summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2008-04-15 14:37:09 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2008-04-15 14:37:09 +0200
commite82c6eec6f91e9c212103d81fdd4b10028c9bf6a (patch)
tree157a358cdef97a1d5e97e9b446b9bf7ccfa95d26
parent61ba5ff5955742b68a24d7b135ad07c29b48fa2f (diff)
parentb9198d251218f13803cf121c4ef5f69a0e850d24 (diff)
downloadrsyslog-e82c6eec6f91e9c212103d81fdd4b10028c9bf6a.tar.gz
rsyslog-e82c6eec6f91e9c212103d81fdd4b10028c9bf6a.tar.xz
rsyslog-e82c6eec6f91e9c212103d81fdd4b10028c9bf6a.zip
Merge branch 'bsd-port'
Conflicts: ChangeLog plugins/imklog/imklog.c
-rw-r--r--ChangeLog9
-rw-r--r--Makefile.am2
-rw-r--r--configure.ac12
-rw-r--r--doc/Makefile.am3
-rw-r--r--doc/imklog.html69
-rw-r--r--doc/rsyslog_conf.html17
-rw-r--r--modules.c3
-rw-r--r--net.c8
-rw-r--r--net.h2
-rw-r--r--omusrmsg.c6
-rw-r--r--plugins/imfile/imfile.c3
-rw-r--r--plugins/imklog/Makefile.am12
-rw-r--r--plugins/imklog/bsd.c181
-rw-r--r--plugins/imklog/imklog.c680
-rw-r--r--plugins/imklog/imklog.h32
-rw-r--r--plugins/imklog/ksym.c54
-rw-r--r--plugins/imklog/ksym_mod.c12
-rw-r--r--plugins/imklog/linux.c544
-rw-r--r--rsyslog.h1
-rw-r--r--syslogd.c2
-rw-r--r--tcpsrv.c2
21 files changed, 1036 insertions, 618 deletions
diff --git a/ChangeLog b/ChangeLog
index 3e41a9ff..785aab69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
---------------------------------------------------------------------------
-Version 3.17.1 (rgerhards), 2008-04-??
+Version 3.17.1 (rgerhards), 2008-04-15
- removed dependency on MAXHOSTNAMELEN as much as it made sense.
GNU/Hurd does not define it (because it has no limit), and we have taken
care for cases where it is undefined now. However, some very few places
@@ -12,6 +12,13 @@ Version 3.17.1 (rgerhards), 2008-04-??
(with a space in front of the timestamp) - at least HP procurve is
known to do that and I won't outrule that others also do it. The
change looks quite unintrusive and so we added it to the parser.
+- implemented klogd functionality for BSD
+- implemented high precision timestamps for the kernel log. Thanks to
+ Michale Biebl for pointing out that the kernel log did not have them.
+- provided ability to discard non-kernel messages if they are present
+ in the kernel log (seems to happen on BSD)
+- implemented $KLogInternalMsgFacility config directive
+- implemented $KLogPermitNonKernelFacility config directive
---------------------------------------------------------------------------
Version 3.17.0 (rgerhards), 2008-04-08
- added native ability to send mail messages
diff --git a/Makefile.am b/Makefile.am
index d0341819..0e75710c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -183,7 +183,7 @@ SUBDIRS = . doc
SUBDIRS += plugins/immark plugins/imuxsock plugins/imtcp plugins/imudp plugins/omtesting
-if ENABLE_IMKLOGD
+if ENABLE_IMKLOG
SUBDIRS += plugins/imklog
endif
diff --git a/configure.ac b/configure.ac
index 4f3459c3..e3cfd9fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT([rsyslog],[3.17.1],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[3.17.1-bsd],[rsyslog@lists.adiscon.com])
AM_INIT_AUTOMAKE
AC_CONFIG_SRCDIR([syslogd.c])
AC_CONFIG_HEADERS([config.h])
@@ -21,9 +21,11 @@ AC_CANONICAL_HOST
case "${host}" in
*-*-linux*)
+ os_type="linux"
;;
*-*-*darwin*|*-*-freebsd*|*-*-netbsd*|*-*-openbsd*)
- AC_DEFINE([BSD], [1], [Description])
+ AC_DEFINE([OS_BSD], [1], [Indicator for a BSD OS])
+ os_type="bsd"
;;
esac
@@ -218,7 +220,9 @@ AC_ARG_ENABLE(klog,
esac],
[enable_klog="yes"]
)
-AM_CONDITIONAL(ENABLE_IMKLOGD, test x$enable_klog = xyes)
+AM_CONDITIONAL(ENABLE_IMKLOG, test x$enable_klog = xyes)
+AM_CONDITIONAL(ENABLE_IMKLOG_BSD, test x$os_type = xbsd)
+AM_CONDITIONAL(ENABLE_IMKLOG_LINUX, test x$os_type = xlinux)
#
# SYSLOG_UNIXAF
@@ -635,7 +639,7 @@ echo "****************************************************"
echo "rsyslog will be compiled with the following settings:"
echo
echo "Multithreading support enabled: $enable_pthreads"
-echo "Klog functionality enabled: $enable_klog"
+echo "Klog functionality enabled: $enable_klog ($os_type)"
echo "Regular expressions support enabled: $enable_regexp"
echo "Zlib compression support enabled: $enable_zlib"
echo "MySql support enabled: $enable_mysql"
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c1d41cf8..0179c21f 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -31,6 +31,9 @@ html_files = \
imfile.html \
imtcp.html \
imgssapi.html \
+ imrelp.html \
+ imuxsock.html \
+ imgklog.html \
professional_support.html \
queues.html \
queueWorkerLogic.dia \
diff --git a/doc/imklog.html b/doc/imklog.html
new file mode 100644
index 00000000..92c1881a
--- /dev/null
+++ b/doc/imklog.html
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head>
+<meta http-equiv="Content-Language" content="en"><title>Kernel Log Input Module (imklog)</title>
+
+</head>
+<body>
+<h1>Kernel Log Input Module</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; imklog</b></p>
+<p><b>Author: </b>Rainer Gerhards
+&lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Description</b>:</p>
+<p>Reads messages from the kernel log and submits them to the
+syslog engine.</p>
+<p><b>Configuration Directives</b>:</p>
+<ul>
+<li><strong>$KLogInternalMsgFacility
+&lt;facility&gt;</strong><br>
+The facility which messages internally generated by imklog will have.
+imklog generates some messages of itself (e.g. on problems, startup and
+shutdown) and these do not stem from the kernel. Historically, under
+Linux, these too have "kern" facility. Thus, on Linux platforms the
+default is "kern" while on others it is "syslogd". You usually do not
+need to specify this configuratin directive - it is included primarily
+for few limited cases where it is needed for good reason. Bottom line:
+if you don't have a good idea why you should use this setting, do not
+touch it.</li>
+<li><span style="font-weight: bold;">$KLogPermitNonKernelFacility
+[on/<span style="font-style: italic;">off</span>]<br>
+</span>At least under BSD the kernel log may contain entries
+with non-kernel facilities. This setting controls how those are
+handled. The default is "off", in which case these messages are
+ignored. Switch it to on to submit non-kernel messages to rsyslog
+processing.<span style="font-weight: bold;"></span></li>
+<li><span style="font-weight: bold;"></span>$DebugPrintKernelSymbols
+(imklog) [on/<b>off</b>]<br>
+Linux only, ignored on other platforms (but may be specified)</li>
+<li>$klogSymbolLookup (imklog) [<b>on</b>/off] --
+former klogd -x option<br>
+Linux only, ignored on other platforms (but may be specified)</li>
+<li>$klogUseSyscallInterface (imklog)&nbsp; [on/<b>off</b>]
+-- former klogd -2 option<br>
+Linux only, ignored on other platforms (but may be specified)</li>
+<li>$klogSymbolsTwice (imklog) [on/<b>off</b>] --
+former klogd -s option<br>
+Linux only, ignored on other platforms (but may be specified)<br style="font-weight: bold;">
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<p>This is obviously platform specific and requires platform
+drivers.
+Currently, imklog functionality is available on Linux and BSD.</p>
+<p><b>Sample:</b></p>
+<p>The following sample pulls messages from the kernel log. All
+parameters are left by default, which is usually a good idea. Please
+note that loading the plugin is sufficient to activate it. No directive
+is needed to start pulling kernel messages.<br>
+</p>
+<textarea rows="15" cols="60">$ModLoad imklog
+</textarea>
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer
+Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body></html> \ No newline at end of file
diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html
index 8967f671..9325f73c 100644
--- a/doc/rsyslog_conf.html
+++ b/doc/rsyslog_conf.html
@@ -1,7 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html><head><title>rsyslog.conf file</title>
-
-</head>
+<html><head><title>rsyslog.conf file</title></head>
<body>
<h1>rsyslog.conf configuration file</h1>
<p><b>This document is currently being enhanced. Please
@@ -49,7 +47,7 @@ plugin for plain tcp syslog</li>
<li><a href="imgssapi.html">imgssapi</a> -
input plugin for plain tcp and GSS-enable syslog</li>
<li>immark - support for mark messages</li>
-<li>imklog - kernel logging</li>
+<li><a href="imklog.html">imklog</a> - kernel logging</li>
<li><a href="imuxsock.html">imuxsock</a> -
unix sockets, including the system log socket</li>
</ul>
@@ -126,7 +124,7 @@ worker threads, default 1, recommended 1</li>
<li><a href="rsconf1_allowedsender.html">$AllowedSender</a></li>
<li><a href="rsconf1_controlcharacterescapeprefix.html">$ControlCharacterEscapePrefix</a></li>
<li><a href="rsconf1_debugprintcfsyslinehandlerlist.html">$DebugPrintCFSyslineHandlerList</a></li>
-<li>$DebugPrintKernelSymbols (imklog) [on/<b>off</b>]</li>
+
<li><a href="rsconf1_debugprintmodulelist.html">$DebugPrintModuleList</a></li>
<li><a href="rsconf1_debugprinttemplatelist.html">$DebugPrintTemplateList</a></li>
<li><a href="rsconf1_dircreatemode.html">$DirCreateMode</a></li>
@@ -143,14 +141,7 @@ worker threads, default 1, recommended 1</li>
<li><a href="rsconf1_gssforwardservicename.html">$GssForwardServiceName</a></li>
<li><a href="rsconf1_gsslistenservicename.html">$GssListenServiceName</a></li>
<li><a href="rsconf1_gssmode.html">$GssMode</a></li>
-<li><a href="rsconf1_includeconfig.html">$IncludeConfig</a></li>
-<li>$klogSymbolLookup (imklog) [<b>on</b>/off] --
-former klogd -x option</li>
-<li>$klogUseSyscallInterface (imklog)&nbsp; [on/<b>off</b>]
--- former klogd -2 option</li>
-<li>$klogSymbolsTwice (imklog) [on/<b>off</b>] --
-former klogd -s option</li>
-<li>$MainMsgQueueCheckpointInterval &lt;number&gt;</li>
+<li><a href="rsconf1_includeconfig.html">$IncludeConfig</a></li><li>MainMsgQueueCheckpointInterval &lt;number&gt;</li>
<li>$MainMsgQueueDequeueSlowdown &lt;number&gt; [number
is timeout in <i> micro</i>seconds (1000000us is 1sec!),
default 0 (no delay). Simple rate-limiting!]</li>
diff --git a/modules.c b/modules.c
index 3f952f0e..32a71c0c 100644
--- a/modules.c
+++ b/modules.c
@@ -39,6 +39,9 @@
#include <time.h>
#include <assert.h>
#include <errno.h>
+#ifdef OS_BSD
+# include "libgen.h"
+#endif
#include <dlfcn.h> /* TODO: replace this with the libtools equivalent! */
diff --git a/net.c b/net.c
index 43e13eb3..bbd6bec7 100644
--- a/net.c
+++ b/net.c
@@ -580,7 +580,7 @@ static int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *p
static int
should_use_so_bsdcompat(void)
{
-#ifndef BSD
+#ifndef OS_BSD
static int init_done;
static int so_bsdcompat_is_obsolete;
@@ -608,9 +608,9 @@ should_use_so_bsdcompat(void)
so_bsdcompat_is_obsolete = 1;
}
return !so_bsdcompat_is_obsolete;
-#else /* #ifndef BSD */
+#else /* #ifndef OS_BSD */
return 1;
-#endif /* #ifndef BSD */
+#endif /* #ifndef OS_BSD */
}
#ifndef SO_BSDCOMPAT
/* this shall prevent compiler errors due to undfined name */
@@ -986,7 +986,7 @@ int *create_udp_socket(uchar *hostname, uchar *pszPort, int bIsServer)
/* We need to enable BSD compatibility. Otherwise an attacker
* could flood our log files by sending us tons of ICMP errors.
*/
-#if !defined(BSD) && !defined(__hpux)
+#if !defined(OS_BSD) && !defined(__hpux)
if (should_use_so_bsdcompat()) {
if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT,
(char *) &on, sizeof(on)) < 0) {
diff --git a/net.h b/net.h
index 1b6dbcb6..0f5b0bc1 100644
--- a/net.h
+++ b/net.h
@@ -34,7 +34,7 @@
#define ADDR_NAME 0x01 /* address is hostname wildcard) */
#define ADDR_PRI6 0x02 /* use IPv6 address prior to IPv4 when resolving */
-#ifdef BSD
+#ifdef OS_BSD
# ifndef _KERNEL
# define s6_addr32 __u6_addr.__u6_addr32
# endif
diff --git a/omusrmsg.c b/omusrmsg.c
index c4008140..42d3291d 100644
--- a/omusrmsg.c
+++ b/omusrmsg.c
@@ -119,7 +119,7 @@ static void endtty()
* BSD because they are not available there. We only emulate what we actually
* need! rgerhards 2005-03-18
*/
-#ifdef BSD
+#ifdef OS_BSD
static FILE *BSD_uf = NULL;
void setutent(void)
{
@@ -145,7 +145,7 @@ void endutent(void)
fclose(BSD_uf);
BSD_uf = NULL;
}
-#endif
+#endif /* #ifdef OS_BSD */
/*
@@ -209,7 +209,7 @@ static rsRetVal wallmsg(uchar* pMsg, instanceData *pData)
/* is this slot used? */
if (ut.ut_name[0] == '\0')
continue;
-#ifndef BSD
+#ifndef OS_BSD
if (ut.ut_type != USER_PROCESS)
continue;
#endif
diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
index 61b50d06..75e54f04 100644
--- a/plugins/imfile/imfile.c
+++ b/plugins/imfile/imfile.c
@@ -379,6 +379,9 @@ ENDafterRun
*/
BEGINmodExit
CODESTARTmodExit
+ /* release objects we used */
+ objRelease(datetime, CORE_COMPONENT);
+ objRelease(errmsg, CORE_COMPONENT);
ENDmodExit
diff --git a/plugins/imklog/Makefile.am b/plugins/imklog/Makefile.am
index 11e00962..246b3306 100644
--- a/plugins/imklog/Makefile.am
+++ b/plugins/imklog/Makefile.am
@@ -1,6 +1,16 @@
pkglib_LTLIBRARIES = imklog.la
-imklog_la_SOURCES = imklog.c imklog.h module.h ksym.c ksyms.h ksym_mod.c
+imklog_la_SOURCES = imklog.c imklog.h
+
+# select klog "driver"
+if ENABLE_IMKLOG_BSD
+imklog_la_SOURCES += bsd.c
+endif
+
+if ENABLE_IMKLOG_LINUX
+imklog_la_SOURCES += linux.c module.h ksym.c ksyms.h ksym_mod.c
+endif
+
imklog_la_CPPFLAGS = -I$(top_srcdir) $(pthreads_cflags)
imklog_la_LDFLAGS = -module -avoid-version
imklog_la_LIBADD =
diff --git a/plugins/imklog/bsd.c b/plugins/imklog/bsd.c
new file mode 100644
index 00000000..39b644c0
--- /dev/null
+++ b/plugins/imklog/bsd.c
@@ -0,0 +1,181 @@
+/* klog for BSD, based on the FreeBSD syslogd implementation.
+ *
+ * This contains OS-specific functionality to read the BSD
+ * kernel log. For a general overview, see head comment in
+ * imklog.c.
+ *
+ * Copyright (C) 2008 by Rainer Gerhards for the modifications of
+ * the original FreeBSD sources.
+ *
+ * I would like to express my gratitude to those folks which
+ * layed an important foundation for rsyslog to build on.
+ *
+ * This file is part of rsyslog.
+ *
+ * Rsyslog is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Rsyslog is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ *
+ * This file is based on earlier work included in the FreeBSD sources. We
+ * integrated it into the rsyslog project. The copyright below applies, and
+ * I also reproduce the original license under which we aquired the code:
+ *
+ * Copyright (c) 1983, 1988, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * If you would like to use the code under the BSD license, you should
+ * aquire your own copy of BSD's syslogd, from which we have taken it. The
+ * code in this file is modified and may only be used under the terms of
+ * the GPLv3+ as specified above.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+
+#include "rsyslog.h"
+#include "imklog.h"
+
+/* globals */
+static int fklog = -1; /* /dev/klog */
+
+#ifndef _PATH_KLOG
+# define _PATH_KLOG "/dev/klog"
+#endif
+
+/* open the kernel log - will be called inside the willRun() imklog
+ * entry point. -- rgerhards, 2008-04-09
+ */
+rsRetVal
+klogWillRun(void)
+{
+ DEFiRet;
+
+ fklog = open(_PATH_KLOG, O_RDONLY, 0);
+ if (fklog < 0) {
+ dbgprintf("can't open %s (%d)\n", _PATH_KLOG, errno);
+ iRet = RS_RET_ERR; // TODO: better error code
+ }
+
+ RETiRet;
+}
+
+
+/* Read /dev/klog while data are available, split into lines.
+ * Contrary to standard BSD syslogd, we do a blocking read. We can
+ * afford this as imklog is running on its own threads. So if we have
+ * a single file, it really doesn't matter if we wait inside a 1-file
+ * select or the read() directly.
+ */
+static void
+readklog(void)
+{
+ char *p, *q, line[MAXLINE + 1];
+ int len, i;
+
+ len = 0;
+ for (;;) {
+ dbgprintf("----------imklog waiting for kernel log line\n");
+ i = read(fklog, line + len, MAXLINE - 1 - len);
+ if (i > 0) {
+ line[i + len] = '\0';
+ } else {
+ if (i < 0 && errno != EINTR && errno != EAGAIN) {
+ imklogLogIntMsg(LOG_ERR,
+ "imklog error %d reading kernel log - shutting down imklog",
+ errno);
+ fklog = -1;
+ }
+ break;
+ }
+
+ for (p = line; (q = strchr(p, '\n')) != NULL; p = q + 1) {
+ *q = '\0';
+ Syslog(LOG_INFO, (uchar*) p);
+ }
+ len = strlen(p);
+ if (len >= MAXLINE - 1) {
+ Syslog(LOG_INFO, (uchar*)p);
+ len = 0;
+ }
+ if (len > 0)
+ memmove(line, p, len + 1);
+ }
+ if (len > 0)
+ Syslog(LOG_INFO, (uchar*)line);
+}
+
+
+/* to be called in the module's AfterRun entry point
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogAfterRun(void)
+{
+ DEFiRet;
+ if(fklog != -1)
+ close(fklog);
+ RETiRet;
+}
+
+
+
+/* to be called in the module's WillRun entry point, this is the main
+ * "message pull" mechanism.
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogLogKMsg(void)
+{
+ DEFiRet;
+ readklog();
+ RETiRet;
+}
+
+
+/* provide the (system-specific) default facility for internal messages
+ * rgerhards, 2008-04-14
+ */
+int
+klogFacilIntMsg(void)
+{
+ return LOG_SYSLOG;
+}
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
index 65a05229..e6bd2326 100644
--- a/plugins/imklog/imklog.c
+++ b/plugins/imklog/imklog.c
@@ -1,14 +1,24 @@
-/* The kernel log input module for Linux. This file heavily
- * borrows from the klogd daemon provided by the sysklogd project.
- * Many thanks for this piece of software.
+/* The kernel log module.
+ *
+ * This is an abstracted module. As Linux and BSD kernel log is conceptually the
+ * same, we do not do different input plugins for them but use
+ * imklog in both cases, just with different "backend drivers" for
+ * the different platforms. This also enables a rsyslog.conf to
+ * be used on multiple platforms without the need to take care of
+ * what the kernel log is coming from.
+ *
+ * See platform-specific files (e.g. linux.c, bsd.c) in the plugin's
+ * working directory. For other systems with similar kernel logging
+ * functionality, no new input plugin shall be written but rather a
+ * driver be developed for imklog. Please note that imklog itself is
+ * mostly concerned with handling the interface. Any real action happens
+ * in the drivers, as things may be pretty different on different
+ * platforms.
*
* Please note that this file replaces the klogd daemon that was
* also present in pre-v3 versions of rsyslog.
*
- * I have begun to convert this to an input module on 2007-12-17.
- * IMPORTANT: more than a single instance is currently not supported. This
- * needs to be revisited once the config file and input module interface
- * supports multiple instances!
+ * Copyright (C) 2008 by Rainer Gerhards and Adiscon GmbH
*
* This file is part of rsyslog.
*
@@ -29,559 +39,157 @@
*/
#include "config.h"
#include "rsyslog.h"
-#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
-#include <signal.h>
#include <string.h>
-#include <pthread.h>
+#include <stdarg.h>
+#include <ctype.h>
+
#include "syslogd.h"
#include "cfsysline.h"
-#include "template.h"
+#include "obj.h"
#include "msg.h"
#include "module-template.h"
+#include "datetime.h"
#include "imklog.h"
MODULE_TYPE_INPUT
/* Module static data */
DEF_IMOD_STATIC_DATA
+DEFobjCurrIf(datetime)
/* configuration settings TODO: move to instance data? */
int dbgPrintSymbols = 0; /* this one is extern so the helpers can access it! */
-static int symbols_twice = 0;
-static int use_syscall = 0;
-static int symbol_lookup = 1;
+int symbols_twice = 0;
+int use_syscall = 0;
+int symbol_lookup = 1;
+int bPermitNonKernel = 0; /* permit logging of messages not having LOG_KERN facility */
+int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */
/* TODO: configuration for the following directives must be implemented. It
* was not done yet because we either do not yet have a config handler for
* that type or I thought it was acceptable to push it to a later stage when
* I gained more handson experience with the input module interface (and the
* changes resulting from that). -- rgerhards, 2007-12-20
*/
-static char *symfile = NULL;
-static int console_log_level = -1;
-
-
-/* Includes. */
-#include <unistd.h>
-#include <errno.h>
-#include <sys/fcntl.h>
-#include <sys/stat.h>
-
-#if HAVE_TIME_H
-# include <time.h>
-#endif
-
-#include <stdarg.h>
-#include <paths.h>
-#include "ksyms.h"
-
-#define __LIBRARY__
-#include <unistd.h>
-
-
-#if !defined(__GLIBC__)
-# define __NR_ksyslog __NR_syslog
-_syscall3(int,ksyslog,int, type, char *, buf, int, len);
-#else
-#include <sys/klog.h>
-#define ksyslog klogctl
-#endif
-
-
-
-#ifndef _PATH_KLOG
-#define _PATH_KLOG "/proc/kmsg"
-#endif
-
-#define LOG_BUFFER_SIZE 4096
-#define LOG_LINE_LENGTH 1000
-
-static int kmsg;
-static char log_buffer[LOG_BUFFER_SIZE];
-
-static enum LOGSRC {none, proc, kernel} logsrc;
-
+char *symfile = NULL;
+int console_log_level = -1;
-/* Function prototypes. */
-extern int ksyslog(int type, char *buf, int len);
-
-
-/* Write a message to the message queue.
- * returns -1 if it fails, something else otherwise
+/* enqueue the the kernel message into the message queue.
+ * The provided msg string is not freed - thus must be done
+ * by the caller.
+ * rgerhards, 2008-04-12
*/
-static rsRetVal writeSyslogV(int iPRI, const char *szFmt, va_list va)
+static rsRetVal
+enqMsg(uchar *msg, uchar* pszTag, int iFacility, int iSeverity)
{
DEFiRet;
- int iChars;
- int iLen;
- time_t tNow;
- char msgBuf[2048]; /* we use the same size as sysklogd to remain compatible */
-
- assert(szFmt != NULL);
-
- /* build the message */
- time(&tNow);
- /* we can use sprintf safely below, because we know the size of the constants.
- * By doing so, we save some cpu cycles and code complexity (for unnecessary
- * error checking).
- */
- iLen = sprintf(msgBuf, "<%d>%.15s kernel: ", iPRI, ctime(&tNow) + 4);
-
- iChars = vsnprintf(msgBuf + iLen, sizeof(msgBuf) / sizeof(char) - iLen, szFmt, va);
-
- /* here we must create our message object and supply it to the message queue
- */
- CHKiRet(parseAndSubmitMessage((char*)LocalHostName, msgBuf, strlen(msgBuf), MSG_DONT_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY));
+ msg_t *pMsg;
+
+ assert(msg != NULL);
+ assert(pszTag != NULL);
+
+ CHKiRet(msgConstruct(&pMsg));
+ MsgSetFlowControlType(pMsg, eFLOWCTL_LIGHT_DELAY);
+ MsgSetUxTradMsg(pMsg, (char*)msg);
+ MsgSetRawMsg(pMsg, (char*)msg);
+ MsgSetMSG(pMsg, (char*)msg);
+ MsgSetHOSTNAME(pMsg, LocalHostName);
+ MsgSetTAG(pMsg, (char*)pszTag);
+ pMsg->iFacility = LOG_FAC(iFacility);
+ pMsg->iSeverity = LOG_PRI(iSeverity);
+ pMsg->bParseHOSTNAME = 0;
+ datetime.getCurrTime(&(pMsg->tTIMESTAMP)); /* use the current time! */
+ CHKiRet(submitMsg(pMsg));
finalize_it:
RETiRet;
}
-/* And now the same with variable arguments */
-static int writeSyslog(int iPRI, const char *szFmt, ...)
-{
- int iRet;
- va_list va;
-
- assert(szFmt != NULL);
- va_start(va, szFmt);
- iRet = writeSyslogV(iPRI, szFmt, va);
- va_end(va);
-
- return(iRet);
-}
-
-rsRetVal Syslog(int priority, char *fmt, ...) __attribute__((format(printf,2, 3)));
-rsRetVal Syslog(int priority, char *fmt, ...)
+/* parse the PRI from a kernel message. At least BSD seems to have
+ * non-kernel messages inside the kernel log...
+ * Expected format: "<pri>". piPri is only valid if the function
+ * successfully returns. If there was a proper pri ppSz is advanced to the
+ * position right after ">".
+ * rgerhards, 2008-04-14
+ */
+static rsRetVal
+parsePRI(uchar **ppSz, int *piPri)
{
DEFiRet;
- va_list ap;
- char *argl;
-
- /* Output using syslog. */
- if (!strcmp(fmt, "%s")) {
- va_start(ap, fmt);
- argl = va_arg(ap, char *);
- if (argl[0] == '<' && argl[1] && argl[2] == '>') {
- switch ( argl[1] )
- {
- case '0':
- priority = LOG_EMERG;
- break;
- case '1':
- priority = LOG_ALERT;
- break;
- case '2':
- priority = LOG_CRIT;
- break;
- case '3':
- priority = LOG_ERR;
- break;
- case '4':
- priority = LOG_WARNING;
- break;
- case '5':
- priority = LOG_NOTICE;
- break;
- case '6':
- priority = LOG_INFO;
- break;
- case '7':
- default:
- priority = LOG_DEBUG;
- }
- argl += 3;
- }
- iRet = writeSyslog(priority, fmt, argl);
- va_end(ap);
- } else {
- va_start(ap, fmt);
- iRet = writeSyslogV(priority, fmt, ap);
- va_end(ap);
- }
-
- RETiRet;
-}
-
-
-static void CloseLogSrc(void)
-{
- /* Turn on logging of messages to console, but only if we had the -c
- * option -- rgerhards, 2007-08-01
- */
- if (console_log_level != -1)
- ksyslog(7, NULL, 0);
-
- /* Shutdown the log sources. */
- switch ( logsrc )
- {
- case kernel:
- ksyslog(0, 0, 0);
- Syslog(LOG_INFO, "Kernel logging (ksyslog) stopped.");
- break;
- case proc:
- close(kmsg);
- Syslog(LOG_INFO, "Kernel logging (proc) stopped.");
- break;
- case none:
- break;
- }
+ int i;
+ uchar *pSz;
- return;
-}
+ assert(ppSz != NULL);
+ pSz = *ppSz;
+ assert(pSz != NULL);
+ assert(piPri != NULL);
+ if(*pSz != '<' || !isdigit(*(pSz+1)))
+ ABORT_FINALIZE(RS_RET_INVALID_PRI);
-static enum LOGSRC GetKernelLogSrc(void)
-{
- auto struct stat sb;
-
- /* Set level of kernel console messaging.. */
- if ( (console_log_level != -1) &&
- (ksyslog(8, NULL, console_log_level) < 0) &&
- (errno == EINVAL) )
- {
- /*
- * An invalid arguement error probably indicates that
- * a pre-0.14 kernel is being run. At this point we
- * issue an error message and simply shut-off console
- * logging completely.
- */
- Syslog(LOG_WARNING, "Cannot set console log level - disabling "
- "console output.");
+ ++pSz;
+ i = 0;
+ while(isdigit(*pSz)) {
+ i = i * 10 + *pSz - '0';
}
- /*
- * First do a stat to determine whether or not the proc based
- * file system is available to get kernel messages from.
- */
- if ( use_syscall ||
- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
- {
- /* Initialize kernel logging. */
- ksyslog(1, NULL, 0);
- Syslog(LOG_INFO, "imklogd %s, log source = ksyslog "
- "started.", VERSION);
- return(kernel);
- }
+ if(*pSz != '>')
+ ABORT_FINALIZE(RS_RET_INVALID_PRI);
- if ( (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 )
- {
- char sz[512];
- snprintf(sz, sizeof(sz), "imklog: Cannot open proc file system, %d - %s.\n", errno, strerror(errno));
- logmsgInternal(LOG_SYSLOG|LOG_ERR, sz, ADDDATE);
- ksyslog(7, NULL, 0); /* TODO: check this, implement more */
- return(none);
- }
+ /* OK, we have a valid PRI */
+ *piPri = i;
- Syslog(LOG_INFO, "imklog %s, log source = %s started.", \
- VERSION, _PATH_KLOG);
- return(proc);
+finalize_it:
+ RETiRet;
}
-/* Copy characters from ptr to line until a char in the delim
- * string is encountered or until min( space, len ) chars have
- * been copied.
- *
- * Returns the actual number of chars copied.
+/* log an imklog-internal message
+ * rgerhards, 2008-04-14
*/
-static int copyin( char *line, int space,
- const char *ptr, int len,
- const char *delim )
+rsRetVal imklogLogIntMsg(int priority, char *fmt, ...)
{
- auto int i;
- auto int count;
-
- count = len < space ? len : space;
+ DEFiRet;
+ va_list ap;
+ uchar msgBuf[2048]; /* we use the same size as sysklogd to remain compatible */
+ uchar *pLogMsg;
- for(i=0; i<count && !strchr(delim, *ptr); i++ ) {
- *line++ = *ptr++;
- }
+ va_start(ap, fmt);
+ vsnprintf((char*)msgBuf, sizeof(msgBuf) / sizeof(char), fmt, ap);
+ pLogMsg = msgBuf;
+ va_end(ap);
- return(i);
-}
+ iRet = enqMsg((uchar*)pLogMsg, (uchar*) ((iFacilIntMsg == LOG_KERN) ? "kernel:" : "imklog:"),
+ iFacilIntMsg, LOG_PRI(priority));
-/*
- * Messages are separated by "\n". Messages longer than
- * LOG_LINE_LENGTH are broken up.
- *
- * Kernel symbols show up in the input buffer as : "[<aaaaaa>]",
- * where "aaaaaa" is the address. These are replaced with
- * "[symbolname+offset/size]" in the output line - symbolname,
- * offset, and size come from the kernel symbol table.
- *
- * If a kernel symbol happens to fall at the end of a message close
- * in length to LOG_LINE_LENGTH, the symbol will not be expanded.
- * (This should never happen, since the kernel should never generate
- * messages that long.
- *
- * To preserve the original addresses, lines containing kernel symbols
- * are output twice. Once with the symbols converted and again with the
- * original text. Just in case somebody wants to run their own Oops
- * analysis on the syslog, e.g. ksymoops.
- */
-static void LogLine(char *ptr, int len)
-{
- enum parse_state_enum {
- PARSING_TEXT,
- PARSING_SYMSTART, /* at < */
- PARSING_SYMBOL,
- PARSING_SYMEND /* at ] */
- };
-
- static char line_buff[LOG_LINE_LENGTH];
-
- static char *line =line_buff;
- static enum parse_state_enum parse_state = PARSING_TEXT;
- static int space = sizeof(line_buff)-1;
-
- static char *sym_start; /* points at the '<' of a symbol */
-
- auto int delta = 0; /* number of chars copied */
- auto int symbols_expanded = 0; /* 1 if symbols were expanded */
- auto int skip_symbol_lookup = 0; /* skip symbol lookup on this pass */
- auto char *save_ptr = ptr; /* save start of input line */
- auto int save_len = len; /* save length at start of input line */
-
- while( len > 0 )
- {
- if( space == 0 ) /* line buffer is full */
- {
- /*
- ** Line too long. Start a new line.
- */
- *line = 0; /* force null terminator */
-
- dbgprintf("Line buffer full:\n");
- dbgprintf("\tLine: %s\n", line);
-
- Syslog( LOG_INFO, "%s", line_buff );
- line = line_buff;
- space = sizeof(line_buff)-1;
- parse_state = PARSING_TEXT;
- symbols_expanded = 0;
- skip_symbol_lookup = 0;
- save_ptr = ptr;
- save_len = len;
- }
-
- switch( parse_state )
- {
- case PARSING_TEXT:
- delta = copyin( line, space, ptr, len, "\n[" );
- line += delta;
- ptr += delta;
- space -= delta;
- len -= delta;
-
- if( space == 0 || len == 0 )
- {
- break; /* full line_buff or end of input buffer */
- }
-
- if( *ptr == '\0' ) /* zero byte */
- {
- ptr++; /* skip zero byte */
- space -= 1;
- len -= 1;
-
- break;
- }
-
- if( *ptr == '\n' ) /* newline */
- {
- ptr++; /* skip newline */
- space -= 1;
- len -= 1;
-
- *line = 0; /* force null terminator */
- Syslog( LOG_INFO, "%s", line_buff );
- line = line_buff;
- space = sizeof(line_buff)-1;
- if (symbols_twice) {
- if (symbols_expanded) {
- /* reprint this line without symbol lookup */
- symbols_expanded = 0;
- skip_symbol_lookup = 1;
- ptr = save_ptr;
- len = save_len;
- }
- else
- {
- skip_symbol_lookup = 0;
- save_ptr = ptr;
- save_len = len;
- }
- }
- break;
- }
- if( *ptr == '[' ) /* possible kernel symbol */
- {
- *line++ = *ptr++;
- space -= 1;
- len -= 1;
- if (!skip_symbol_lookup)
- parse_state = PARSING_SYMSTART; /* at < */
- break;
- }
- /* Now that line_buff is no longer fed to *printf as format
- * string, '%'s are no longer "dangerous".
- */
- break;
-
- case PARSING_SYMSTART:
- if( *ptr != '<' )
- {
- parse_state = PARSING_TEXT; /* not a symbol */
- break;
- }
-
- /*
- ** Save this character for now. If this turns out to
- ** be a valid symbol, this char will be replaced later.
- ** If not, we'll just leave it there.
- */
-
- sym_start = line; /* this will point at the '<' */
-
- *line++ = *ptr++;
- space -= 1;
- len -= 1;
- parse_state = PARSING_SYMBOL; /* symbol... */
- break;
-
- case PARSING_SYMBOL:
- delta = copyin( line, space, ptr, len, ">\n[" );
- line += delta;
- ptr += delta;
- space -= delta;
- len -= delta;
- if( space == 0 || len == 0 )
- {
- break; /* full line_buff or end of input buffer */
- }
- if( *ptr != '>' )
- {
- parse_state = PARSING_TEXT;
- break;
- }
-
- *line++ = *ptr++; /* copy the '>' */
- space -= 1;
- len -= 1;
-
- parse_state = PARSING_SYMEND;
-
- break;
-
- case PARSING_SYMEND:
- if( *ptr != ']' )
- {
- parse_state = PARSING_TEXT; /* not a symbol */
- break;
- }
-
- /*
- ** It's really a symbol! Replace address with the
- ** symbol text.
- */
- {
- auto int sym_space;
-
- unsigned long value;
- auto struct symbol sym;
- auto char *symbol;
-
- *(line-1) = 0; /* null terminate the address string */
- value = strtoul(sym_start+1, (char **) 0, 16);
- *(line-1) = '>'; /* put back delim */
-
- if ( !symbol_lookup || (symbol = LookupSymbol(value, &sym)) == (char *)0 )
- {
- parse_state = PARSING_TEXT;
- break;
- }
-
- /*
- ** verify there is room in the line buffer
- */
- sym_space = space + ( line - sym_start );
- if( (unsigned) sym_space < strlen(symbol) + 30 ) /*(30 should be overkill)*/
- {
- parse_state = PARSING_TEXT; /* not enough space */
- break;
- }
-
- delta = sprintf( sym_start, "%s+%d/%d]",
- symbol, sym.offset, sym.size );
-
- space = sym_space + delta;
- line = sym_start + delta;
- symbols_expanded = 1;
- }
- ptr++;
- len--;
- parse_state = PARSING_TEXT;
- break;
-
- default: /* Can't get here! */
- parse_state = PARSING_TEXT;
-
- }
- }
-
- return;
+ RETiRet;
}
-static void LogKernelLine(void)
+/* log a kernel message
+ * rgerhards, 2008-04-14
+ */
+rsRetVal Syslog(int priority, uchar *pMsg)
{
- auto int rdcnt;
+ DEFiRet;
+ rsRetVal localRet;
- /*
- * Zero-fill the log buffer. This should cure a multitude of
- * problems with klogd logging the tail end of the message buffer
- * which will contain old messages. Then read the kernel log
- * messages into this fresh buffer.
- */
- memset(log_buffer, '\0', sizeof(log_buffer));
- if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer)-1)) < 0 )
- {
- char sz[512];
- if(errno == EINTR)
- return;
- snprintf(sz, sizeof(sz), "imklog: Error return from sys_sycall: %d - %s\n", errno, strerror(errno));
- logmsgInternal(LOG_SYSLOG|LOG_ERR, sz, ADDDATE);
- }
- else
- LogLine(log_buffer, rdcnt);
- return;
-}
+ /* Output using syslog */
+ localRet = parsePRI(&pMsg, &priority);
+ if(localRet != RS_RET_INVALID_PRI && localRet != RS_RET_OK)
+ FINALIZE;
+ /* if we don't get the pri, we use whatever we were supplied */
+ /* ignore non-kernel messages if not permitted */
+ if(bPermitNonKernel == 0 && LOG_FAC(priority) != LOG_KERN)
+ FINALIZE; /* silently ignore */
-static void LogProcLine(void)
-{
- auto int rdcnt;
+ iRet = enqMsg((uchar*)pMsg, (uchar*) "kernel:", LOG_FAC(priority), LOG_PRI(priority));
- /*
- * Zero-fill the log buffer. This should cure a multitude of
- * problems with klogd logging the tail end of the message buffer
- * which will contain old messages. Then read the kernel messages
- * from the message pseudo-file into this fresh buffer.
- */
- memset(log_buffer, '\0', sizeof(log_buffer));
- if ( (rdcnt = read(kmsg, log_buffer, sizeof(log_buffer)-1)) < 0 )
- {
- if ( errno == EINTR )
- return;
- Syslog(LOG_ERR, "Cannot read proc file system: %d - %s.", errno, strerror(errno));
- }
- else
- LogLine(log_buffer, rdcnt);
-
- return;
+finalize_it:
+ RETiRet;
}
@@ -592,64 +200,32 @@ CODESTARTrunInput
* right into the sleep below.
*/
while(!pThrd->bShallStop) {
- /* we do not need to handle the RS_RET_TERMINATE_NOW case any
- * special because we just need to terminate. This may be different
- * if a cleanup is needed. But for now, we can just use CHKiRet().
- * rgerhards, 2007-12-17
+ /* klogLogKMsg() waits for the next kernel message, obtains it
+ * and then submits it to the rsyslog main queue.
+ * rgerhards, 2008-04-09
*/
- switch ( logsrc )
- {
- case kernel:
- LogKernelLine();
- break;
- case proc:
- LogProcLine();
- break;
- case none:
- /* TODO: We need to handle this case here somewhat more intelligent
- * This is now at least partly done - code should never reach this point
- * as willRun() already checked for the "none" status -- rgerhards, 2007-12-17
- */
- pause();
- break;
- }
+ CHKiRet(klogLogKMsg());
}
- RETiRet;
+finalize_it:
ENDrunInput
BEGINwillRun
- /* Initialize this module. If that fails, we tell the engine we don't like to run */
- /* Determine where kernel logging information is to come from. */
- logsrc = GetKernelLogSrc();
- if(logsrc == none) {
- iRet = RS_RET_NO_KERNEL_LOGSRC;
- } else {
- if (symbol_lookup) {
- symbol_lookup = (InitKsyms(symfile) == 1);
- symbol_lookup |= InitMsyms();
- if (symbol_lookup == 0) {
- Syslog(LOG_WARNING, "cannot find any symbols, turning off symbol lookups\n");
- }
- }
- }
CODESTARTwillRun
+ iRet = klogWillRun();
ENDwillRun
BEGINafterRun
CODESTARTafterRun
- /* cleanup here */
- if(logsrc != none)
- CloseLogSrc();
-
- DeinitKsyms();
- DeinitMsyms();
+ iRet = klogAfterRun();
ENDafterRun
BEGINmodExit
CODESTARTmodExit
+ /* release objects we used */
+ objRelease(datetime, CORE_COMPONENT);
ENDmodExit
@@ -665,6 +241,8 @@ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __a
use_syscall = 0;
symfile = NULL;
symbol_lookup = 1;
+ bPermitNonKernel = 0;
+ iFacilIntMsg = klogFacilIntMsg();
return RS_RET_OK;
}
@@ -672,17 +250,17 @@ BEGINmodInit()
CODESTARTmodInit
*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
CODEmodInit_QueryRegCFSLineHdlr
+ CHKiRet(objUse(datetime, CORE_COMPONENT));
+
+ iFacilIntMsg = klogFacilIntMsg();
+
CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrBinary, NULL, &dbgPrintSymbols, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrBinary, NULL, &symbol_lookup, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrBinary, NULL, &symbols_twice, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrBinary, NULL, &use_syscall, STD_LOADABLE_MODULE_ID));
+ CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogpermitnonkernelfacility", 0, eCmdHdlrBinary, NULL, &bPermitNonKernel, STD_LOADABLE_MODULE_ID));
+ CHKiRet(omsdRegCFSLineHdlr((uchar *)"kloginternalmsgfacility", 0, eCmdHdlrFacility, NULL, &iFacilIntMsg, STD_LOADABLE_MODULE_ID));
CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
ENDmodInit
-/*
- * Local variables:
- * c-indent-level: 8
- * c-basic-offset: 8
- * tab-width: 8
- * End:
- * vi:set ai:
+/* vim:set ai:
*/
diff --git a/plugins/imklog/imklog.h b/plugins/imklog/imklog.h
index 71525a79..a37ecc9e 100644
--- a/plugins/imklog/imklog.h
+++ b/plugins/imklog/imklog.h
@@ -2,8 +2,10 @@
* These are the definitions for the klog message generation module.
*
* File begun on 2007-12-17 by RGerhards
+ * Major change: 2008-04-09: switched to a driver interface for
+ * several platforms
*
- * Copyright 2007 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2007-2008 Rainer Gerhards and Adiscon GmbH.
*
* This file is part of rsyslog.
*
@@ -28,9 +30,33 @@
#include "rsyslog.h"
#include "syslogd.h"
-/* global variables */
+/* interface to "drivers"
+ * the platform specific drivers must implement these entry points. Only one
+ * driver may be active at any given time, thus we simply rely on the linker
+ * to resolve the addresses.
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogLogKMsg(void);
+rsRetVal klogWillRun(void);
+rsRetVal klogAfterRun(void);
+int klogFacilIntMsg(void);
+
+/* the following data members may be accessed by the "drivers"
+ * I admit this is not the cleanest way to doing things, but I honestly
+ * believe it is appropriate for the job that needs to be done.
+ * rgerhards, 2008-04-09
+ */
+extern int symbols_twice;
+extern int use_syscall;
+extern int symbol_lookup;
+extern char *symfile;
+extern int console_log_level;
extern int dbgPrintSymbols;
+/* the functions below may be called by the drivers */
+rsRetVal imklogLogIntMsg(int priority, char *fmt, ...) __attribute__((format(printf,2, 3)));
+rsRetVal Syslog(int priority, uchar *msg);
+
/* prototypes */
extern int InitKsyms(char *);
extern void DeinitKsyms(void);
@@ -38,8 +64,6 @@ extern int InitMsyms(void);
extern void DeinitMsyms(void);
extern char * ExpandKadds(char *, char *);
extern void SetParanoiaLevel(int);
-extern void vsyslog(int pri, const char *fmt, va_list ap);
-rsRetVal Syslog(int priority, char *fmt, ...) __attribute__((format(printf,2, 3)));
#endif /* #ifndef IMKLOG_H_INCLUDED */
/* vi:set ai:
diff --git a/plugins/imklog/ksym.c b/plugins/imklog/ksym.c
index b7d5903e..1c2af124 100644
--- a/plugins/imklog/ksym.c
+++ b/plugins/imklog/ksym.c
@@ -185,18 +185,18 @@ extern int InitKsyms(char *mapfile)
if ( mapfile != (char *) 0 ) {
if ( (sym_file = fopen(mapfile, "r")) == (FILE *) 0 )
{
- Syslog(LOG_WARNING, "Cannot open map file: %s.", mapfile);
+ imklogLogIntMsg(LOG_WARNING, "Cannot open map file: %s.", mapfile);
return(0);
}
} else {
if ( (mapfile = FindSymbolFile()) == (char *) 0 ) {
- Syslog(LOG_WARNING, "Cannot find map file.");
+ imklogLogIntMsg(LOG_WARNING, "Cannot find map file.");
dbgprintf("Cannot find map file.\n");
return(0);
}
if ( (sym_file = fopen(mapfile, "r")) == (FILE *) 0 ) {
- Syslog(LOG_WARNING, "Cannot open map file.");
+ imklogLogIntMsg(LOG_WARNING, "Cannot open map file.");
dbgprintf("Cannot open map file.\n");
return(0);
}
@@ -213,7 +213,7 @@ extern int InitKsyms(char *mapfile)
*/
while ( !feof(sym_file) ) {
if ( fscanf(sym_file, "%lx %c %s\n", &address, &type, sym) != 3 ) {
- Syslog(LOG_ERR, "Error in symbol table input (#1).");
+ imklogLogIntMsg(LOG_ERR, "Error in symbol table input (#1).");
fclose(sym_file);
return(0);
}
@@ -221,7 +221,7 @@ extern int InitKsyms(char *mapfile)
dbgprintf("Address: %lx, Type: %c, Symbol: %s\n", address, type, sym);
if ( AddSymbol(address, sym) == 0 ) {
- Syslog(LOG_ERR, "Error adding symbol - %s.", sym);
+ imklogLogIntMsg(LOG_ERR, "Error adding symbol - %s.", sym);
fclose(sym_file);
return(0);
}
@@ -231,19 +231,19 @@ extern int InitKsyms(char *mapfile)
}
- Syslog(LOG_INFO, "Loaded %d symbols from %s.", num_syms, mapfile);
+ imklogLogIntMsg(LOG_INFO, "Loaded %d symbols from %s.", num_syms, mapfile);
switch(version) {
case -1:
- Syslog(LOG_WARNING, "Symbols do not match kernel version.");
+ imklogLogIntMsg(LOG_WARNING, "Symbols do not match kernel version.");
num_syms = 0;
break;
case 0:
- Syslog(LOG_WARNING, "Cannot verify that symbols match kernel version.");
+ imklogLogIntMsg(LOG_WARNING, "Cannot verify that symbols match kernel version.");
break;
case 1:
- Syslog(LOG_INFO, "Symbols match kernel version %s.", vstring);
+ imklogLogIntMsg(LOG_INFO, "Symbols match kernel version %s.", vstring);
break;
}
@@ -296,12 +296,12 @@ static char *FindSymbolFile(void)
**mf = system_maps;
auto struct utsname utsname;
- static char symfile[100];
+ static char mysymfile[100];
auto FILE *sym_file = (FILE *) 0;
if ( uname(&utsname) < 0 ) {
- Syslog(LOG_ERR, "Cannot get kernel version information.");
+ imklogLogIntMsg(LOG_ERR, "Cannot get kernel version information.");
return(0);
}
@@ -309,19 +309,19 @@ static char *FindSymbolFile(void)
for(mf = system_maps; *mf != (char *) 0 && file == (char *) 0; ++mf) {
- snprintf(symfile, sizeof(symfile), "%s-%s", *mf, utsname.release);
- dbgprintf("Trying %s.\n", symfile);
- if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) {
- if (CheckMapVersion(symfile) == 1)
- file = symfile;
+ snprintf(mysymfile, sizeof(mysymfile), "%s-%s", *mf, utsname.release);
+ dbgprintf("Trying %s.\n", mysymfile);
+ if ( (sym_file = fopen(mysymfile, "r")) != (FILE *) 0 ) {
+ if (CheckMapVersion(mysymfile) == 1)
+ file = mysymfile;
fclose(sym_file);
}
if (sym_file == (FILE *) 0 || file == (char *) 0) {
- sprintf (symfile, "%s", *mf);
- dbgprintf("Trying %s.\n", symfile);
- if ( (sym_file = fopen(symfile, "r")) != (FILE *) 0 ) {
- if (CheckMapVersion(symfile) == 1)
- file = symfile;
+ sprintf (mysymfile, "%s", *mf);
+ dbgprintf("Trying %s.\n", mysymfile);
+ if ( (sym_file = fopen(mysymfile, "r")) != (FILE *) 0 ) {
+ if (CheckMapVersion(mysymfile) == 1)
+ file = mysymfile;
fclose(sym_file);
}
}
@@ -410,13 +410,13 @@ static int CheckVersion(char *version)
* version level.
*/
if ( uname(&utsname) < 0 ) {
- Syslog(LOG_ERR, "Cannot get kernel version information.");
+ imklogLogIntMsg(LOG_ERR, "Cannot get kernel version information.");
return(0);
}
dbgprintf("Comparing kernel %s with symbol table %s.\n", utsname.release, vstring);
if ( sscanf (utsname.release, "%d.%d.%d", &major, &minor, &patch) < 3 ) {
- Syslog(LOG_ERR, "Kernel send bogus release string `%s'.", utsname.release);
+ imklogLogIntMsg(LOG_ERR, "Kernel send bogus release string `%s'.", utsname.release);
return(0);
}
@@ -470,12 +470,12 @@ static int CheckMapVersion(char *fname)
* now need to search this file and look for version
* information.
*/
- Syslog(LOG_INFO, "Inspecting %s", fname);
+ imklogLogIntMsg(LOG_INFO, "Inspecting %s", fname);
version = 0;
while ( !feof(sym_file) && (version == 0) ) {
if ( fscanf(sym_file, "%lx %c %s\n", &address, &type, sym) != 3 ) {
- Syslog(LOG_ERR, "Error in symbol table input (#2).");
+ imklogLogIntMsg(LOG_ERR, "Error in symbol table input (#2).");
fclose(sym_file);
return(0);
}
@@ -487,7 +487,7 @@ static int CheckMapVersion(char *fname)
switch ( version ) {
case -1:
- Syslog(LOG_ERR, "Symbol table has incorrect version number.\n");
+ imklogLogIntMsg(LOG_ERR, "Symbol table has incorrect version number.\n");
break;
case 0:
dbgprintf("No version information found.\n");
@@ -684,7 +684,7 @@ extern char *ExpandKadds(char *line, char *el)
*/
if ( i_am_paranoid &&
(strstr(line, "Oops:") != (char *) 0) && !InitMsyms() )
- Syslog(LOG_WARNING, "Cannot load kernel module symbols.\n");
+ imklogLogIntMsg(LOG_WARNING, "Cannot load kernel module symbols.\n");
/*
diff --git a/plugins/imklog/ksym_mod.c b/plugins/imklog/ksym_mod.c
index 11535a5f..bef810b4 100644
--- a/plugins/imklog/ksym_mod.c
+++ b/plugins/imklog/ksym_mod.c
@@ -158,10 +158,10 @@ extern int InitMsyms(void)
if ( ksyms == NULL ) {
if ( errno == ENOENT )
- Syslog(LOG_INFO, "No module symbols loaded - "
+ imklogLogIntMsg(LOG_INFO, "No module symbols loaded - "
"kernel modules not enabled.\n");
else
- Syslog(LOG_ERR, "Error loading kernel symbols " \
+ imklogLogIntMsg(LOG_ERR, "Error loading kernel symbols " \
"- %s\n", strerror(errno));
fclose(ksyms);
return(0);
@@ -201,9 +201,9 @@ extern int InitMsyms(void)
}
if ( rtn == 0 )
- Syslog(LOG_INFO, "No module symbols loaded.");
+ imklogLogIntMsg(LOG_INFO, "No module symbols loaded.");
else
- Syslog(LOG_INFO, "Loaded %d %s from %d module%s", rtn, \
+ imklogLogIntMsg(LOG_INFO, "Loaded %d %s from %d module%s", rtn, \
(rtn == 1) ? "symbol" : "symbols", \
num_modules, (num_modules == 1) ? "." : "s.");
@@ -296,7 +296,7 @@ struct Module *AddModule(module)
if ( sym_array_modules == NULL )
{
- Syslog(LOG_WARNING, "Cannot allocate Module array.\n");
+ imklogLogIntMsg(LOG_WARNING, "Cannot allocate Module array.\n");
return NULL;
}
mp = sym_array_modules;
@@ -308,7 +308,7 @@ struct Module *AddModule(module)
if ( mp == NULL )
{
- Syslog(LOG_WARNING, "Cannot allocate Module array.\n");
+ imklogLogIntMsg(LOG_WARNING, "Cannot allocate Module array.\n");
return NULL;
}
diff --git a/plugins/imklog/linux.c b/plugins/imklog/linux.c
new file mode 100644
index 00000000..a742a456
--- /dev/null
+++ b/plugins/imklog/linux.c
@@ -0,0 +1,544 @@
+/* klog for linux, based on the FreeBSD syslogd implementation.
+ *
+ * This contains OS-specific functionality to read the BSD
+ * kernel log. For a general overview, see head comment in
+ * imklog.c.
+ *
+ * This file heavily borrows from the klogd daemon provided by
+ * the sysklogd project. Many thanks for this piece of software.
+ *
+ * This file is part of rsyslog.
+ *
+ * Rsyslog is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Rsyslog is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+*/
+#include "config.h"
+#include "rsyslog.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+#include <signal.h>
+#include <string.h>
+#include <pthread.h>
+#include "syslogd.h"
+#include "cfsysline.h"
+#include "template.h"
+#include "msg.h"
+#include "module-template.h"
+#include "imklog.h"
+
+
+/* Includes. */
+#include <unistd.h>
+#include <errno.h>
+#include <sys/fcntl.h>
+#include <sys/stat.h>
+
+#if HAVE_TIME_H
+# include <time.h>
+#endif
+
+#include <stdarg.h>
+#include <paths.h>
+#include "ksyms.h"
+
+#define __LIBRARY__
+#include <unistd.h>
+
+
+#if !defined(__GLIBC__)
+# define __NR_ksyslog __NR_syslog
+_syscall3(int,ksyslog,int, type, char *, buf, int, len);
+#else
+#include <sys/klog.h>
+#define ksyslog klogctl
+#endif
+
+
+
+#ifndef _PATH_KLOG
+#define _PATH_KLOG "/proc/kmsg"
+#endif
+
+#define LOG_BUFFER_SIZE 4096
+#define LOG_LINE_LENGTH 1000
+
+static int kmsg;
+static char log_buffer[LOG_BUFFER_SIZE];
+
+static enum LOGSRC {none, proc, kernel} logsrc;
+
+
+/* Function prototypes. */
+extern int ksyslog(int type, char *buf, int len);
+
+
+static void CloseLogSrc(void)
+{
+ /* Turn on logging of messages to console, but only if we had the -c
+ * option -- rgerhards, 2007-08-01
+ */
+ if (console_log_level != -1)
+ ksyslog(7, NULL, 0);
+
+ /* Shutdown the log sources. */
+ switch ( logsrc )
+ {
+ case kernel:
+ ksyslog(0, 0, 0);
+ imklogLogIntMsg(LOG_INFO, "Kernel logging (ksyslog) stopped.");
+ break;
+ case proc:
+ close(kmsg);
+ imklogLogIntMsg(LOG_INFO, "Kernel logging (proc) stopped.");
+ break;
+ case none:
+ break;
+ }
+
+ return;
+}
+
+
+static enum LOGSRC GetKernelLogSrc(void)
+{
+ auto struct stat sb;
+
+ /* Set level of kernel console messaging.. */
+ if ( (console_log_level != -1) &&
+ (ksyslog(8, NULL, console_log_level) < 0) &&
+ (errno == EINVAL) )
+ {
+ /*
+ * An invalid arguement error probably indicates that
+ * a pre-0.14 kernel is being run. At this point we
+ * issue an error message and simply shut-off console
+ * logging completely.
+ */
+ imklogLogIntMsg(LOG_WARNING, "Cannot set console log level - disabling "
+ "console output.");
+ }
+
+ /*
+ * First do a stat to determine whether or not the proc based
+ * file system is available to get kernel messages from.
+ */
+ if ( use_syscall ||
+ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
+ {
+ /* Initialize kernel logging. */
+ ksyslog(1, NULL, 0);
+ imklogLogIntMsg(LOG_INFO, "imklogd %s, log source = ksyslog "
+ "started.", VERSION);
+ return(kernel);
+ }
+
+ if ( (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 )
+ {
+ char sz[512];
+ snprintf(sz, sizeof(sz), "imklog: Cannot open proc file system, %d - %s.\n", errno, strerror(errno));
+ logmsgInternal(LOG_SYSLOG|LOG_ERR, sz, ADDDATE);
+ ksyslog(7, NULL, 0); /* TODO: check this, implement more */
+ return(none);
+ }
+
+ imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, _PATH_KLOG);
+ return(proc);
+}
+
+
+/* Copy characters from ptr to line until a char in the delim
+ * string is encountered or until min( space, len ) chars have
+ * been copied.
+ *
+ * Returns the actual number of chars copied.
+ */
+static int copyin( uchar *line, int space,
+ const char *ptr, int len,
+ const char *delim )
+{
+ auto int i;
+ auto int count;
+
+ count = len < space ? len : space;
+
+ for(i=0; i<count && !strchr(delim, *ptr); i++ ) {
+ *line++ = *ptr++;
+ }
+
+ return(i);
+}
+
+/*
+ * Messages are separated by "\n". Messages longer than
+ * LOG_LINE_LENGTH are broken up.
+ *
+ * Kernel symbols show up in the input buffer as : "[<aaaaaa>]",
+ * where "aaaaaa" is the address. These are replaced with
+ * "[symbolname+offset/size]" in the output line - symbolname,
+ * offset, and size come from the kernel symbol table.
+ *
+ * If a kernel symbol happens to fall at the end of a message close
+ * in length to LOG_LINE_LENGTH, the symbol will not be expanded.
+ * (This should never happen, since the kernel should never generate
+ * messages that long.
+ *
+ * To preserve the original addresses, lines containing kernel symbols
+ * are output twice. Once with the symbols converted and again with the
+ * original text. Just in case somebody wants to run their own Oops
+ * analysis on the syslog, e.g. ksymoops.
+ */
+static void LogLine(char *ptr, int len)
+{
+ enum parse_state_enum {
+ PARSING_TEXT,
+ PARSING_SYMSTART, /* at < */
+ PARSING_SYMBOL,
+ PARSING_SYMEND /* at ] */
+ };
+
+ static uchar line_buff[LOG_LINE_LENGTH];
+
+ static uchar *line =line_buff;
+ static enum parse_state_enum parse_state = PARSING_TEXT;
+ static int space = sizeof(line_buff)-1;
+
+ static uchar *sym_start; /* points at the '<' of a symbol */
+
+ auto int delta = 0; /* number of chars copied */
+ auto int symbols_expanded = 0; /* 1 if symbols were expanded */
+ auto int skip_symbol_lookup = 0; /* skip symbol lookup on this pass */
+ auto char *save_ptr = ptr; /* save start of input line */
+ auto int save_len = len; /* save length at start of input line */
+
+ while( len > 0 )
+ {
+ if( space == 0 ) /* line buffer is full */
+ {
+ /*
+ ** Line too long. Start a new line.
+ */
+ *line = 0; /* force null terminator */
+
+ dbgprintf("Line buffer full:\n");
+ dbgprintf("\tLine: %s\n", line);
+
+ Syslog(LOG_INFO, line_buff);
+ line = line_buff;
+ space = sizeof(line_buff)-1;
+ parse_state = PARSING_TEXT;
+ symbols_expanded = 0;
+ skip_symbol_lookup = 0;
+ save_ptr = ptr;
+ save_len = len;
+ }
+
+ switch( parse_state )
+ {
+ case PARSING_TEXT:
+ delta = copyin(line, space, ptr, len, "\n[" );
+ line += delta;
+ ptr += delta;
+ space -= delta;
+ len -= delta;
+
+ if( space == 0 || len == 0 )
+ {
+ break; /* full line_buff or end of input buffer */
+ }
+
+ if( *ptr == '\0' ) /* zero byte */
+ {
+ ptr++; /* skip zero byte */
+ space -= 1;
+ len -= 1;
+
+ break;
+ }
+
+ if( *ptr == '\n' ) /* newline */
+ {
+ ptr++; /* skip newline */
+ space -= 1;
+ len -= 1;
+
+ *line = 0; /* force null terminator */
+ Syslog(LOG_INFO, line_buff);
+ line = line_buff;
+ space = sizeof(line_buff)-1;
+ if (symbols_twice) {
+ if (symbols_expanded) {
+ /* reprint this line without symbol lookup */
+ symbols_expanded = 0;
+ skip_symbol_lookup = 1;
+ ptr = save_ptr;
+ len = save_len;
+ }
+ else
+ {
+ skip_symbol_lookup = 0;
+ save_ptr = ptr;
+ save_len = len;
+ }
+ }
+ break;
+ }
+ if( *ptr == '[' ) /* possible kernel symbol */
+ {
+ *line++ = *ptr++;
+ space -= 1;
+ len -= 1;
+ if (!skip_symbol_lookup)
+ parse_state = PARSING_SYMSTART; /* at < */
+ break;
+ }
+ /* Now that line_buff is no longer fed to *printf as format
+ * string, '%'s are no longer "dangerous".
+ */
+ break;
+
+ case PARSING_SYMSTART:
+ if( *ptr != '<' )
+ {
+ parse_state = PARSING_TEXT; /* not a symbol */
+ break;
+ }
+
+ /*
+ ** Save this character for now. If this turns out to
+ ** be a valid symbol, this char will be replaced later.
+ ** If not, we'll just leave it there.
+ */
+
+ sym_start = line; /* this will point at the '<' */
+
+ *line++ = *ptr++;
+ space -= 1;
+ len -= 1;
+ parse_state = PARSING_SYMBOL; /* symbol... */
+ break;
+
+ case PARSING_SYMBOL:
+ delta = copyin( line, space, ptr, len, ">\n[" );
+ line += delta;
+ ptr += delta;
+ space -= delta;
+ len -= delta;
+ if( space == 0 || len == 0 )
+ {
+ break; /* full line_buff or end of input buffer */
+ }
+ if( *ptr != '>' )
+ {
+ parse_state = PARSING_TEXT;
+ break;
+ }
+
+ *line++ = *ptr++; /* copy the '>' */
+ space -= 1;
+ len -= 1;
+
+ parse_state = PARSING_SYMEND;
+
+ break;
+
+ case PARSING_SYMEND:
+ if( *ptr != ']' )
+ {
+ parse_state = PARSING_TEXT; /* not a symbol */
+ break;
+ }
+
+ /*
+ ** It's really a symbol! Replace address with the
+ ** symbol text.
+ */
+ {
+ auto int sym_space;
+
+ unsigned long value;
+ auto struct symbol sym;
+ auto char *symbol;
+
+ *(line-1) = 0; /* null terminate the address string */
+ value = strtoul((char*)(sym_start+1), (char **) 0, 16);
+ *(line-1) = '>'; /* put back delim */
+
+ if ( !symbol_lookup || (symbol = LookupSymbol(value, &sym)) == (char *)0 )
+ {
+ parse_state = PARSING_TEXT;
+ break;
+ }
+
+ /*
+ ** verify there is room in the line buffer
+ */
+ sym_space = space + ( line - sym_start );
+ if( (unsigned) sym_space < strlen(symbol) + 30 ) /*(30 should be overkill)*/
+ {
+ parse_state = PARSING_TEXT; /* not enough space */
+ break;
+ }
+
+ // TODO: sprintf!!!!
+ delta = sprintf( (char*) sym_start, "%s+%d/%d]",
+ symbol, sym.offset, sym.size );
+
+ space = sym_space + delta;
+ line = sym_start + delta;
+ symbols_expanded = 1;
+ }
+ ptr++;
+ len--;
+ parse_state = PARSING_TEXT;
+ break;
+
+ default: /* Can't get here! */
+ parse_state = PARSING_TEXT;
+
+ }
+ }
+
+ return;
+}
+
+
+static void LogKernelLine(void)
+{
+ auto int rdcnt;
+
+ /*
+ * Zero-fill the log buffer. This should cure a multitude of
+ * problems with klogd logging the tail end of the message buffer
+ * which will contain old messages. Then read the kernel log
+ * messages into this fresh buffer.
+ */
+ memset(log_buffer, '\0', sizeof(log_buffer));
+ if ( (rdcnt = ksyslog(2, log_buffer, sizeof(log_buffer)-1)) < 0 )
+ {
+ char sz[512];
+ if(errno == EINTR)
+ return;
+ snprintf(sz, sizeof(sz), "imklog: Error return from sys_sycall: %d - %s\n", errno, strerror(errno));
+ logmsgInternal(LOG_SYSLOG|LOG_ERR, sz, ADDDATE);
+ }
+ else
+ LogLine(log_buffer, rdcnt);
+ return;
+}
+
+
+static void LogProcLine(void)
+{
+ auto int rdcnt;
+
+ /*
+ * Zero-fill the log buffer. This should cure a multitude of
+ * problems with klogd logging the tail end of the message buffer
+ * which will contain old messages. Then read the kernel messages
+ * from the message pseudo-file into this fresh buffer.
+ */
+ memset(log_buffer, '\0', sizeof(log_buffer));
+ if ( (rdcnt = read(kmsg, log_buffer, sizeof(log_buffer)-1)) < 0 ) {
+ if ( errno == EINTR )
+ return;
+ imklogLogIntMsg(LOG_ERR, "Cannot read proc file system: %d - %s.", errno, strerror(errno));
+ } else {
+ LogLine(log_buffer, rdcnt);
+ }
+
+ return;
+}
+
+
+/* to be called in the module's WillRun entry point
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogLogKMsg(void)
+{
+ DEFiRet;
+ switch(logsrc) {
+ case kernel:
+ LogKernelLine();
+ break;
+ case proc:
+ LogProcLine();
+ break;
+ case none:
+ /* TODO: We need to handle this case here somewhat more intelligent
+ * This is now at least partly done - code should never reach this point
+ * as willRun() already checked for the "none" status -- rgerhards, 2007-12-17
+ */
+ pause();
+ break;
+ }
+ RETiRet;
+}
+
+
+/* to be called in the module's WillRun entry point
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogWillRun(void)
+{
+ DEFiRet;
+ /* Initialize this module. If that fails, we tell the engine we don't like to run */
+ /* Determine where kernel logging information is to come from. */
+ logsrc = GetKernelLogSrc();
+ if(logsrc == none) {
+ iRet = RS_RET_NO_KERNEL_LOGSRC;
+ } else {
+ if (symbol_lookup) {
+ symbol_lookup = (InitKsyms(symfile) == 1);
+ symbol_lookup |= InitMsyms();
+ if (symbol_lookup == 0) {
+ imklogLogIntMsg(LOG_WARNING, "cannot find any symbols, turning off symbol lookups\n");
+ }
+ }
+ }
+
+ RETiRet;
+}
+
+
+/* to be called in the module's AfterRun entry point
+ * rgerhards, 2008-04-09
+ */
+rsRetVal klogAfterRun(void)
+{
+ DEFiRet;
+ /* cleanup here */
+ if(logsrc != none)
+ CloseLogSrc();
+
+ DeinitKsyms();
+ DeinitMsyms();
+
+ RETiRet;
+}
+
+
+/* provide the (system-specific) default facility for internal messages
+ * rgerhards, 2008-04-14
+ */
+int
+klogFacilIntMsg(void)
+{
+ return LOG_KERN;
+}
+
+
+/* vi:set ai:
+ */
diff --git a/rsyslog.h b/rsyslog.h
index 60931ed7..c73c659c 100644
--- a/rsyslog.h
+++ b/rsyslog.h
@@ -171,6 +171,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth
RS_RET_SMTP_ERROR = -2070, /**< error during SMTP transation */
RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */
RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */
+ RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */
/* RainerScript error messages (range 1000.. 1999) */
RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/syslogd.c b/syslogd.c
index 9bd852bb..bf4f5e67 100644
--- a/syslogd.c
+++ b/syslogd.c
@@ -216,7 +216,7 @@ static rsRetVal GlobalClassExit(void);
#if defined(SYSLOGD_PIDNAME)
# undef _PATH_LOGPID
# if defined(FSSTND)
-# ifdef BSD
+# ifdef OS_BSD
# define _PATH_VARRUN "/var/run/"
# endif
# if defined(__sun) || defined(__hpux)
diff --git a/tcpsrv.c b/tcpsrv.c
index ae5f3371..955fb9b5 100644
--- a/tcpsrv.c
+++ b/tcpsrv.c
@@ -327,7 +327,7 @@ static int *create_tcp_socket(tcpsrv_t *pThis)
/* We need to enable BSD compatibility. Otherwise an attacker
* could flood our log files by sending us tons of ICMP errors.
*/
-#ifndef BSD
+#ifndef OS_BSD
if(net.should_use_so_bsdcompat()) {
if (setsockopt(*s, SOL_SOCKET, SO_BSDCOMPAT,
(char *) &on, sizeof(on)) < 0) {