diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | action.c | 17 | ||||
| -rw-r--r-- | action.h | 4 | ||||
| -rw-r--r-- | doc/ommail.html | 22 | ||||
| -rw-r--r-- | doc/rsyslog_conf.html | 81 | ||||
| -rw-r--r-- | syslogd.c | 3 | ||||
| -rw-r--r-- | syslogd.h | 1 |
7 files changed, 104 insertions, 25 deletions
@@ -2,6 +2,7 @@ Version 3.17.0 (rgerhards), 2008-04-08 - added native ability to send mail messages - removed no longer needed file relptuil.c/.h +- added $ActionExecOnlyOnceEveryInterval config directive - bugfix: memory leaks in script engine - bugfix: zero-length strings were not supported in object deserializer @@ -504,6 +504,7 @@ actionWriteToAction(action_t *pAction) { msg_t *pMsgSave; /* to save current message pointer, necessary to restore it in case it needs to be updated (e.g. repeated msgs) */ + time_t now; DEFiRet; pMsgSave = NULL; /* indicate message poiner not saved */ @@ -542,7 +543,20 @@ actionWriteToAction(action_t *pAction) dbgprintf("Called action, logging to %s", module.GetStateName(pAction->pMod)); - time(&pAction->f_time); /* we need this for message repeation processing */ + time(&now); /* we need this for message repeation processing AND $ActionExecOnlyOnceEveryInterval */ + /* now check if we need to drop the message because otherwise the action would be too + * frequently called. -- rgerhards, 2008-04-08 + */ + if(pAction->f_time != 0 && pAction->iSecsExecOnceInterval + pAction->tLastExec > now) { + /* in this case we need to discard the message - its not yet time to exec the action */ + dbgprintf("action not yet ready again to be executed, onceInterval %d, tCurr %d, tNext %d\n", + (int) pAction->iSecsExecOnceInterval, (int) now, + (int) (pAction->iSecsExecOnceInterval + pAction->tLastExec)); + FINALIZE; + } + + pAction->tLastExec = now; /* we need this OnceInterval */ + pAction->f_time = now; /* we need this for message repeation processing */ /* When we reach this point, we have a valid, non-disabled action. * So let's enqueue our message for execution. -- rgerhards, 2007-07-24 @@ -718,6 +732,7 @@ addAction(action_t **ppAction, modInfo_t *pMod, void *pModData, omodStringReques pAction->pMod = pMod; pAction->pModData = pModData; pAction->bExecWhenPrevSusp = bActExecWhenPrevSusp; + pAction->iSecsExecOnceInterval = iActExecOnceInterval; /* check if we can obtain the template pointers - TODO: move to separate function? */ pAction->iNumTpls = OMSRgetEntryCount(pOMSR); @@ -39,8 +39,10 @@ extern int glbliActionResumeRetryCount; /* the following struct defines the action object data structure */ struct action_s { - time_t f_time; /* time this was last written */ + time_t f_time; /* used for "message repeated n times" - be careful, old, old code */ + time_t tLastExec; /* time this action was last executed */ int bExecWhenPrevSusp;/* execute only when previous action is suspended? */ + int iSecsExecOnceInterval; /* if non-zero, minimum seconds to wait until action is executed again */ short bEnabled; /* is the related action enabled (1) or disabled (0)? */ short bSuspended; /* is the related action temporarily suspended? */ time_t ttResumeRtry; /* when is it time to retry the resume? */ diff --git a/doc/ommail.html b/doc/ommail.html index e147e94c..74fab739 100644 --- a/doc/ommail.html +++ b/doc/ommail.html @@ -25,7 +25,16 @@ is used and the mail body will be a syslog message just as if it were written to a file. It is expected that the users customizes both messages. In an effort to support cell phones (including SMS gateways), there is an option to turn off the body part at all. This is considered -to be useful to send a short alert to a pager-like device.<span style="font-weight: bold;"></span> +to be useful to send a short alert to a pager-like device.<br> +<br> +It is highly recommended to use the "<span style="font-weight: bold;">$ActionExecOnlyOnceEveryInterval +<seconds></span>" directive to limit the amount of +mails that potentially be generated. With it, mails are sent at most in +a <seconds> interval. This may be your life safer. And +remember that an hour has 3,600 seconds, so if you would like to +receive mails at most once every two hours, include a +"$ActionExecOnlyOnceEveryInterval 7200" immediately before the ommail +action. Messages sent more frequently are simpy discarded.<span style="font-weight: bold;"></span> <p><b>Configuration Directives</b>:</p> <ul> <li><span style="font-weight: bold;">$ActionMailSMTPServer</span><br> @@ -84,15 +93,22 @@ disk fatal failure" is present inside a syslog message. The mail server at mail.example.net is used and the subject shall be "disk problem on <hostname>". Note how \r\n is included inside the body text -to create line breaks.<br> +to create line breaks. A message is sent at most once every 6 hours, +any other messages are silently discarded (or, to be precise, not being +forwarded - they are still being processed by the rest of the +configuration file).<br> </p> -<textarea rows="15" cols="60">$ModLoad ommail +<textarea rows="15" cols="80">$ModLoad ommail $ActionMailSMTPServer mail.example.net $ActionMailFrom rsyslog@example.net $ActionMailTo operator@example.net $template mailSubject,"disk problem on %hostname%" $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'" $ActionMailSubject mailSubject +# make sure we receive a mail only once in six +# hours (21,600 seconds ;)) +$ActionExecOnlyOnceEveryInterval 21600 +# the if ... then ... mailbody mus be on one line! if $msg contains 'hard disk fatal failure' then :ommail:;mailBody </textarea> <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 481abb38..8967f671 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -1,5 +1,7 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>rsyslog.conf file</title></head> +<html><head><title>rsyslog.conf file</title> + +</head> <body> <h1>rsyslog.conf configuration file</h1> <p><b>This document is currently being enhanced. Please @@ -26,22 +28,30 @@ number of modules. Here is the entry point to their documentation and what they do (list is currently not complete)</p> <ul> <li><a href="omsnmp.html">omsnmp</a> - SNMP -trap output module</li><li><a href="omrelp.html">omrelp</a> - RELP output module</li> +trap output module</li> +<li><a href="omrelp.html">omrelp</a> - RELP +output module</li> <li>omgss - output module for GSS-enabled syslog</li> <li>ommysql - output module for MySQL</li> <li>ompgsql - output module for PostgreSQL</li> <li><a href="omlibdbi.html">omlibdbi</a> - generic database output module (Firebird/Interbase, MS SQL, Sybase, -SQLLite, Ingres, Oracle, mSQL)</li><li><a href="ommail.html">ommail</a> - permits rsyslog to alert folks by mail if something important happens</li> +SQLLite, Ingres, Oracle, mSQL)</li> +<li><a href="ommail.html">ommail</a> - +permits rsyslog to alert folks by mail if something important happens</li> <li><a href="imfile.html">imfile</a> -- input module for text files</li><li><a href="imrelp.html">imrelp</a> - RELP input module</li> +- input module for text files</li> +<li><a href="imrelp.html">imrelp</a> - RELP +input module</li> <li>imudp - udp syslog message input</li> <li><a href="imtcp.html">imtcp</a> - input plugin for plain tcp syslog</li> <li><a href="imgssapi.html">imgssapi</a> - input plugin for plain tcp and GSS-enable syslog</li> <li>immark - support for mark messages</li> -<li>imklog - kernel logging</li><li><a href="imuxsock.html">imuxsock</a> - unix sockets, including the system log socket</li> +<li>imklog - kernel logging</li> +<li><a href="imuxsock.html">imuxsock</a> - +unix sockets, including the system log socket</li> </ul> <p>Please note that each module provides configuration directives, which are NOT necessarily being listed below. Also @@ -64,7 +74,19 @@ unstable...). So you have been warned ;)</p> many parameter settings modify queue parameters. If in doubt, use the default, it is usually well-chosen and applicable in most cases.</p> <ul> -<li><a href="rsconf1_actionexeconlywhenpreviousissuspended.html">$ActionExecOnlyWhenPreviousIsSuspended</a></li><li>$ActionFileDefaultTemplate [templateName] - sets a new default template for file actions</li><li>$ActionFileEnableSync [on/<span style="font-weight: bold;">off</span>] - enables file syncing capability of omfile</li><li>$ActionForwardDefaultTemplate [templateName] - sets a new default template for UDP and plain TCP forwarding action</li><li>$ActionGSSForwardDefaultTemplate [templateName] - sets a new default template for GSS-API forwarding action</li> +<li><a href="rsconf1_actionexeconlywhenpreviousissuspended.html">$ActionExecOnlyWhenPreviousIsSuspended</a></li> +<li>$ActionExecOnlyOnceEveryInterval <seconds> - +execute action only if the last execute is at last +<seconds> seconds in the past (more info in <a href="ommail.html">ommail</a>, +but may be used with any action)</li> +<li>$ActionFileDefaultTemplate [templateName] - sets a new +default template for file actions</li> +<li>$ActionFileEnableSync [on/<span style="font-weight: bold;">off</span>] - enables file +syncing capability of omfile</li> +<li>$ActionForwardDefaultTemplate [templateName] - sets a new +default template for UDP and plain TCP forwarding action</li> +<li>$ActionGSSForwardDefaultTemplate [templateName] - sets a +new default template for GSS-API forwarding action</li> <li>$ActionQueueCheckpointInterval <number></li> <li>$ActionQueueDequeueSlowdown <number> [number is timeout in <i> micro</i>seconds (1000000us is 1sec!), @@ -98,7 +120,8 @@ default 60000 (1 minute)]</li> worker threads, default 1, recommended 1</li> <li>$ActionQueueWorkerThreadMinumumMessages <number>, default 100</li> -<li><a href="rsconf1_actionresumeinterval.html">$ActionResumeInterval</a></li><li>$ActionResumeRetryCount <number> [default 0, +<li><a href="rsconf1_actionresumeinterval.html">$ActionResumeInterval</a></li> +<li>$ActionResumeRetryCount <number> [default 0, -1 means eternal]</li> <li><a href="rsconf1_allowedsender.html">$AllowedSender</a></li> <li><a href="rsconf1_controlcharacterescapeprefix.html">$ControlCharacterEscapePrefix</a></li> @@ -166,11 +189,11 @@ worker threads, default 1, recommended 1</li> (immark)</li> <li><a href="rsconf1_moddir.html">$ModDir</a></li> <li><a href="rsconf1_modload.html">$ModLoad</a></li> - <li><a href="rsconf1_repeatedmsgreduction.html">$RepeatedMsgReduction</a></li> <li><a href="rsconf1_resetconfigvariables.html">$ResetConfigVariables</a></li> <li>$WorkDirectory <name> (directory for spool -and other work files)</li><li>$UDPServerAddress <IP> (imudp) -- local IP +and other work files)</li> +<li>$UDPServerAddress <IP> (imudp) -- local IP address (or name) the UDP listens should bind to</li> <li>$UDPServerRun <port> (imudp) -- former -r<port> option, default 514, start UDP server on this @@ -302,18 +325,29 @@ template:</p> DynFile,"/var/log/system-%HOSTNAME%.log"</code></blockquote> <p>This template can then be used when defining an output selector line. It will result in something like -"/var/log/system-localhost.log"</p><p>Template +"/var/log/system-localhost.log"</p> +<p>Template names beginning with "RSYSLOG_" are reserved for rsyslog use. Do NOT use them if, otherwise you may receive a conflict in the future (and quite unpredictable behaviour). There is a small set of pre-defined -templates that you can use without the need to define it:</p><ul><li><span style="font-weight: bold;">RSYSLOG_TraditionalFileFormat</span> - the "old style" default log file format with low-precision timestamps</li><li><span style="font-weight: bold;">RSYSLOG_FileFormat</span> - a modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information</li><li><span style="font-weight: bold;">RSYSLOG_TraditionalForwardFormat</span> +templates that you can use without the need to define it:</p> +<ul> +<li><span style="font-weight: bold;">RSYSLOG_TraditionalFileFormat</span> +- the "old style" default log file format with low-precision timestamps</li> +<li><span style="font-weight: bold;">RSYSLOG_FileFormat</span> +- a modern-style logfile format similar to TraditionalFileFormat, buth +with high-precision timestamps and timezone information</li> +<li><span style="font-weight: bold;">RSYSLOG_TraditionalForwardFormat</span> - the traditional forwarding format with low-precision timestamps. Most -useful if you send messages to other syslogd's or rsyslogd below -version 3.12.5.</li><li><span style="font-weight: bold;">RSYSLOG_ForwardFormat</span> +useful if you send messages to other syslogd's or rsyslogd +below +version 3.12.5.</li> +<li><span style="font-weight: bold;">RSYSLOG_ForwardFormat</span> - a new high-precision forwarding format very similar to the traditional one, but with high-precision timestamps and timezone information. Recommended to be used when sending messages to rsyslog -3.12.5 or above.</li><li><span style="font-weight: bold;">RSYSLOG_SyslogProtocol23Format</span> +3.12.5 or above.</li> +<li><span style="font-weight: bold;">RSYSLOG_SyslogProtocol23Format</span> - the format specified in IETF's internet-draft ietf-syslog-protocol-23, which is assumed to be come the new syslog standard RFC. This format includes several improvements. The rsyslog @@ -321,7 +355,8 @@ message parser understands this format, so you can use it together with all relatively recent versions of rsyslog. Other syslogd's may get hopelessly confused if receiving that format, so check before you use it. Note that the format is unlikely to change when the final RFC comes -out, but this may happen.</li></ul> +out, but this may happen.</li> +</ul> <h2>Output Channels</h2> <p>Output Channels are a new concept first introduced in rsyslog 0.9.0. <b>As of this writing, it is most likely that they will @@ -524,7 +559,8 @@ once they are implemented, it can make very much sense </tr> <tr> <td>regex</td> -<td>Compares the property against the provided POSIX regular +<td>Compares the property against the provided POSIX +regular expression.</td> </tr> </tbody> @@ -567,10 +603,12 @@ code), this can be done easily by:</p> "ID-4711". Please note that the comparison is case-sensitive, so it would not match if "id-4711" would be contained in the message.</p> <p><code><b>:msg, regex, "fatal .* error"</b></code></p> -<p>This filter uses a POSIX regular expression. It matches when the +<p>This filter uses a POSIX regular expression. It matches when +the string contains the words "fatal" and "error" with anything in between (e.g. "fatal net error" and "fatal lib error" but not "fatal error" as -two spaces are required by the regular expression!).</p><p>Getting property-based filters right can sometimes be +two spaces are required by the regular expression!).</p> +<p>Getting property-based filters right can sometimes be challenging. In order to help you do it with as minimal effort as possible, rsyslogd spits out debug information for all property-based filters during their evaluation. To enable this, run rsyslogd in @@ -635,9 +673,12 @@ startswith 'DEVNAME' and <span style="font-weight: bold;">not</span> ($msg contains 'error1' or $msg contains 'error0') then /var/log/somelog<br> </code> -<br>If you would like to do case-insensitive comparisons, use +<br> +If you would like to do case-insensitive comparisons, use "contains_i" instead of "contains" and "startswith_i" instead of -"startswith".<br><br>Note that regular expressions are currently NOT +"startswith".<br> +<br> +Note that regular expressions are currently NOT supported in expression-based filters. These will be added later when function support is added to the expression engine (the reason is that regular expressions will be a separate loadable module, which requires @@ -301,6 +301,7 @@ static uchar cCCEscapeChar = '\\';/* character to be used to start an escape seq static int bEscapeCCOnRcv = 1; /* escape control characters on reception: 0 - no, 1 - yes */ int bReduceRepeatMsgs; /* reduce repeated message - 0 - no, 1 - yes */ int bActExecWhenPrevSusp; /* execute action only when previous one was suspended? */ +int iActExecOnceInterval = 0; /* execute action once every nn seconds */ uchar *pszWorkDir = NULL;/* name of rsyslog's spool directory (without trailing slash) */ uchar *glblModPath = NULL; /* module load path - only used during initial init, only settable via -M command line option */ /* end global config file state variables */ @@ -379,6 +380,7 @@ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __a { cCCEscapeChar = '#'; bActExecWhenPrevSusp = 0; + iActExecOnceInterval = 0; bDebugPrintTemplateList = 1; bDebugPrintCfSysLineHandlerList = 1; bDebugPrintModuleList = 1; @@ -2692,6 +2694,7 @@ static rsRetVal loadBuildInModules(void) CHKiRet(regCfSysLineHdlr((uchar *)"mainmsgqueuedequeuetimeend", 0, eCmdHdlrInt, NULL, &iMainMsgQueueDeqtWinToHr, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"repeatedmsgreduction", 0, eCmdHdlrBinary, NULL, &bReduceRepeatMsgs, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlywhenpreviousissuspended", 0, eCmdHdlrBinary, NULL, &bActExecWhenPrevSusp, NULL)); + CHKiRet(regCfSysLineHdlr((uchar *)"actionexeconlyonceeveryinterval", 0, eCmdHdlrInt, NULL, &iActExecOnceInterval, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"actionresumeinterval", 0, eCmdHdlrInt, setActionResumeInterval, NULL, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"controlcharacterescapeprefix", 0, eCmdHdlrGetChar, NULL, &cCCEscapeChar, NULL)); CHKiRet(regCfSysLineHdlr((uchar *)"escapecontrolcharactersonreceive", 0, eCmdHdlrBinary, NULL, &bEscapeCCOnRcv, NULL)); @@ -149,6 +149,7 @@ extern char ctty[]; extern int MarkInterval; extern int bReduceRepeatMsgs; extern int bActExecWhenPrevSusp; +extern int iActExecOnceInterval; /* Intervals at which we flush out "message repeated" messages, * in seconds after previous message is logged. After each flush, |