>This documentation is for version 7.3.15 (beta branch) of rsyslog.</b> Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html index 651808f..e48ed6d 100644 --- a/doc/rsyslog_conf_global.html +++ b/doc/rsyslog_conf_global.html @@ -17,12 +17,12 @@ appear as implementation progresses. many parameter settings modify queue parameters. If in doubt, use the default, it is usually well-chosen and applicable in most cases.</p> <ul> -<li><a href="rsconf1_abortonuncleanconfig.html">$AbortOnUncleanConfig</a> - abort startup if there is +<li><a href="rsconf1_abortonuncleanconfig.html"><b>$AbortOnUncleanConfig</b></a> - abort startup if there is any issue with the config file</li> <li><a href="rsconf1_actionexeconlywhenpreviousissuspended.html">$ActionExecOnlyWhenPreviousIsSuspended</a></li> -<li>$ActionName <a_single_word> - used primarily for documentation, e.g. when +<li><b>$ActionName</b> <a_single_word> - used primarily for documentation, e.g. when generating a configuration graph. Available sice 4.3.1. -<li>$ActionExecOnlyOnceEveryInterval <seconds> - +<li><b>$ActionExecOnlyOnceEveryInterval</b> <seconds> - execute action only if the last execute is at last <seconds> seconds in the past (more info in <a href="ommail.html">ommail</a>, but may be used with any action)</li> @@ -46,60 +46,60 @@ The question is if this is desired behavior? Or should the rule only be triggered if the messages occur within an e.g. 20 minute window? If the later is the case, you need a <br> -$ActionExecOnlyEveryNthTimeTimeout 1200 +<b>$ActionExecOnlyEveryNthTimeTimeout 1200</b> <br> This directive will timeout previous messages seen if they are older than 20 minutes. In the example above, the count would now be always 1 and consequently no rule would ever be triggered. -<li><a href="omfile.html">$ActionFileDefaultTemplate</a> [templateName] - sets a new default template for file actions</li> -<li><a href="omfile.html">$ActionFileEnableSync</a> [on/<span style="font-weight: bold;">off</span>] - enables file +<li><a href="omfile.html"><b>$ActionFileDefaultTemplate</b></a> [templateName] - sets a new default template for file actions</li> +<li><a href="omfile.html"><b>$ActionFileEnableSync</b></a> [on/<span style="font-weight: bold;">off</span>] - enables file syncing capability of omfile</li> -<li><a href="omfwd.html">$ActionForwardDefaultTemplate</a> [templateName] - sets a new +<li><a href="omfwd.html"><b>$ActionForwardDefaultTemplate</b></a> [templateName] - sets a new default template for UDP and plain TCP forwarding action</li> -<li>$ActionGSSForwardDefaultTemplate [templateName] - sets a +<li><b>$ActionGSSForwardDefaultTemplate</b> [templateName] - sets a new default template for GSS-API forwarding action</li> -<li>$ActionQueueCheckpointInterval <number></li> -<li>$ActionQueueDequeueBatchSize <number> [default 16]</li> -<li>$ActionQueueDequeueSlowdown <number> [number +<li><b>$ActionQueueCheckpointInterval</b> <number></li> +<li><b>$ActionQueueDequeueBatchSize</b> <number> [default 16]</li> +<li><b>$ActionQueueDequeueSlowdown</b> <number> [number is timeout in <i> micro</i>seconds (1000000us is 1sec!), default 0 (no delay). Simple rate-limiting!]</li> -<li>$ActionQueueDiscardMark <number> [default +<li><b>$ActionQueueDiscardMark</b> <number> [default 9750]</li> -<li>$ActionQueueDiscardSeverity <number> +<li><b>$ActionQueueDiscardSeverity</b> <number> [*numerical* severity! default 8 (nothing discarded)]</li> -<li>$ActionQueueFileName <name></li> -<li>$ActionQueueHighWaterMark <number> [default +<li><b>$ActionQueueFileName</b> <name></li> +<li><b>$ActionQueueHighWaterMark</b> <number> [default 8000]</li> -<li>$ActionQueueImmediateShutdown [on/<b>off</b>]</li> -<li>$ActionQueueSize <number></li> -<li>$ActionQueueLowWaterMark <number> [default +<li><b>$ActionQueueImmediateShutdown</b> [on/<b>off</b>]</li> +<li><b>$ActionQueueSize</b> <number></li> +<li><b>$ActionQueueLowWaterMark</b> <number> [default 2000]</li> -<li>$ActionQueueMaxFileSize <size_nbr>, default 1m</li> -<li>$ActionQueueTimeoutActionCompletion <number> +<li><b>$ActionQueueMaxFileSize</b> <size_nbr>, default 1m</li> +<li><b>$ActionQueueTimeoutActionCompletion</b> <number> [number is timeout in ms (1000ms is 1sec!), default 1000, 0 means immediate!]</li> -<li>$ActionQueueTimeoutEnqueue <number> [number +<li><b>$ActionQueueTimeoutEnqueue</b> <number> [number is timeout in ms (1000ms is 1sec!), default 2000, 0 means indefinite]</li> -<li>$ActionQueueTimeoutShutdown <number> [number +<li><b>$ActionQueueTimeoutShutdown</b> <number> [number is timeout in ms (1000ms is 1sec!), default 0 (indefinite)]</li> -<li>$ActionQueueWorkerTimeoutThreadShutdown +<li><b>$ActionQueueWorkerTimeoutThreadShutdown</b> <number> [number is timeout in ms (1000ms is 1sec!), default 60000 (1 minute)]</li> -<li>$ActionQueueType [FixedArray/LinkedList/<b>Direct</b>/Disk]</li> -<li>$ActionQueueSaveOnShutdown [on/<b>off</b>] +<li><b>$ActionQueueType</b> [FixedArray/LinkedList/<b>Direct</b>/Disk]</li> +<li><b>$ActionQueueSaveOnShutdown </b> [on/<b>off</b>] </li> -<li>$ActionQueueWorkerThreads <number>, num worker threads, default 1, recommended 1</li> -<li>$ActionQueueWorkerThreadMinumumMessages <number>, default 100</li> -<li><a href="rsconf1_actionresumeinterval.html">$ActionResumeInterval</a></li> -<li>$ActionResumeRetryCount <number> [default 0, -1 means eternal]</li> -<li><a href="omfwd.html">$ActionSendResendLastMsgOnReconnect</a> <[on/<b>off</b>]> specifies if the last message is to be resend when a connecition breaks and has been reconnected. May increase reliability, but comes at the risk of message duplication. -<li><a href="omfwd.html">$ActionSendStreamDriver</a> <driver basename> just like $DefaultNetstreamDriver, but for the specific action</li> -<li><a href="omfwd.html">$ActionSendStreamDriverMode</a> <mode>, default 0, mode to use with the stream driver (driver-specific)</li> -<li><a href="omfwd.html">$ActionSendStreamDriverAuthMode</a> <mode>, authentication mode to use with the stream driver. Note that this directive requires TLS +<li><b>$ActionQueueWorkerThreads</b> <number>, num worker threads, default 1, recommended 1</li> +<li><b>$ActionQueueWorkerThreadMinumumMessages</b> <number>, default 100</li> +<li><a href="rsconf1_actionresumeinterval.html"><b>$ActionResumeInterval</b></a></li> +<li><b>$ActionResumeRetryCount</b> <number> [default 0, -1 means eternal]</li> +<li><a href="omfwd.html"><b>$ActionSendResendLastMsgOnReconnect</b></a> <[on/<b>off</b>]> specifies if the last message is to be resend when a connecition breaks and has been reconnected. May increase reliability, but comes at the risk of message duplication. +<li><a href="omfwd.html"><b>$ActionSendStreamDriver</b></a> <driver basename> just like $DefaultNetstreamDriver, but for the specific action</li> +<li><a href="omfwd.html"><b>$ActionSendStreamDriverMode</b></a> <mode>, default 0, mode to use with the stream driver (driver-specific)</li> +<li><a href="omfwd.html"><b>$ActionSendStreamDriverAuthMode</b></a> <mode>, authentication mode to use with the stream driver. Note that this directive requires TLS netstream drivers. For all others, it will be ignored. (driver-specific)</li> -<li><a href="omfwd.html">$ActionSendStreamDriverPermittedPeer</a> <ID>, accepted fingerprint (SHA1) or name of remote peer. Note that this directive requires TLS +<li><a href="omfwd.html"><b>$ActionSendStreamDriverPermittedPeer</b></a> <ID>, accepted fingerprint (SHA1) or name of remote peer. Note that this directive requires TLS netstream drivers. For all others, it will be ignored. (driver-specific) -<span style="font-weight: bold;"> directive may go away</span>!</li> <li><a href="omfwd.html"><b>$ActionSendTCPRebindInterval</b> nbr</a>- [available since 4.5.1] - instructs the TCP send @@ -120,40 +120,40 @@ heartbeat. Note that this option auto-resets to "off", so if you inten actions, it must be specified in front off <b>all</b> selector lines that should provide this functionality. </li> -<li><a href="rsconf1_allowedsender.html">$AllowedSender</a></li> -<li><a href="rsconf1_controlcharacterescapeprefix.html">$ControlCharacterEscapePrefix</a></li> -<li><a href="rsconf1_debugprintcfsyslinehandlerlist.html">$DebugPrintCFSyslineHandlerList</a></li> +<li><a href="rsconf1_allowedsender.html"><b>$AllowedSender</b></a></li> +<li><a href="rsconf1_controlcharacterescapeprefix.html"><b>$ControlCharacterEscapePrefix</b></a></li> +<li><a href="rsconf1_debugprintcfsyslinehandlerlist.html"><b>$DebugPrintCFSyslineHandlerList</b></a></li> -<li><a href="rsconf1_debugprintmodulelist.html">$DebugPrintModuleList</a></li> -<li><a href="rsconf1_debugprinttemplatelist.html">$DebugPrintTemplateList</a></li> -<li>$DefaultNetstreamDriver <drivername>, the default <a href="netstream.html">network stream driver</a> to use. Defaults to ptcp.$DefaultNetstreamDriverCAFile </path/to/cafile.pem></li> -<li>$DefaultNetstreamDriverCertFile </path/to/certfile.pem></li> -<li>$DefaultNetstreamDriverKeyFile </path/to/keyfile.pem></li> +<li><a href="rsconf1_debugprintmodulelist.html"><b>$DebugPrintModuleList</b></a></li> +<li><a href="rsconf1_debugprinttemplatelist.html"><b>$DebugPrintTemplateList</b></a></li> +<li><b>$DefaultNetstreamDriver</b> <drivername>, the default <a href="netstream.html">network stream driver</a> to use. Defaults to ptcp.$DefaultNetstreamDriverCAFile </path/to/cafile.pem></li> +<li><b>$DefaultNetstreamDriverCertFile</b> </path/to/certfile.pem></li> +<li><b>$DefaultNetstreamDriverKeyFile</b> </path/to/keyfile.pem></li> <li><b>$DefaultRuleset</b> <i>name</i> - changes the default ruleset for unbound inputs to the provided <i>name</i> (the default default ruleset is named "RSYSLOG_DefaultRuleset"). It is advised to also read our paper on <a href="multi_ruleset.html">using multiple rule sets in rsyslog</a>.</li> <li><a href="omfile.html"><b>$CreateDirs</b></a> [<b>on</b>/off] - create directories on an as-needed basis</li> -<li><a href="omfile.html">$DirCreateMode</a></li> -<li><a href="omfile.html">$DirGroup</a></li> -<li><a href="omfile.html">$DirOwner</a></li> -<li><a href="rsconf1_dropmsgswithmaliciousdnsptrrecords.html">$DropMsgsWithMaliciousDnsPTRRecords</a></li> -<li><a href="rsconf1_droptrailinglfonreception.html">$DropTrailingLFOnReception</a></li> -<li><a href="omfile.html">$DynaFileCacheSize</a></li> -<li><a href="rsconf1_escape8bitcharsonreceive.html">$Escape8BitCharactersOnReceive</a></li> -<li><a href="rsconf1_escapecontrolcharactersonreceive.html">$EscapeControlCharactersOnReceive</a></li> +<li><a href="omfile.html"><b>$DirCreateMode</b></a></li> +<li><a href="omfile.html"><b>$DirGroup</b></a></li> +<li><a href="omfile.html"><b>$DirOwner</b></a></li> +<li><a href="rsconf1_dropmsgswithmaliciousdnsptrrecords.html"><b>$DropMsgsWithMaliciousDnsPTRRecords</b></a></li> +<li><a href="rsconf1_droptrailinglfonreception.html"><b>$DropTrailingLFOnReception</b></a></li> +<li><a href="omfile.html"><b>$DynaFileCacheSize</b></a></li> +<li><a href="rsconf1_escape8bitcharsonreceive.html"><b>$Escape8BitCharactersOnReceive</b></a></li> +<li><a href="rsconf1_escapecontrolcharactersonreceive.html"><b>$EscapeControlCharactersOnReceive</b></a></li> <li><b>$EscapeControlCharactersOnReceive</b> [<b>on</b>|off] - escape USASCII HT character</li> -<li>$SpaceLFOnReceive [on/<b>off</b>] - instructs rsyslogd to replace LF with spaces during message reception (sysklogd compatibility aid)</li> -<li>$ErrorMessagesToStderr [<b>on</b>|off] - direct rsyslogd error message to stderr (in addition to other targets)</li> -<li><a href="omfile.html">$FailOnChownFailure</a></li> -<li><a href="omfile.html">$FileCreateMode</a></li> -<li><a href="omfile.html">$FileGroup</a></li> -<li><a href="omfile.html">$FileOwner</a></li> -<li><a href="rsconf1_generateconfiggraph.html">$GenerateConfigGraph</a></li> -<li><a href="rsconf1_gssforwardservicename.html">$GssForwardServiceName</a></li> -<li><a href="rsconf1_gsslistenservicename.html">$GssListenServiceName</a></li> -<li><a href="rsconf1_gssmode.html">$GssMode</a></li> -<li><a href="rsconf1_includeconfig.html">$IncludeConfig</a></li><li>MainMsgQueueCheckpointInterval <number></li> +<li><b>$SpaceLFOnReceive</b> [on/<b>off</b>] - instructs rsyslogd to replace LF with spaces during message reception (sysklogd compatibility aid)</li> +<li><b>$ErrorMessagesToStderr</b> [<b>on</b>|off] - direct rsyslogd error message to stderr (in addition to other targets)</li> +<li><a href="omfile.html"><b>$FailOnChownFailure</b></a></li> +<li><a href="omfile.html"><b>$FileCreateMode</b></a></li> +<li><a href="omfile.html"><b>$FileGroup</b></a></li> +<li><a href="omfile.html"><b>$FileOwner</b></a></li> +<li><a href="rsconf1_generateconfiggraph.html"><b>$GenerateConfigGraph</b></a></li> +<li><a href="rsconf1_gssforwardservicename.html"><b>$GssForwardServiceName</b></a></li> +<li><a href="rsconf1_gsslistenservicename.html"><b>$GssListenServiceName</b></a></li> +<li><a href="rsconf1_gssmode.html"><b>$GssMode</b></a></li> +<li><a href="rsconf1_includeconfig.html"><b>$IncludeConfig</b></a></li><li>MainMsgQueueCheckpointInterval <number></li> <li><b>$LocalHostName</b> [name] - this directive permits to overwrite the system hostname with the one specified in the directive. If the directive is given multiple times, all but the last one will be ignored. Please note that startup @@ -166,39 +166,39 @@ This information might be needed by some log analyzers. If set to off, no such status messages are logged, what may be useful for other scenarios. [available since 4.7.0 and 5.3.0] <li><b>$MainMsgQueueDequeueBatchSize</b> <number> [default 32]</li> -<li>$MainMsgQueueDequeueSlowdown <number> [number +<li><b>$MainMsgQueueDequeueSlowdown</b> <number> [number is timeout in <i> micro</i>seconds (1000000us is 1sec!), default 0 (no delay). Simple rate-limiting!]</li> -<li>$MainMsgQueueDiscardMark <number> [default 9750]</li> -<li>$MainMsgQueueDiscardSeverity <severity> +<li><b>$MainMsgQueueDiscardMark</b> <number> [default 9750]</li> +<li><b>$MainMsgQueueDiscardSeverity</b> <severity> [either a textual or numerical severity! default 4 (warning)]</li> -<li>$MainMsgQueueFileName <name></li> -<li>$MainMsgQueueHighWaterMark <number> [default +<li><b>$MainMsgQueueFileName</b> <name></li> +<li><b>$MainMsgQueueHighWaterMark</b> <number> [default 8000]</li> -<li>$MainMsgQueueImmediateShutdown [on/<b>off</b>]</li> -<li><a href="rsconf1_mainmsgqueuesize.html">$MainMsgQueueSize</a></li> -<li>$MainMsgQueueLowWaterMark <number> [default +<li><b>$MainMsgQueueImmediateShutdown</b> [on/<b>off</b>]</li> +<li><a href="rsconf1_mainmsgqueuesize.html"><b>$MainMsgQueueSize</b></a></li> +<li><b>$MainMsgQueueLowWaterMark</b> <number> [default 2000]</li> -<li>$MainMsgQueueMaxFileSize <size_nbr>, default +<li><b>$MainMsgQueueMaxFileSize</b> <size_nbr>, default 1m</li> -<li>$MainMsgQueueTimeoutActionCompletion +<li><b>$MainMsgQueueTimeoutActionCompletion</b> <number> [number is timeout in ms (1000ms is 1sec!), default 1000, 0 means immediate!]</li> -<li>$MainMsgQueueTimeoutEnqueue <number> [number +<li><b>$MainMsgQueueTimeoutEnqueue</b> <number> [number is timeout in ms (1000ms is 1sec!), default 2000, 0 means indefinite]</li> -<li>$MainMsgQueueTimeoutShutdown <number> [number +<li><b>$MainMsgQueueTimeoutShutdown</b> <number> [number is timeout in ms (1000ms is 1sec!), default 0 (indefinite)]</li> -<li>$MainMsgQueueWorkerTimeoutThreadShutdown +<li><b>$MainMsgQueueWorkerTimeoutThreadShutdown</b> <number> [number is timeout in ms (1000ms is 1sec!), default 60000 (1 minute)]</li> -<li>$MainMsgQueueType [<b>FixedArray</b>/LinkedList/Direct/Disk]</li> -<li>$MainMsgQueueSaveOnShutdown [on/<b>off</b>] +<li><b>$MainMsgQueueType</b> [<b>FixedArray</b>/LinkedList/Direct/Disk]</li> +<li><b>$MainMsgQueueSaveOnShutdown </b> [on/<b>off</b>] </li> -<li>$MainMsgQueueWorkerThreads <number>, num +<li><b>$MainMsgQueueWorkerThreads</b> <number>, num worker threads, default 1, recommended 1</li> -<li>$MainMsgQueueWorkerThreadMinumumMessages <number>, default 100</li> -<li><a href="rsconf1_markmessageperiod.html">$MarkMessagePeriod</a> (immark)</li> +<li><b>$MainMsgQueueWorkerThreadMinumumMessages</b> <number>, default 100</li> +<li><a href="rsconf1_markmessageperiod.html"><b>$MarkMessagePeriod</b></a> (immark)</li> <li><b><i>$MaxMessageSize</i></b> <size_nbr>, default 2k - allows to specify maximum supported message size (both for sending and receiving). The default should be sufficient for almost all cases. Do not set this below 1k, as it would cause @@ -221,9 +221,9 @@ instead of UDP (plain TCP syslog, RELP). This resolves the UDP stack size restri <br>Note that 2k, the current default, is the smallest size that must be supported in order to be compliant to the upcoming new syslog RFC series. </li> -<li><a href="rsconf1_maxopenfiles.html">$MaxOpenFiles</a></li> -<li><a href="rsconf1_moddir.html">$ModDir</a></li> -<li><a href="rsconf1_modload.html">$ModLoad</a></li> +<li><a href="rsconf1_maxopenfiles.html"><b>$MaxOpenFiles</b></a></li> +<li><a href="rsconf1_moddir.html"><b>$ModDir</b></a></li> +<li><a href="rsconf1_modload.html"><b>$ModLoad</b></a></li> <li><a href="omfile.html"><b>$OMFileAsyncWriting</b></a> [on/<b>off</b>], if turned on, the files will be written in asynchronous mode via a separate thread. In that case, double buffers will be used so that one buffer can be filled while the other buffer is being written. Note that in order @@ -246,15 +246,15 @@ error recovery thus can handle write errors without data loss. Note that this op severely reduces the effect of zip compression and should be switched to off for that use case. Note that the default -on- is primarily an aid to preserve the traditional syslogd behaviour.</li> -<li><a href="omfile.html">$omfileForceChown</a> - force ownership change for all files</li> +<li><a href="omfile.html"><b>$omfileForceChown</b></a> - force ownership change for all files</li> <li><b>$RepeatedMsgContainsOriginalMsg</b> [on/<b>off</b>] - "last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most probably more (this may change from version to version, thus no specific limit is given). The bottom line is that n is large enough to get a good idea which message was repeated but it is not necessarily large enough for the whole message. (Introduced with 4.1.5). Once set, it affects all following actions.</li> -<li><a href="rsconf1_repeatedmsgreduction.html">$RepeatedMsgReduction</a></li> -<li><a href="rsconf1_resetconfigvariables.html">$ResetConfigVariables</a></li> +<li><a href="rsconf1_repeatedmsgreduction.html"><b>$RepeatedMsgReduction</b></a></li> +<li><a href="rsconf1_resetconfigvariables.html"><b>$ResetConfigVariables</b></a></li> <li><b>$Ruleset</b> <i>name</i> - starts a new ruleset or switches back to one already defined. All following actions belong to that new rule set. the <i>name</i> does not yet exist, it is created. To switch back to rsyslog's @@ -268,17 +268,17 @@ a specific (list of) message parsers to be used with the ruleset. <li><b>$OptimizeForUniprocessor</b> [on/<b>off</b>] - turns on optimizatons which lead to better performance on uniprocessors. If you run on multicore-machiens, turning this off lessens CPU load. The default may change as uniprocessor systems become less common. [available since 4.1.0]</li> -<li>$PreserveFQDN [on/<b>off</b>) - if set to off (legacy default to remain compatible +<li><b>$PreserveFQDN</b> [on/<b>off</b>) - if set to off (legacy default to remain compatible to sysklogd), the domain part from a name that is within the same domain as the receiving system is stripped. If set to on, full names are always used.</li> -<li>$WorkDirectory <name> (directory for spool and other work files. +<li><b>$WorkDirectory</b> <name> (directory for spool and other work files. Do <b>not</b> use trailing slashes)</li> -<li>$UDPServerAddress <IP> (imudp) -- local IP +<li><b>$UDPServerAddress</b> <IP> (imudp) -- local IP address (or name) the UDP listens should bind to</li> -<li>$UDPServerRun <port> (imudp) -- former +<li><b>$UDPServerRun</b> <port> (imudp) -- former -r<port> option, default 514, start UDP server on this port, "*" means all addresses</li> -<li>$UDPServerTimeRequery <nbr-of-times> (imudp) -- this is a performance +<li><b>$UDPServerTimeRequery</b> <nbr-of-times> (imudp) -- this is a performance optimization. Getting the system time is very costly. With this setting, imudp can be instructed to obtain the precise time only once every n-times. This logic is only activated if messages come in at a very fast rate, so doing less frequent @@ -286,10 +286,10 @@ time calls should usually be acceptable. The default value is two, because we ha seen that even without optimization the kernel often returns twice the identical time. You can set this value as high as you like, but do so at your own risk. The higher the value, the less precise the timestamp. -<li><a href="droppriv.html">$PrivDropToGroup</a></li> -<li><a href="droppriv.html">$PrivDropToGroupID</a></li> -<li><a href="droppriv.html">$PrivDropToUser</a></li> -<li><a href="droppriv.html">$PrivDropToUserID</a></li> +<li><a href="droppriv.html"><b>$PrivDropToGroup</b></a></li> +<li><a href="droppriv.html"><b>$PrivDropToGroupID</b></a></li> +<li><a href="droppriv.html"><b>$PrivDropToUser</b></a></li> +<li><a href="droppriv.html"><b>$PrivDropToUserID</b></a></li> <li><b>$Sleep</b> <seconds> - puts the rsyslog main thread to sleep for the specified number of seconds immediately when the directive is encountered. You should have a good reason for using this directive!</li> @@ -306,7 +306,7 @@ rsyslog.conf</b>. Otherwise, if error messages are triggered before this directi is processed, rsyslog will fix the local host IP to "127.0.0.1", what than can not be reset. </li> -<li><a href="rsconf1_umask.html">$UMASK</a></li> +<li><a href="rsconf1_umask.html"><b>$UMASK</b></a></li> </ul> <p><b>Where <size_nbr> or integers are specified above,</b> modifiers can be used after the number part. For example, 1k means diff --git a/doc/rsyslog_conf_modules.html b/doc/rsyslog_conf_modules.html index 2668bf2..18d6b8a 100644 --- a/doc/rsyslog_conf_modules.html +++ b/doc/rsyslog_conf_modules.html @@ -45,6 +45,7 @@ to message generators. <li><a href="imsolaris.html">imsolaris</a> - input for the Sun Solaris system log source</li> <li><a href="im3195.html">im3195</a> - accepts syslog messages via RFC 3195</li> <li><a href="impstats.html">impstats</a> - provides periodic statistics of rsyslog internal counters</li> +<li><a href="imjournal.html">imjournal</a> - Linux journal inuput module</li> </ul> <a name"om"></a><h2>Output Modules</h2> diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c index 2af1958..42d3cf6 100644..100755 --- a/plugins/imjournal/imjournal.c +++ b/plugins/imjournal/imjournal.c @@ -31,6 +31,7 @@ #include <stdlib.h> #include <time.h> #include <sys/socket.h> +#include <errno.h> #include "dirty.h" #include "cfsysline.h" @@ -139,13 +140,16 @@ readjournal() { /* Information from messages */ char *message; + char *sys_pid; char *sys_iden; char *sys_iden_help; const void *get; + const void *pidget; char *parse; char *get2; size_t length; + size_t pidlength; const void *equal_sign; struct json_object *jval; @@ -203,7 +207,7 @@ readjournal() { goto free_message; } - /* Get message identifier and add ':' */ + /* Get message identifier, client pid and add ':' */ if (sd_journal_get_data(j, "SYSLOG_IDENTIFIER", &get, &length) >= 0) { sys_iden = strndup(get+18, length-18); } else { @@ -214,12 +218,30 @@ readjournal() { goto free_message; } - asprintf(&sys_iden_help, "%s:", sys_iden); + if (sd_journal_get_data(j, "SYSLOG_PID", &pidget, &pidlength) >= 0) { + sys_pid = strndup(pidget+11, pidlength-11); + if (sys_pid == NULL) { + iRet = RS_RET_OUT_OF_MEMORY; + free (sys_iden); + goto free_message; + } + } else { + sys_pid = NULL; + } + + if (sys_pid) { + asprintf(&sys_iden_help, "%s[%s]:", sys_iden, sys_pid); + } else { + asprintf(&sys_iden_help, "%s:", sys_iden); + } + + free (sys_iden); + free (sys_pid); + if (sys_iden_help == NULL) { iRet = RS_RET_OUT_OF_MEMORY; goto finalize_it; } - free (sys_iden); json = json_object_new_object(); @@ -337,7 +359,9 @@ persistJournalState () { char *cursor; int ret = 0; - if ((ret = sd_journal_get_cursor(j, &cursor)) > 0) { + /* On success, sd_journal_get_cursor() returns 1 in systemd + 197 or older and 0 in systemd 198 or newer */ + if ((ret = sd_journal_get_cursor(j, &cursor)) >= 0) { if ((sf = fopen(cs.stateFile, "wb")) != NULL) { if (fprintf(sf, "%s", cursor) < 0) { iRet = RS_RET_IO_ERROR; @@ -345,9 +369,15 @@ persistJournalState () { fclose(sf); free(cursor); } else { + char errmsg[256]; + rs_strerror_r(errno, errmsg, sizeof(errmsg)); + dbgprintf("fopen() failed: '%s'\n", errmsg); iRet = RS_RET_FOPEN_FAILURE; } } else { + char errmsg[256]; + rs_strerror_r(-(ret), errmsg, sizeof(errmsg)); + dbgprintf("sd_journal_get_cursor() failed: '%s'\n", errmsg); iRet = RS_RET_ERR; } RETiRet; diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c index c9e3244..ae65f40 100644 --- a/plugins/omrelp/omrelp.c +++ b/plugins/omrelp/omrelp.c @@ -59,7 +59,6 @@ static relpEngine_t *pRelpEngine; /* our relp engine */ typedef struct _instanceData { uchar *target; - int compressionLevel; /* 0 - no compression, else level for zlib */ uchar *port; int bInitialConnect; /* is this the initial connection request of our module? (0-no, 1-yes) */ int bIsConnected; /* currently connected to server? 0 - no, 1 - yes */ @@ -121,6 +120,7 @@ finalize_it: BEGINcreateInstance CODESTARTcreateInstance pData->bInitialConnect = 1; + pData->timeout = 90; ENDcreateInstance BEGINfreeInstance @@ -279,62 +279,6 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) if((iRet = createInstance(&pData)) != RS_RET_OK) FINALIZE; - /* we are now after the protocol indicator. Now check if we should - * use compression. We begin to use a new option format for this: - * @(option,option)host:port - * The first option defined is "z[0..9]" where the digit indicates - * the compression level. If it is not given, 9 (best compression) is - * assumed. An example action statement might be: - * :omrelp:(z5,o)127.0.0.1:1400 - * Which means send via TCP with medium (5) compresion (z) to the local - * host on port 1400. The '0' option means that octet-couting (as in - * IETF I-D syslog-transport-tls) is to be used for framing (this option - * applies to TCP-based syslog only and is ignored when specified with UDP). - * That is not yet implemented. - * rgerhards, 2006-12-07 - * TODO: think of all this in spite of RELP -- rgerhards, 2008-03-13 - */ - if(*p == '(') { - /* at this position, it *must* be an option indicator */ - do { - ++p; /* eat '(' or ',' (depending on when called) */ - /* check options */ - if(*p == 'z') { /* compression */ -# ifdef USE_NETZIP - ++p; /* eat */ - if(isdigit((int) *p)) { - int iLevel; - iLevel = *p - '0'; - ++p; /* eat */ - pData->compressionLevel = iLevel; - } else { - errmsg.LogError(0, NO_ERRCODE, "Invalid compression level '%c' specified in " - "forwardig action - NOT turning on compression.", - *p); - } -# else - errmsg.LogError(0, NO_ERRCODE, "Compression requested, but rsyslogd is not compiled " - "with compression support - request ignored."); -# endif /* #ifdef USE_NETZIP */ - } else { /* invalid option! Just skip it... */ - errmsg.LogError(0, NO_ERRCODE, "Invalid option %c in forwarding action - ignoring.", *p); - ++p; /* eat invalid option */ - } - /* the option processing is done. We now do a generic skip - * to either the next option or the end of the option - * block. - */ - while(*p && *p != ')' && *p != ',') - ++p; /* just skip it */ - } while(*p && *p == ','); /* Attention: do.. while() */ - if(*p == ')') - ++p; /* eat terminator, on to next */ - else - /* we probably have end of string - leave it for the rest - * of the code to handle it (but warn the user) - */ - errmsg.LogError(0, NO_ERRCODE, "Option block not terminated in forwarding action."); - } /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') * now skip to port and then template name. rgerhards 2005-07-06 */ diff --git a/runtime/libgcry_common.c b/runtime/libgcry_common.c index 63b5e5d..07a524d 100644 --- a/runtime/libgcry_common.c +++ b/runtime/libgcry_common.c @@ -98,7 +98,7 @@ fprintf(stderr, "pre execve: %s\n", cmd); */ /* we should never reach this point, but if we do, we terminate */ -done: return; + return; } diff --git a/runtime/librsgt.c b/runtime/librsgt.c index ae0b0df..85fc774 100644 --- a/runtime/librsgt.c +++ b/runtime/librsgt.c @@ -296,7 +296,7 @@ tlv16Write(gtfile gf, int flags, int tlvtype, uint16_t len) { uint16_t typ; int r; - typ = ((flags|1) << 13)|tlvtype; + typ = ((flags|1) << 15)|tlvtype; r = tlvbufAddOctet(gf, typ >> 8); if(r != 0) goto done; r = tlvbufAddOctet(gf, typ & 0xff); diff --git a/runtime/librsgt_read.c b/runtime/librsgt_read.c index 25c0db4..a6e3316 100644 --- a/runtime/librsgt_read.c +++ b/runtime/librsgt_read.c @@ -249,7 +249,7 @@ rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec) NEXTC; rec->hdr[0] = c; rec->tlvtype = c & 0x1f; - if(c & 0x20) { /* tlv16? */ + if(c & 0x80) { /* tlv16? */ rec->lenHdr = 4; NEXTC; rec->hdr[1] = c; @@ -290,7 +290,7 @@ rsgt_tlvDecodeSUBREC(tlvrecord_t *rec, uint16_t *stridx, tlvrecord_t *newrec) c = rec->data[(*stridx)++]; newrec->hdr[0] = c; newrec->tlvtype = c & 0x1f; - if(c & 0x20) { /* tlv16? */ + if(c & 0x80) { /* tlv16? */ newrec->lenHdr = 4; if(rec->tlvlen == *stridx) {r=RSGTE_LEN; goto done;} c = rec->data[(*stridx)++]; diff --git a/runtime/queue.c b/runtime/queue.c index 600b568..85b1e45 100644 --- a/runtime/queue.c +++ b/runtime/queue.c @@ -2760,6 +2760,12 @@ qqueueApplyCnfParam(qqueue_t *pThis, struct cnfparamvals *pvals) "param '%s'\n", pblk.descr[i].name); } } + if(pThis->qType == QUEUETYPE_DISK && pThis->pszFilePrefix == NULL) { + errmsg.LogError(0, RS_RET_QUEUE_DISK_NO_FN, "error on queue '%s', disk mode selected, but " + "no queue file name given; queue type changed to 'linkedList'", + obj.GetName((obj_t*) pThis)); + pThis->qType = QUEUETYPE_LINKEDLIST; + } cnfparamvalsDestruct(pvals, &pblk); return RS_RET_OK; } diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index a901d2e..47b3478 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -412,6 +412,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_EI_INVLD_FILE = -2325,/**< header indicates the file is no .encinfo file */ RS_RET_CRY_INVLD_ALGO = -2326,/**< user specified invalid (unkonwn) crypto algorithm */ RS_RET_CRY_INVLD_MODE = -2327,/**< user specified invalid (unkonwn) crypto mode */ + RS_RET_QUEUE_DISK_NO_FN = -2328,/**< disk queue configured, but filename not set */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/runtime/stringbuf.c b/runtime/stringbuf.c index 75d2eac..cb4f045 100644 --- a/runtime/stringbuf.c +++ b/runtime/stringbuf.c @@ -112,13 +112,12 @@ static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, uchar *fmt, va_list a DEFiRet; cstr_t *pThis; va_list ap2; - uchar *sz; int len; assert(ppThis != NULL); va_copy(ap2, ap); - len = vsnprintf(NULL, 0, fmt, ap2); + len = vsnprintf(NULL, 0, (char*)fmt, ap2); va_end(ap2); if(len < 0) @@ -133,7 +132,7 @@ static rsRetVal rsCStrConstructFromszStrv(cstr_t **ppThis, uchar *fmt, va_list a ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); } - vsnprintf(pThis->pBuf, len, fmt, ap); + vsnprintf((char*)pThis->pBuf, len, (char*)fmt, ap); *ppThis = pThis; finalize_it: RETiRet; @@ -142,13 +141,13 @@ finalize_it: /* construct from a printf-style formated string */ -rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, uchar *fmt, ...) +rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, char *fmt, ...) { DEFiRet; va_list ap; va_start(ap, fmt); - iRet = rsCStrConstructFromszStrv(ppThis, fmt, ap); + iRet = rsCStrConstructFromszStrv(ppThis, (uchar*)fmt, ap); va_end(ap); RETiRet; @@ -313,7 +312,7 @@ rsRetVal rsCStrAppendStrf(cstr_t *pThis, uchar *fmt, ...) { DEFiRet; va_list ap; - cstr_t *pStr; + cstr_t *pStr = NULL; va_start(ap, fmt); iRet = rsCStrConstructFromszStrv(&pStr, fmt, ap); @@ -322,7 +321,7 @@ rsRetVal rsCStrAppendStrf(cstr_t *pThis, uchar *fmt, ...) CHKiRet(iRet); iRet = cstrAppendCStr(pThis, pStr); - rsCStrDestruct(pStr); + rsCStrDestruct(&pStr); finalize_it: RETiRet; } diff --git a/runtime/stringbuf.h b/runtime/stringbuf.h index b301f4b..d0502a5 100644 --- a/runtime/stringbuf.h +++ b/runtime/stringbuf.h @@ -58,7 +58,7 @@ rsRetVal cstrConstruct(cstr_t **ppThis); rsRetVal cstrConstructFromESStr(cstr_t **ppThis, es_str_t *str); rsRetVal rsCStrConstructFromszStr(cstr_t **ppThis, uchar *sz); rsRetVal rsCStrConstructFromCStr(cstr_t **ppThis, cstr_t *pFrom); -rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, uchar *fmt, ...); +rsRetVal rsCStrConstructFromszStrf(cstr_t **ppThis, char *fmt, ...) __attribute__((format(printf,2, 3))); /** * Destruct the string buffer object. diff --git a/tools/Makefile.am b/tools/Makefile.am index 9a1497c..721992f 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -47,7 +47,9 @@ rsyslogd_LDFLAGS = -export-dynamic EXTRA_DIST = $(man_MANS) \ rsgtutil.rst \ + rsgtutil.1 \ rscryutil.rst \ + rscryutil.1 \ recover_qi.pl if ENABLE_DIAGTOOLS diff --git a/tools/Makefile.in b/tools/Makefile.in index f335183..9108b04 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -415,8 +415,8 @@ rsyslogd_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) # potentially incomplete build, a problem we had several times...) rsyslogd_LDADD = ../grammar/libgrammar.la ../runtime/librsyslog.la $(ZLIB_LIBS) $(PTHREADS_LIBS) $(RSRT_LIBS) $(SOL_LIBS) $(LIBEE_LIBS) $(LIBLOGNORM_LIBS) $(LIBUUID_LIBS) $(LIBGCRYPT_LIBS) rsyslogd_LDFLAGS = -export-dynamic -EXTRA_DIST = $(man_MANS) rsgtutil.rst rscryutil.rst recover_qi.pl \ - $(am__append_6) $(am__append_10) +EXTRA_DIST = $(man_MANS) rsgtutil.rst rsgtutil.1 rscryutil.rst \ + rscryutil.1 recover_qi.pl $(am__append_6) $(am__append_10) @ENABLE_DIAGTOOLS_TRUE@rsyslog_diag_hostname_SOURCES = gethostn.c @ENABLE_DIAGTOOLS_TRUE@zpipe_SOURCES = zpipe.c @ENABLE_DIAGTOOLS_TRUE@zpipe_LDADD = -lz diff --git a/tools/rscryutil.1 b/tools/rscryutil.1 new file mode 100644 index 0000000..cd6dc9d --- /dev/null +++ b/tools/rscryutil.1 @@ -0,0 +1,202 @@ +.\" Man page generated from reStructeredText. +. +.TH RSCRYUTIL 1 "2013-04-15" "" "" +.SH NAME +rscryutil \- Manage Encrypted Log Files +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +.nf +.ft C +rscryutil [OPTIONS] [FILE] ... +.ft P +.fi +.SH DESCRIPTION +.sp +This tool performs various operations on encrypted log files. +Most importantly, it provides the ability to decrypt them. +.SH OPTIONS +.INDENT 0.0 +.TP +.B \-d, \-\-decrypt +Select decryption mode. This is the default mode. +.TP +.BI \-W, \-\-write\-keyfile \ <file> +Utility function to write a key to a keyfile. The key can be obtained +via any method. +.TP +.B \-v, \-\-verbose +Select verbose mode. +.TP +.B \-f, \-\-force +Forces operations that otherwise would fail. +.TP +.BI \-k, \-\-keyfile \ <file> +Reads the key from <file>. File _must_ contain the key, only, no headers +or other meta information. Keyfiles can be generated via the +\fI\-\-write\-keyfile\fP option. +.TP +.BI \-p, \-\-key\-program \ <path\-to\-program> +In this mode, the key is provided by a so\-called "key program". This program +is executed and must return the key to (as well as some meta information) +via stdout. The core idea of key programs is that using this interface the +user can implement as complex (and secure) method to obtain keys as +desired, all without the need to make modifications to rsyslog. +.TP +.BI \-K, \-\-key \ <KEY> +TESTING AID, NOT FOR PRODUCTION USE. This uses the KEY specified +on the command line. This is the actual key, and as such this mode +is highly insecure. However, it can be useful for intial testing +steps. This option may be removed in the future. +.TP +.BI \-a, \-\-algo \ <algo> +Sets the encryption algorightm (cipher) to be used. See below +for supported algorithms. The default is "AES128". +.TP +.BI \-m, \-\-mode \ <mode> +Sets the ciphermode to be used. See below for supported modes. +The default is "CBC". +.TP +.BI \-r, \-\-generate\-random\-key \ <bytes> +Generates a random key of length <bytes>. This option is +meant to be used together with \fI\-\-write\-keyfile\fP (and it is hard +to envision any other valid use for it). +.UNINDENT +.SH OPERATION MODES +.sp +The operation mode specifies what exactly the tool does with the provided +files. The default operation mode is "dump", but this may change in the future. +Thus, it is recommended to always set the operations mode explicitely. If +multiple operations mode are set on the command line, results are +unpredictable. +.SS decrypt +.sp +The provided log files are decrypted. Note that the \fI.encinfo\fP side files +must exist and be accessible in order for decryption to to work. +.SS write\-keyfile +.sp +In this mode no log files are processed; thus it is an error to specify +any on the command line. The specified keyfile is written. The key itself +is obtained via the usual key commands. If \fI\-\-keyfile\fP is used, that +file is effectively copied. +.sp +For security reasons, existing key files are _not_ overwritten. To permit +this, specify the \fI\-\-force\fP option. When doing so, keep in mind that lost +keys cannot be recovered and data encrypted with them may also be considered +lost. +.sp +Keyfiles are always created with 0400 permission, that is read access for only +the user. An exception is when an existing file is overwritten via the +\fI\-\-force\fP option, in which case the former permissions still apply. +.SH EXIT CODES +.sp +The command returns an exit code of 0 if everything went fine, and some +other code in case of failures. +.SH SUPPORTED ALGORITHMS +.sp +We basically support what libgcrypt supports. This is: +.INDENT 0.0 +.INDENT 3.5 +3DES +CAST5 +BLOWFISH +AES128 +AES192 +AES256 +TWOFISH +TWOFISH128 +ARCFOUR +DES +SERPENT128 +SERPENT192 +SERPENT256 +RFC2268_40 +SEED +CAMELLIA128 +CAMELLIA192 +CAMELLIA256 +.UNINDENT +.UNINDENT +.SH SUPPORTED CIPHER MODES +.sp +We basically support what libgcrypt supports. This is: +.INDENT 0.0 +.INDENT 3.5 +ECB +CFB +CBC +STREAM +OFB +CTR +AESWRAP +.UNINDENT +.UNINDENT +.SH EXAMPLES +.sp +\fBrscryutil logfile\fP +.sp +Decrypts "logfile" and sends data to stdout. +.sp +\fBrscryutil \-\-generate\-random\-key 16 \-\-keyfile /some/secured/path/keyfile\fP +.sp +Generates random key and stores it in the specified keyfile. +.SH LOG SIGNATURES +.sp +Encrypted log files can be used together with signing. To verify such a file, +it must be decrypted first, and the verification tool \fBrsgtutil(1)\fP must be +run on the decrypted file. +.SH SECURITY CONSIDERATIONS +.sp +Specifying keys directly on the command line (\fI\-\-key\fP option) is very +insecure and should +not be done, except for testing purposes with test keys. Even then it is +recommended to use keyfiles, which are also easy to handle during testing. +Keep in mind that command history is usally be kept by bash and can also +easily be monitored. +.sp +Local keyfiles are also a security risk. At a minimum, they should be +used with very restrictive file permissions. For this reason, +the \fIrscryutil\fP tool creates them with read permissions for the user, +only, no matter what umask is set to. +.sp +When selecting cipher algorithms and modes, care needs to be taken. The +defaults should be reasonable safe to use, but this tends to change over +time. Keep up with the most current crypto recommendations. +.SH SEE ALSO +.sp +\fBrsgtutil(1)\fP, \fBrsyslogd(8)\fP +.SH COPYRIGHT +.sp +This page is part of the \fIrsyslog\fP project, and is available under +LGPLv2. +.SH AUTHOR +Rainer Gerhards <rgerhards@adiscon.com> +.\" Generated by docutils manpage writer. +.\" +. diff --git a/tools/rsgtutil.1 b/tools/rsgtutil.1 new file mode 100644 index 0000000..5543a11 --- /dev/null +++ b/tools/rsgtutil.1 @@ -0,0 +1,179 @@ +.\" Man page generated from reStructeredText. +. +.TH RSGTUTIL 1 "2013-03-25" "" "" +.SH NAME +rsgtutil \- Manage (GuardTime) Signed Log Files +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.sp +.nf +.ft C +rsgtutil [OPTIONS] [FILE] ... +.ft P +.fi +.SH DESCRIPTION +.sp +This tool performs various maintenance operations on signed log files. +It specifically supports the GuardTime signature provider. +.sp +The \fIrsgtutil\fP tool is the primary tool to verify log file signatures, +dump signature file contents and carry out other maintenance operations. +The tool offers different operation modes, which are selected via +command line options. +.sp +The processing of multiple files is permitted. Depending on operation +mode, either the signature file or the base log file must be specified. +Within a single call, only a single operations mode is permitted. To +use different modes on different files, multiple calles, one for each +mode, must be made. +.sp +If no file is specified on the command line, stdin is used instead. Note +that not all operation modes support stdin. +.SH OPTIONS +.INDENT 0.0 +.TP +.B \-D, \-\-dump +Select "dump" operations mode. +.TP +.B \-t, \-\-verify +Select "verify" operations mode. +.TP +.B \-T, \-\-detect\-file\-type +Select "detect\-file\-type" operations mode. +.TP +.B \-B, \-\-show\-sigblock\-params +Select "show\-sigblock\-params" operations mode. +.TP +.B \-s, \-\-show\-verified +Prints out information about correctly verified blocks (by default, only +errors are printed). +.TP +.B \-v, \-\-verbose +Select verbose mode. Most importantly, hashes and signatures are printed +in full length (can be \fBvery\fP lengthy) rather than the usual abbreviation. +.TP +.B \-e, \-\-extend +Select extend mode. This extends the RFC3161 signatures. Note that this +mode also implies a full verification. If there are verify errors, extending +will also fail. +.TP +.BI \-P \ <URL>, \ \-\-publications\-server \ <URL> +Sets the publications server. If not set but required by the operation a +default server is used. The default server is not necessarily optimal +in regard to performance and reliability. +.UNINDENT +.SH OPERATION MODES +.sp +The operation mode specifies what exactly the tool does with the provided +files. The default operation mode is "dump", but this may change in the future. +Thus, it is recommended to always set the operations mode explicitely. If +multiple operations mode are set on the command line, results are +unpredictable. +.SS dump +.sp +The provided \fIsignature\fP files are dumped. For each top\-level record, the*u +type code is printed as well as q short description. If there is additional +information available, it will be printed in tab\-indented lines below the +main record dump. The actual \fIlog\fP files need not to be present. +.SS verify +.sp +This mode does not work with stdin. On the command line, the \fIlog\fP file names +are specified. The corresponding \fIsignature\fP files (ending on ".gtsig") must also +be preset at the same location as the log file. In verify mode, both the log +and signature file is read and the validity of the log file checked. If verification +errors are detected these are printed and processing of the file aborted. By default, +each file is verified individually, without taking cross\-file hash chains into +account (so the order of files on the command line does not matter). +.sp +Note that the actual amount of what can be verified depends on the parameters with +which the signature file was written. If record and tree hashes are present, they +will be verified and thus fine\-granular error reporting is possible. If they are +not present, only the block signature itself is verified. +.sp +By default, only errors are printed. To also print successful verifications, use the +\fB\-\-show\-verified\fP option. +.SS extend +.sp +This extends the RFC3161 signatures. This includes a full verification +of the file. If there are verification errors, extending will also fail. +Note that a signature can only be extended when the required hash has been +published. Currently, these hashes are created at the 15th of each month at +0:00hrs UTC. It takes another few days to get them finally published. As such, +it can be assumed that extending is only possible after this happend (which +means it may take slightly above a month). +.sp +To prevent data corruption, a copy of the signature file is created during +extension. So there must be enough disk space available for both files, +otherwise the operation will fail. If the log file is named logfile, the +signature file is logfile.gtsig and the temporary work file is named +logfile.gtsig.new. When extending finished successfully, the original +signature file (logfile.gtsig in our example) is renamed with the .old +postfix (logfile.gtsig.old) and the temporary file written under the +original name. The .old file can be deleted. It is just kept as a +precaution to prevent signature loss. Note that any already existing +.old or .new files are overwritten by these operations. +.SS detect\-file\-type +.sp +This mode is used to detect the type of some well\-know files used inside the +signature system. The detection is based on the file header. This mode is +primarily a debug aid. +.SS show\-sigblock\-params +.sp +This mode is used to print signature block parameters. It is similar to \fIdump\fP +mode, but will ignore everything except signature blocks. Also, some additional +meta information is printed. This mode is primarily a debug aid. +.SH EXIT CODES +.sp +The command returns an exit code of 0 if everything went fine, and some +other code in case of failures. +.SH EXAMPLES +.sp +\fBrsgtutil \-\-verify logfile\fP +.sp +This verifies the file "logfile" via its associated signature file +"logfile.gtsig". If errors are detected, these are reported to stderr. +Otherwise, rsgtutil terminates without messages. +.sp +\fBrsgtutil \-\-dump logfile.gtsig\fP +.sp +This dumps the content of the signature file "logfile.gtsig". The +actual log file is not being processed and does not even need to be +present. +.SH SEE ALSO +.sp +\fBrsyslogd(8)\fP +.SH COPYRIGHT +.sp +This page is part of the \fIrsyslog\fP project, and is available under +LGPLv2. +.SH AUTHOR +Rainer Gerhards <rgerhards@adiscon.com> +.\" Generated by docutils manpage writer. +.\" +. |