diff options
| author | Gergely Nagy <algernon@balabit.hu> | 2012-03-23 11:06:12 +0100 |
|---|---|---|
| committer | Gergely Nagy <algernon@balabit.hu> | 2012-03-23 11:06:12 +0100 |
| commit | 4a7483a074c4fc02fb01b24deb008b08e2673e9a (patch) | |
| tree | 04deee277f737f54e00f575eba841bacb1ac9e98 | |
| parent | 611b698ce05d9f26a176b01e4ca2b81777a9acbe (diff) | |
| parent | 632e1a5d657a1ebdc15fc0571ccd958a27e838cc (diff) | |
Merge branch 'master' into debian
| -rw-r--r-- | LICENSE | 2 | ||||
| -rw-r--r-- | README.rst | 12 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | lib/Makefile.am | 26 | ||||
| -rw-r--r-- | lib/libcee-syslog.3 | 211 | ||||
| -rw-r--r-- | lib/libcee-syslog.ld | 17 | ||||
| -rw-r--r-- | lib/libumberlog.ld | 17 | ||||
| -rw-r--r-- | lib/libumberlog.pc.in (renamed from lib/libcee-syslog.pc.in) | 6 | ||||
| -rw-r--r-- | lib/umberlog.c (renamed from lib/cee-syslog.c) | 171 | ||||
| -rw-r--r-- | lib/umberlog.h (renamed from lib/cee-syslog.h) | 30 | ||||
| -rw-r--r-- | lib/umberlog.rst | 139 | ||||
| -rw-r--r-- | t/Makefile.am | 4 | ||||
| -rw-r--r-- | t/test_umberlog.c (renamed from t/test_cee_format.c) | 36 |
13 files changed, 299 insertions, 376 deletions
@@ -1,4 +1,4 @@ -libcee-syslog -- CEE-enhanced syslog API. +libumberlog -- CEE-enhanced syslog API. Copyright (c) 2012 BalaBit IT Security Ltd. All rights reserved. @@ -1,7 +1,7 @@ -libcee-syslog -============= +libumberlog +=========== -The libcee-syslog library serves two purposes: it's either a drop-in +The libumberlog library serves two purposes: it's either a drop-in replacement for the ``syslog()`` system call, in which case it turns the default syslog messages into CEE-enhanced messages, with a CEE-JSON payload, and some automatically discovered fields. @@ -34,8 +34,8 @@ The library follows the usual autotools way of installation: :: - $ git clone git://github.com/algernon/libcee-syslog.git - $ cd libcee-syslog + $ git clone git://github.com/algernon/libumberlog.git + $ cd libumberlog $ ./autogen.sh $ ./configure && make && make install @@ -45,7 +45,7 @@ Usage The library can either be used as an LD_PRELOAD-able shared object, in which case it overrides the system-supplied syslog() calls with its own, or as a proper library. In the latter case, please see the -libcee-syslog(3) manual page for more information. +umberlog(3) manual page for more information. In the former case, using the library is as easy as setting LD_PRELOAD prior to executing a program (if one wants to control this on a diff --git a/configure.ac b/configure.ac index 1596cd3..f2c37b8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ dnl Process this file with autoconf to produce a configure script. dnl -AC_INIT(libcee-syslog, 0.1.0, algernon@balabit.hu, libcee-syslog, https://github.com/algernon/libcee-syslog) +AC_INIT(libumberlog, 0.1.0, algernon@balabit.hu, libumberlog, https://github.com/algernon/libumberlog) AM_INIT_AUTOMAKE([1.9 tar-ustar]) dnl *************************************************************************** @@ -59,6 +59,6 @@ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version number]) AC_OUTPUT( Makefile lib/Makefile - lib/libcee-syslog.pc + lib/libumberlog.pc t/Makefile ) diff --git a/lib/Makefile.am b/lib/Makefile.am index c32a826..030ae4e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,20 +1,16 @@ -LCS_CURRENT = 0 -LCS_REVISION = 0 -LCS_AGE = 0 +LUL_CURRENT = 0 +LUL_REVISION = 0 +LUL_AGE = 0 -lib_LTLIBRARIES = libcee-syslog.la -libcee_syslog_la_LDFLAGS = -Wl,--version-script,${srcdir}/libcee-syslog.ld -libcee_syslog_la_LIBADD = @JSON_LIBS@ -ldl -lrt -libcee_syslog_la_CFLAGS = @JSON_CFLAGS@ +lib_LTLIBRARIES = libumberlog.la +libumberlog_la_LDFLAGS = -Wl,--version-script,${srcdir}/libumberlog.ld +libumberlog_la_LIBADD = @JSON_LIBS@ -ldl -lrt +libumberlog_la_CFLAGS = @JSON_CFLAGS@ -libcee_syslog_la_SOURCES = \ - cee-syslog.c cee-syslog.h +libumberlog_la_SOURCES = umberlog.c umberlog.h -libcee_syslog_includedir = $(includedir)/cee -libcee_syslog_include_HEADERS = \ - cee-syslog.h +libumberlog_includedir = $(includedir) +libumberlog_include_HEADERS = umberlog.h pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libcee-syslog.pc - -man3_MANS = libcee-syslog.3 +pkgconfig_DATA = libumberlog.pc diff --git a/lib/libcee-syslog.3 b/lib/libcee-syslog.3 deleted file mode 100644 index f8e9dd2..0000000 --- a/lib/libcee-syslog.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" cee-syslog.3 -- CEE-enhanced syslog manual -.\" -.\" Copyright (c) 2012 BalaBit IT Security Ltd. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY BALABIT AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL BALABIT OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.TH CEE_SYSLOG 3 2012-03-22 "cee\-syslog" "CEE\-enhanced syslog Manual" - -.SH NAME -cee_openlog, cee_syslog, cee_vsyslog, cee_legacy_syslog, -cee_legacy_vsyslog \- send CEE-enhanced messages to the system logger -.br -cee_format, cee_vformat \- format CEE\-enhanced messages, without -sending them to the system logger - -.SH SYNOPSIS -.B #include <cee/cee\-syslog.h> -.sp -.BI "void cee_openlog(const char *" ident ", int " option ", int " facility ); -.br - -.br -.BI "void cee_syslog(int " priority ", const char *" format ", ...);" -.br -.BI "void cee_vsyslog(int " priority ", const char *" format ", va_list " ap ); -.br - -.br -.BI "void cee_legacy_syslog(int " priority ", const char *" format ", ...);" -.br -.BI "void cee_legacy_vsyslog(int " priority ", const char *" format ", va_list " ap ); -.br - -.br -.BI "char *cee_format(int " priority ", const char *" format ", ...);" -.br -.BI "char *cee_vformat(int " priority ", const char *" format ", va_list " ap ); - -.SH DESCRIPTION -.BR cee_openlog (), -(also aliased to -.BR openlog ()) -is a wrapper around the original -.BR openlog () -function, which opens a connection to the system logger for a -program. The updated version adds support for a number of new option -flags, described below. - -.sp -.BR cee_legacy_syslog () -and -.BR cee_legacy_vsyslog () -are both thin layers over the original -.BR syslog () -and -.BR vsyslog () -functions, and the library overrides the original functions with this -two. The only change these functions bring, are that the message they -generate will be a CEE\-enhanced message, with a JSON payload. See -below for an explanation on what this means. - -.sp -.BR cee_syslog () -and -.BR cee_vsyslog () -are two new functions provided by the library, that have similar -interface to the legacy -.BR syslog () -functions, but they can be used to add arbitrary key-value pairs to -the emitted message. After the -.I msg_format -format string, and any other parameters it refers to, there must be a -NULL-terminated list of -.IR key ", " "value format" ", " "format parameters" . -Each of these pairs, constructed from the -.I key -and the -.BR printf (3)-style -.I value format -will be added to the generated message. - -.sp -.BR cee_format () -and -.BR cee_vformat () -do the same as the syslog variants above, except the formatted payload -is not sent to syslog, but returned as a newly allocated string. - -.SH "CEE PAYLOAD" - -All of the improved -.BR syslog () -functions, the legacy and overridden ones and the new ones too turn -the original syslog message into a CEE\-enabled JSON payload, with the -original message put into the -.I msg -field, and any additional fields put into the same structure. - -By default, unless the -.B LOG_CEE_NODISCOVER -option flag is set, all of these functions will also add a few -automatically discovered fields into the payload: - -.TP 15 -.I pid -The process ID of the program, as returned by -.BR getpid (). -The value of this is \- by default \- determined at the time of -calling -.BR cee_openlog (), -but if caching is disabled, it will be rechecked every time. -.TP -.IR facility " and " priority -The syslog facility and priority as a text string. -.TP -.I program -The identification set at the time of -.BR cee_openlog (). -.TP -.IR uid " and " gid -The user and group ID of the process, determined at -.BR cee_openlog () -time by default, unless caching is disabled. -.TP -.I host -The name of the originating host, determined at -.BR cee_openlog () -time by default, using -.BR gethostname (). -.TP -.I timestamp -High\-precision timestamp, in textual format. Included by default, but -can be controlled by the -.B LOG_CEE_NOTIME -option flag at -.BR cee_openlog () -time. -.PP - -.SH "EXTRA OPTION FLAGS" -The -.I option -argument to -.BR cee_openlog () -is an OR of any of the original -.BR openlog () -flags, and these: -.TP 15 -.B LOG_CEE_NODISCOVER -Disable all automatic\-discovery, and only include the -.I message -and any specified -.I key\-value -pairs in the generated message. -.TP -.B LOG_CEE_NOCACHE -When automatic discovery is enabled, disable caching certain -properties, that might change between the call to -.BR openlog () -and the -.BR cee_syslog () -invocation. -.TP -.B LOG_CEE_NOCACHE_UID -Disable caching the -.IR uid " and " gid -caching when automatic discovery is enabled, but do cache the rest. -.TP -.B LOG_CEE_NOTIME -Do not add a high\-precision timestamp to the generated message when -automatic discovery is enabled. -.PP - -.SH EXAMPLES -.nf - - cee_syslog(LOG_NOTICE, "Logged in user: %s", username, - "service", "%s", service, - "auth-method", "%s", auth_method, - "sessionid", "%d", session_id, - NULL); -.fi - -.SH "SEE ALSO" -.BR syslog (1) - -.SH COLOPHON -This page is part of the -.I libcee\-syslog -project, and is available under the same 2-clause BSD license as the -rest of the project. diff --git a/lib/libcee-syslog.ld b/lib/libcee-syslog.ld deleted file mode 100644 index 8f5d442..0000000 --- a/lib/libcee-syslog.ld +++ /dev/null @@ -1,17 +0,0 @@ -LIBCEE_SYSLOG_0.1.0 { - global: - # Our own symbols - cee_format; - cee_vformat; - cee_syslog; - cee_vsyslog; - cee_legacy_syslog; - cee_legacy_vsyslog; - cee_openlog; - cee_setlogmask; - - local: - # Inherited from elsewhere, but should not be exported - facilitynames; - prioritynames; -}; diff --git a/lib/libumberlog.ld b/lib/libumberlog.ld new file mode 100644 index 0000000..8cd48e7 --- /dev/null +++ b/lib/libumberlog.ld @@ -0,0 +1,17 @@ +LIBUMBERLOG_0.1.0 { + global: + # Our own symbols + ul_format; + ul_vformat; + ul_syslog; + ul_vsyslog; + ul_legacy_syslog; + ul_legacy_vsyslog; + ul_openlog; + ul_setlogmask; + + local: + # Inherited from elsewhere, but should not be exported + facilitynames; + prioritynames; +}; diff --git a/lib/libcee-syslog.pc.in b/lib/libumberlog.pc.in index 21a09ec..691d1df 100644 --- a/lib/libcee-syslog.pc.in +++ b/lib/libumberlog.pc.in @@ -3,8 +3,8 @@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ -Name: libcee-syslog +Name: libumberlog Version: @VERSION@ Description: CEE-enhanced syslog() API -URL: https://github.com/algernon/libcee-syslog -Libs: -L${libdir} -lcee-syslog +URL: https://github.com/algernon/libumberlog +Libs: -L${libdir} -lumberlog diff --git a/lib/cee-syslog.c b/lib/umberlog.c index b9d648d..151b333 100644 --- a/lib/cee-syslog.c +++ b/lib/umberlog.c @@ -1,4 +1,4 @@ -/* cee-syslog.c -- CEE-enhanced syslog API. +/* umberlog.c -- CEE-enhanced syslog API. * * Copyright (c) 2012 BalaBit IT Security Ltd. * All rights reserved. @@ -40,8 +40,7 @@ #include <limits.h> #include <time.h> -#include "cee-syslog.h" - +#include "umberlog.h" #if __USE_FORTIFY_LEVEL > 0 static void (*old_syslog_chk) (); @@ -52,7 +51,7 @@ static void (*old_syslog) (); static void (*old_openlog) (); static int (*old_setlogmask) (); -static void cee_init (void) __attribute__((constructor)); +static void ul_init (void) __attribute__((constructor)); static __thread struct { @@ -65,10 +64,10 @@ static __thread struct gid_t gid; const char *ident; char hostname[HOST_NAME_MAX + 1]; -} cee_sys_settings; +} ul_sys_settings; static void -cee_init (void) +ul_init (void) { #if __USE_FORTIFY_LEVEL > 0 old_syslog_chk = dlsym (RTLD_NEXT, "__syslog_chk"); @@ -80,18 +79,18 @@ cee_init (void) } void -cee_openlog (const char *ident, int option, int facility) +ul_openlog (const char *ident, int option, int facility) { old_openlog (ident, option, facility); - cee_sys_settings.mask = old_setlogmask (0); - cee_sys_settings.flags = option; - cee_sys_settings.facility = facility; - cee_sys_settings.pid = getpid (); - cee_sys_settings.gid = getgid (); - cee_sys_settings.uid = getuid (); - cee_sys_settings.ident = ident; - - gethostname (cee_sys_settings.hostname, HOST_NAME_MAX); + ul_sys_settings.mask = old_setlogmask (0); + ul_sys_settings.flags = option; + ul_sys_settings.facility = facility; + ul_sys_settings.pid = getpid (); + ul_sys_settings.gid = getgid (); + ul_sys_settings.uid = getuid (); + ul_sys_settings.ident = ident; + + gethostname (ul_sys_settings.hostname, HOST_NAME_MAX); } /** HELPERS **/ @@ -101,10 +100,10 @@ _find_facility (void) int i = 0; while (facilitynames[i].c_name != NULL && - facilitynames[i].c_val != cee_sys_settings.facility) + facilitynames[i].c_val != ul_sys_settings.facility) i++; - if (facilitynames[i].c_val == cee_sys_settings.facility) + if (facilitynames[i].c_val == ul_sys_settings.facility) return facilitynames[i].c_name; return "<unknown>"; } @@ -126,42 +125,42 @@ _find_prio (int prio) static inline pid_t _find_pid (void) { - if (cee_sys_settings.flags & LOG_CEE_NOCACHE) + if (ul_sys_settings.flags & LOG_UL_NOCACHE) return getpid (); else - return cee_sys_settings.pid; + return ul_sys_settings.pid; } static inline uid_t _get_uid (void) { - if (cee_sys_settings.flags & LOG_CEE_NOCACHE || - cee_sys_settings.flags & LOG_CEE_NOCACHE_UID) + if (ul_sys_settings.flags & LOG_UL_NOCACHE || + ul_sys_settings.flags & LOG_UL_NOCACHE_UID) return getuid (); else - return cee_sys_settings.uid; + return ul_sys_settings.uid; } static inline uid_t _get_gid (void) { - if (cee_sys_settings.flags & LOG_CEE_NOCACHE || - cee_sys_settings.flags & LOG_CEE_NOCACHE_UID) + if (ul_sys_settings.flags & LOG_UL_NOCACHE || + ul_sys_settings.flags & LOG_UL_NOCACHE_UID) return getgid (); else - return cee_sys_settings.gid; + return ul_sys_settings.gid; } static inline const char * _get_hostname (void) { - if (cee_sys_settings.flags & LOG_CEE_NOCACHE) - gethostname (cee_sys_settings.hostname, HOST_NAME_MAX); - return cee_sys_settings.hostname; + if (ul_sys_settings.flags & LOG_UL_NOCACHE) + gethostname (ul_sys_settings.hostname, HOST_NAME_MAX); + return ul_sys_settings.hostname; } static struct json_object * -_cee_json_vappend (struct json_object *json, va_list ap) +_ul_json_vappend (struct json_object *json, va_list ap) { char *key; @@ -179,19 +178,19 @@ _cee_json_vappend (struct json_object *json, va_list ap) } static struct json_object * -_cee_json_append (struct json_object *json, ...) +_ul_json_append (struct json_object *json, ...) { va_list ap; va_start (ap, json); - _cee_json_vappend (json, ap); + _ul_json_vappend (json, ap); va_end (ap); return json; } static inline void -_cee_json_append_timestamp (struct json_object *jo) +_ul_json_append_timestamp (struct json_object *jo) { struct timespec ts; struct tm *tm; @@ -204,37 +203,37 @@ _cee_json_append_timestamp (struct json_object *jo) strftime (stamp, sizeof (stamp), "%FT%T", tm); strftime (zone, sizeof (zone), "%z", tm); - _cee_json_append (jo, "timestamp", "%s.%lu%s", - stamp, ts.tv_nsec, zone, - NULL); + _ul_json_append (jo, "timestamp", "%s.%lu%s", + stamp, ts.tv_nsec, zone, + NULL); } static inline void -_cee_discover (struct json_object *jo, int priority) +_ul_discover (struct json_object *jo, int priority) { - if (cee_sys_settings.flags & LOG_CEE_NODISCOVER) + if (ul_sys_settings.flags & LOG_UL_NODISCOVER) return; - _cee_json_append (jo, - "pid", "%d", _find_pid (), - "facility", "%s", _find_facility (), - "priority", "%s", _find_prio (priority), - "program", "%s", cee_sys_settings.ident, - "uid", "%d", _get_uid (), - "gid", "%d", _get_gid (), - "host", "%s", _get_hostname (), - NULL); - - if (cee_sys_settings.flags & LOG_CEE_NOTIME) + _ul_json_append (jo, + "pid", "%d", _find_pid (), + "facility", "%s", _find_facility (), + "priority", "%s", _find_prio (priority), + "program", "%s", ul_sys_settings.ident, + "uid", "%d", _get_uid (), + "gid", "%d", _get_gid (), + "host", "%s", _get_hostname (), + NULL); + + if (ul_sys_settings.flags & LOG_UL_NOTIME) return; - _cee_json_append_timestamp (jo); + _ul_json_append_timestamp (jo); } static struct json_object * -_cee_vformat (struct json_object *jo, int format_version, - int priority, const char *msg_format, - va_list ap) +_ul_vformat (struct json_object *jo, int format_version, + int priority, const char *msg_format, + va_list ap) { char *value; @@ -244,69 +243,69 @@ _cee_vformat (struct json_object *jo, int format_version, free (value); if (format_version > 0) - _cee_json_vappend (jo, ap); + _ul_json_vappend (jo, ap); - _cee_discover (jo, priority); + _ul_discover (jo, priority); return jo; } static inline const char * -_cee_vformat_str (struct json_object *jo, int format_version, - int priority, const char *msg_format, - va_list ap) +_ul_vformat_str (struct json_object *jo, int format_version, + int priority, const char *msg_format, + va_list ap) { - return json_object_to_json_string (_cee_vformat (jo, format_version, - priority, msg_format, - ap)); + return json_object_to_json_string (_ul_vformat (jo, format_version, + priority, msg_format, + ap)); } /** Public API **/ char * -cee_format (int priority, const char *msg_format, ...) +ul_format (int priority, const char *msg_format, ...) { char *result; va_list ap; va_start (ap, msg_format); - result = cee_vformat (priority, msg_format, ap); + result = ul_vformat (priority, msg_format, ap); va_end (ap); return result; } char * -cee_vformat (int priority, const char *msg_format, va_list ap) +ul_vformat (int priority, const char *msg_format, va_list ap) { struct json_object *jo = json_object_new_object (); char *result; - result = strdup (_cee_vformat_str (jo, 1, priority, msg_format, ap)); + result = strdup (_ul_vformat_str (jo, 1, priority, msg_format, ap)); json_object_put (jo); return result; } void -cee_syslog (int priority, const char *msg_format, ...) +ul_syslog (int priority, const char *msg_format, ...) { va_list ap; va_start (ap, msg_format); - cee_vsyslog (priority, msg_format, ap); + ul_vsyslog (priority, msg_format, ap); va_end (ap); } static inline void -_cee_vsyslog (int format_version, int priority, - const char *msg_format, va_list ap) +_ul_vsyslog (int format_version, int priority, + const char *msg_format, va_list ap) { struct json_object *jo; - if (!(cee_sys_settings.mask & priority)) + if (!(ul_sys_settings.mask & priority)) return; - jo = _cee_vformat (json_object_new_object (), format_version, - priority, msg_format, ap); + jo = _ul_vformat (json_object_new_object (), format_version, + priority, msg_format, ap); #if __USE_FORTIFY_LEVEL > 0 old_syslog_chk (priority, __USE_FORTIFY_LEVEL - 1, "@cee:%s", json_object_to_json_string (jo)); @@ -317,32 +316,32 @@ _cee_vsyslog (int format_version, int priority, } void -cee_vsyslog (int priority, const char *msg_format, va_list ap) +ul_vsyslog (int priority, const char *msg_format, va_list ap) { - _cee_vsyslog (1, priority, msg_format, ap); + _ul_vsyslog (1, priority, msg_format, ap); } void -cee_legacy_vsyslog (int priority, const char *msg_format, va_list ap) +ul_legacy_vsyslog (int priority, const char *msg_format, va_list ap) { - _cee_vsyslog (0, priority, msg_format, ap); + _ul_vsyslog (0, priority, msg_format, ap); } void -cee_legacy_syslog (int priority, const char *msg_format, ...) +ul_legacy_syslog (int priority, const char *msg_format, ...) { va_list ap; va_start (ap, msg_format); - cee_legacy_vsyslog (priority, msg_format, ap); + ul_legacy_vsyslog (priority, msg_format, ap); va_end (ap); } int -cee_setlogmask (int mask) +ul_setlogmask (int mask) { if (mask != 0) - cee_sys_settings.mask = mask; + ul_sys_settings.mask = mask; return old_setlogmask (mask); } @@ -353,25 +352,25 @@ __syslog_chk (int __pri, int __flag, __const char *__fmt, ...) va_list ap; va_start (ap, __fmt); - cee_legacy_vsyslog (__pri, __fmt, ap); + ul_legacy_vsyslog (__pri, __fmt, ap); va_end (ap); } void __vsyslog_chk (int __pri, int __flag, __const char *__fmt, va_list ap) { - cee_legacy_vsyslog (__pri, __fmt, ap); + ul_legacy_vsyslog (__pri, __fmt, ap); } #endif void openlog (const char *ident, int option, int facility) - __attribute__((alias ("cee_openlog"))); + __attribute__((alias ("ul_openlog"))); void syslog (int priority, const char *msg_format, ...) - __attribute__((alias ("cee_legacy_syslog"))); + __attribute__((alias ("ul_legacy_syslog"))); void vsyslog (int priority, const char *msg_format, va_list ap) - __attribute__((alias ("cee_legacy_vsyslog"))); + __attribute__((alias ("ul_legacy_vsyslog"))); int setlogmask (int mask) - __attribute__((alias ("cee_setlogmask"))); + __attribute__((alias ("ul_setlogmask"))); diff --git a/lib/cee-syslog.h b/lib/umberlog.h index 0725230..f91fe67 100644 --- a/lib/cee-syslog.h +++ b/lib/umberlog.h @@ -1,4 +1,4 @@ -/* cee-syslog.h -- CEE-enhanced syslog API. +/* umberlog.h -- CEE-enhanced syslog API. * * Copyright (c) 2012 BalaBit IT Security Ltd. * All rights reserved. @@ -25,27 +25,27 @@ * SUCH DAMAGE. */ -#ifndef CEE_SYSLOG_H -#define CEE_SYSLOG_H 1 +#ifndef UMBERLOG_H +#define UMBERLOG_H 1 #include <syslog.h> #include <stdarg.h> -#define LOG_CEE_NODISCOVER 0x0040 -#define LOG_CEE_NOCACHE 0x0080 -#define LOG_CEE_NOCACHE_UID 0x0100 -#define LOG_CEE_NOTIME 0x0200 +#define LOG_UL_NODISCOVER 0x0040 +#define LOG_UL_NOCACHE 0x0080 +#define LOG_UL_NOCACHE_UID 0x0100 +#define LOG_UL_NOTIME 0x0200 -char *cee_format (int priority, const char *msg_format, ...); -char *cee_vformat (int priority, const char *msg_format, va_list ap); +char *ul_format (int priority, const char *msg_format, ...); +char *ul_vformat (int priority, const char *msg_format, va_list ap); -void cee_openlog (const char *ident, int option, int facility); -int cee_setlogmask (int mask); +void ul_openlog (const char *ident, int option, int facility); +int ul_setlogmask (int mask); -void cee_syslog (int priority, const char *msg_format, ...); -void cee_vsyslog (int priority, const char *msg_format, va_list ap); +void ul_syslog (int priority, const char *msg_format, ...); +void ul_vsyslog (int priority, const char *msg_format, va_list ap); -void cee_legacy_syslog (int priority, const char *msg_format, ...); -void cee_legacy_vsyslog (int priority, const char *msg_format, va_list ap); +void ul_legacy_syslog (int priority, const char *msg_format, ...); +void ul_legacy_vsyslog (int priority, const char *msg_format, va_list ap); #endif diff --git a/lib/umberlog.rst b/lib/umberlog.rst new file mode 100644 index 0000000..036341b --- /dev/null +++ b/lib/umberlog.rst @@ -0,0 +1,139 @@ +======== +umberlog +======== + +-------------------------------------- +CEE-enhanced syslog message generation +-------------------------------------- + +:Author: Gergely Nagy <algernon@balabit.hu> +:Date: 2012-03-23 +:Manual section: 1 +:Manual group: CEE-enhanced syslog Manual + +SYNOPSIS +======== + +:: + + #include <umberlog.h> + + void ul_openlog (const char *ident, int option, int facility); + + void ul_syslog (int priority, const char *format, ....); + void ul_vsyslog (int priority, const char *format, va_list ap); + + void ul_legacy_syslog (int priority, const char *format, ...); + void ul_legacy_vsyslog (int priority, const char *format, va_list ap); + + void ul_format (int priority, const char *format, ...); + void ul_vformat (int priority, const char *format, va_list ap); + +DESCRIPTION +=========== + +**ul_openlog()** (also aliased to **openlog()**) is a wrapper around +the original **openlog()** function, which opens a connection to the +system logger for a program. The updated version adds support for a +number of new option flags, described below. + +**ul_legacy_syslog()** and **ul_legacy_vsyslog()** are both thin +layers over the original **syslog()** and **vsyslog()** functions, and +the library overrides the original functions with this two. The only +change these functions bring, are that the message they generate will +be a CEE-enhanced message, with a JSON payload. See below for an +explanation on what this means. + +_syslog()** and **ul_vsyslog()** are two new functions provided by the +library, that have similar interface to the legacy **syslog()** +functions, but they can be used to add arbitrary key-value pairs to +the emitted message. After the *msg_format* format string, and any +other parameters it refers to, there must be a NULL-terminated list of +*key*, *value format*, *format parameters*. Each of these pairs, +constructed from the *key* and the **printf(3)**-style *value format* +will be added to the generated message. + +**ul_format()** and **ul_vformat()** do the same as the syslog +variants above, except the formatted payload is not sent to syslog, +but returned as a newly allocated string. + +CEE PAYLOAD +=========== + +All of the improved **syslog()** functions, the legacy and overridden +ones and the new ones too turn the original syslog message into a +CEE-enabled JSON payload, with the original message put into the *msg* +field, and any additional fields put into the same structure. + +By default, unless the **LOG_UL_NODISCOVER** option flag is set, all +of these functions will also add a few automatically discovered fields +into the payload: + +*pid* + The process ID of the program, as returned by **getpid()** The value + of this is - by default - determined at the time of calling + **ul_openlog()**, but if caching is disabled, it will be rechecked + every time. + +*facility*, *priority* + The syslog facility and priority as a text string. + +*program* + The identification set at the time of **ul_openlog()**. + +*uid*, *gid* + The user and group ID of the process, determined at **ul_openlog()** + time by default, unless caching is disabled. + +*host* + The name of the originating host, determined at **ul_openlog()** + time by default, using **gethostname()**. + +*timestamp* + High-precision timestamp, in textual format. Included by default, + but can be controlled by the **LOG_UL_NOTIME** option flag at + **ul_openlog()** time. + +EXTRA OPTION FLAGS +================== + +The *option* argument to **ul_openlog()** is an OR of any of the +original **openlog()** flags, and these: + +LOG_UL_NODISCOVER + Disable all automatic discovery, and only include the *message*, + and any specified *key-value* pairs in the generated message. + +LOG_UL_NOCACHE + When automatic discovery is enabled, disable caching certain + properties, that might change between the call to **openlog()** and + the **ul_syslog()** invocation. + +LOG_UL_NOCACHE_UID + Disable the *uid* and *gid* caching when automatic discovery is + enabled, but do cache the rest. + +LOG_UL_NOTIME + Do not add a high-precision timestamp to the generated message when + automatic discovery is enabled. + +EXAMPLES +======== + +:: + + ul_syslog(LOG_NOTICE, "Logged in user: %s", username, + "service", "%s", service, + "auth-method", "%s", auth_method, + "sessionid", "%d", session_id, + NULL); + +SEE ALSO +======== +**syslog(1)** + +COPYRIGHT +========= + +This page is part of the *libumberlog* project, and is available under +the same 2-clause BSD license as the rest of the project. diff --git a/t/Makefile.am b/t/Makefile.am index b0066c8..e84692e 100644 --- a/t/Makefile.am +++ b/t/Makefile.am @@ -1,5 +1,5 @@ -TESTS = test_cee_format +TESTS = test_umberlog check_PROGRAMS = ${TESTS} AM_CFLAGS = -I$(top_srcdir)/lib @JSON_CFLAGS@ -LDADD = $(top_builddir)/lib/libcee-syslog.la @JSON_LIBS@ +LDADD = $(top_builddir)/lib/libumberlog.la @JSON_LIBS@ diff --git a/t/test_cee_format.c b/t/test_umberlog.c index 1d3a7a0..d1c2911 100644 --- a/t/test_cee_format.c +++ b/t/test_umberlog.c @@ -1,6 +1,6 @@ #define _GNU_SOURCE 1 -#include "cee-syslog.h" +#include "umberlog.h" #include <json.h> #include <assert.h> #include <string.h> @@ -63,9 +63,9 @@ test_simple (void) struct json_object *jo; char host[HOST_NAME_MAX + 1]; - openlog ("cee-syslog/test_simple", 0, LOG_LOCAL0); + openlog ("umberlog/test_simple", 0, LOG_LOCAL0); - msg = cee_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); + msg = ul_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); jo = parse_msg (msg); free (msg); @@ -74,7 +74,7 @@ test_simple (void) verify_value (jo, "msg", "hello, I'm test_simple!"); verify_value (jo, "facility", "local0"); verify_value (jo, "priority", "debug"); - verify_value (jo, "program", "cee-syslog/test_simple"); + verify_value (jo, "program", "umberlog/test_simple"); verify_value_exists (jo, "pid"); verify_value_exists (jo, "uid"); verify_value_exists (jo, "gid"); @@ -92,9 +92,9 @@ test_no_discover (void) char *msg; struct json_object *jo; - openlog ("cee-syslog/test_no_discover", LOG_CEE_NODISCOVER, LOG_LOCAL0); + openlog ("umberlog/test_no_discover", LOG_UL_NODISCOVER, LOG_LOCAL0); - msg = cee_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); + msg = ul_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); jo = parse_msg (msg); free (msg); @@ -119,12 +119,12 @@ test_additional_fields (void) char *msg; struct json_object *jo; - openlog ("cee-syslog/test_additional_fields", 0, LOG_LOCAL0); + openlog ("umberlog/test_additional_fields", 0, LOG_LOCAL0); - msg = cee_format (LOG_DEBUG, "testing 1, 2, 3...", - "random_number", "%d", 42, - "random_string", "fourty-two", - NULL); + msg = ul_format (LOG_DEBUG, "testing 1, 2, 3...", + "random_number", "%d", 42, + "random_string", "fourty-two", + NULL); jo = parse_msg (msg); free (msg); @@ -143,11 +143,11 @@ test_discover_priority (void) char *msg, *pid; struct json_object *jo; - openlog ("cee-syslog/test_discover_priority", 0, LOG_LOCAL0); + openlog ("umberlog/test_discover_priority", 0, LOG_LOCAL0); - msg = cee_format (LOG_DEBUG, "testing 1, 2, 3...", - "pid", "%d", getpid () + 42, - NULL); + msg = ul_format (LOG_DEBUG, "testing 1, 2, 3...", + "pid", "%d", getpid () + 42, + NULL); jo = parse_msg (msg); free (msg); @@ -169,16 +169,16 @@ test_no_timestamp (void) char *msg; struct json_object *jo; - openlog ("cee-syslog/test_no_timestamp", LOG_CEE_NOTIME, LOG_LOCAL0); + openlog ("umberlog/test_no_timestamp", LOG_UL_NOTIME, LOG_LOCAL0); - msg = cee_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); + msg = ul_format (LOG_DEBUG, "hello, I'm %s!", __FUNCTION__, NULL); jo = parse_msg (msg); free (msg); verify_value (jo, "msg", "hello, I'm test_no_timestamp!"); verify_value (jo, "facility", "local0"); verify_value (jo, "priority", "debug"); - verify_value (jo, "program", "cee-syslog/test_no_timestamp"); + verify_value (jo, "program", "umberlog/test_no_timestamp"); verify_value_exists (jo, "pid"); verify_value_exists (jo, "uid"); verify_value_exists (jo, "gid"); |