summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--dirty.h2
-rw-r--r--doc/property_replacer.html27
-rw-r--r--plugins/imfile/imfile.c1
-rw-r--r--plugins/imklog/imklog.c2
-rw-r--r--plugins/imrelp/imrelp.c2
-rw-r--r--plugins/imudp/imudp.c2
-rw-r--r--plugins/imuxsock/imuxsock.c2
-rw-r--r--runtime/msg.c37
-rw-r--r--runtime/msg.h5
-rw-r--r--runtime/obj.c2
-rw-r--r--tcps_sess.c12
-rw-r--r--tools/syslogd.c23
13 files changed, 105 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 62b84500..e9708572 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ Version 3.21.5 [DEVEL] (rgerhards), 2008-09-??
- added new capability to property replacer: multiple immediately
successive field delimiters are treated as a single one.
Thanks to Zhuang Yuyao for the patch.
+- added message property "inputname", which contains the name of the
+ input (module) that generated it. Presence is depending on suport in
+ each input module (else it is blank).
+- added system property "$myhostname", which contains the name of the
+ local host as it knows itself.
---------------------------------------------------------------------------
Version 3.21.4 [DEVEL] (rgerhards), 2008-09-04
- removed compile time fixed message size limit (was 2K), limit can now
diff --git a/dirty.h b/dirty.h
index 8aa2ed4f..74c1ea86 100644
--- a/dirty.h
+++ b/dirty.h
@@ -40,7 +40,7 @@
rsRetVal submitMsg(msg_t *pMsg);
rsRetVal logmsgInternal(int iErr, int pri, uchar *msg, int flags);
-rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType);
+rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlTypeu, uchar *pszInputName);
/* TODO: the following 2 need to go in conf obj interface... */
rsRetVal cflineParseTemplateName(uchar** pp, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts, uchar *dfltTplName);
diff --git a/doc/property_replacer.html b/doc/property_replacer.html
index ad3ae552..f666fb76 100644
--- a/doc/property_replacer.html
+++ b/doc/property_replacer.html
@@ -72,7 +72,7 @@ BSD syslogd. For example, when TAG is "named[12345]", programname is
"syslog.info")</td>
</tr>
<tr>
-<td><span style="font-weight: bold;">iut</span></td>
+<td><b>iut</b></td>
<td>the monitorware InfoUnitType - used when talking
to a <a href="http://www.monitorware.com">MonitorWare</a>
backend (also for <a href="http://www.phplogcon.org/">phpLogCon</a>)</td>
@@ -138,10 +138,26 @@ draft-ietf-syslog-protocol</td>
draft-ietf-syslog-protocol</td>
</tr>
<tr>
-<td height="24"><b>msgid</b></td>
-<td height="24">The contents of the MSGID field from
+<td><b>msgid</b></td>
+<td>The contents of the MSGID field from
IETF draft draft-ietf-syslog-protocol</td>
</tr>
+<td><b>inputname</b></td>
+<td>The name of the input module that generated the
+message (e.g. "imuxsock", "imudp"). Note that not all modules
+necessarily provide this property. If not provided, it is an
+empty string. Also note that the input module may provide
+any value of its liking. Most importantly, it is <b>not</b>
+necessarily the module input name. Internal sources can also
+provide inputnames. Currently, "rsyslogd" is defined as inputname
+for messages internally generated by rsyslogd, for example startup
+and shutdown and error messages.
+This property is considered useful when trying to filter messages
+based on where they originated - e.g. locally generated messages
+("rsyslogd", "imuxsock", "imklog") should go to a different place
+than messages generated somewhere.
+</td>
+</tr>
<tr>
<td><b>$now</b></td>
<td>The current date stamp in the format YYYY-MM-DD</td>
@@ -177,6 +193,11 @@ range from 0 to 3 (for the four quater hours that are in each hour)</td>
<td><b>$minute</b></td>
<td>The current minute (2-digit)</td>
</tr>
+<tr>
+<td><b>$myhostname</b></td>
+<td>The name of the current host as it knows itself (probably useful
+for filtering in a generic way)</td>
+</tr>
</tbody>
</table>
<p>Properties starting with a $-sign are so-called system
diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
index 3bc07b9c..e8e10fca 100644
--- a/plugins/imfile/imfile.c
+++ b/plugins/imfile/imfile.c
@@ -94,6 +94,7 @@ static rsRetVal enqLine(fileInfo_t *pInfo, cstr_t *cstrLine)
CHKiRet(msgConstruct(&pMsg));
MsgSetFlowControlType(pMsg, eFLOWCTL_FULL_DELAY);
+ MsgSetInputName(pMsg, "imfile");
MsgSetUxTradMsg(pMsg, (char*)rsCStrGetSzStr(cstrLine));
MsgSetRawMsg(pMsg, (char*)rsCStrGetSzStr(cstrLine));
MsgSetMSG(pMsg, (char*)rsCStrGetSzStr(cstrLine));
diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c
index 1fbc2874..9fb2f239 100644
--- a/plugins/imklog/imklog.c
+++ b/plugins/imklog/imklog.c
@@ -94,6 +94,8 @@ enqMsg(uchar *msg, uchar* pszTag, int iFacility, int iSeverity)
CHKiRet(msgConstruct(&pMsg));
MsgSetFlowControlType(pMsg, eFLOWCTL_LIGHT_DELAY);
+ MsgSetInputName(pMsg, "imklog");
+ MsgSetRawMsg(pMsg, (char*)msg);
MsgSetUxTradMsg(pMsg, (char*)msg);
MsgSetRawMsg(pMsg, (char*)msg);
MsgSetMSG(pMsg, (char*)msg);
diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c
index 5c9bbce1..b01dd98b 100644
--- a/plugins/imrelp/imrelp.c
+++ b/plugins/imrelp/imrelp.c
@@ -84,7 +84,7 @@ onSyslogRcv(uchar *pHostname, uchar __attribute__((unused)) *pIP, uchar *pMsg, s
{
DEFiRet;
parseAndSubmitMessage(pHostname, (uchar*) "[unset]", pMsg, lenMsg, MSG_PARSE_HOSTNAME,
- NOFLAG, eFLOWCTL_LIGHT_DELAY);
+ NOFLAG, eFLOWCTL_LIGHT_DELAY, (uchar*)"imrelp");
RETiRet;
}
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index 92d930d4..64413e45 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -196,7 +196,7 @@ CODESTARTrunInput
if(net.isAllowedSender(net.pAllowedSenders_UDP,
(struct sockaddr *)&frominet, (char*)fromHostFQDN)) {
parseAndSubmitMessage(fromHost, fromHostIP, pRcvBuf, l,
- MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY);
+ MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY, (uchar*)"imudp");
} else {
dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN);
if(glbl.GetOption_DisallowWarning) {
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 6e0fa1d3..d94ee34c 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -221,7 +221,7 @@ static rsRetVal readSocket(int fd, int iSock)
if (iRcvd > 0) {
parseAndSubmitMessage(funixHName[iSock] == NULL ? glbl.GetLocalHostName() : funixHName[iSock],
(uchar*)"127.0.0.1", pRcv,
- iRcvd, funixParseHost[iSock], funixFlags[iSock], funixFlowCtl[iSock]);
+ iRcvd, funixParseHost[iSock], funixFlags[iSock], funixFlowCtl[iSock], (uchar*)"imuxsock");
} else if (iRcvd < 0 && errno != EINTR) {
char errStr[1024];
rs_strerror_r(errno, errStr, sizeof(errStr));
diff --git a/runtime/msg.c b/runtime/msg.c
index 28cb235a..f4eb9414 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -42,6 +42,7 @@
#include "msg.h"
#include "var.h"
#include "datetime.h"
+#include "glbl.h"
#include "regexp.h"
#include "atomic.h"
@@ -49,6 +50,7 @@
DEFobjStaticHelpers
DEFobjCurrIf(var)
DEFobjCurrIf(datetime)
+DEFobjCurrIf(glbl)
DEFobjCurrIf(regexp)
static syslogCODE rs_prioritynames[] =
@@ -287,6 +289,8 @@ CODESTARTobjDestruct(msg)
free(pThis->pszTAG);
if(pThis->pszHOSTNAME != NULL)
free(pThis->pszHOSTNAME);
+ if(pThis->pszInputName != NULL)
+ free(pThis->pszInputName);
if(pThis->pszRcvFrom != NULL)
free(pThis->pszRcvFrom);
if(pThis->pszRcvFromIP != NULL)
@@ -453,6 +457,7 @@ static rsRetVal MsgSerialize(msg_t *pThis, strm_t *pStrm)
objSerializePTR(pStrm, pszUxTradMsg, PSZ);
objSerializePTR(pStrm, pszTAG, PSZ);
objSerializePTR(pStrm, pszHOSTNAME, PSZ);
+ objSerializePTR(pStrm, pszInputName, PSZ);
objSerializePTR(pStrm, pszRcvFrom, PSZ);
objSerializePTR(pStrm, pszRcvFromIP, PSZ);
@@ -1219,6 +1224,18 @@ char *getHOSTNAME(msg_t *pM)
}
+uchar *getInputName(msg_t *pM)
+{
+ if(pM == NULL)
+ return (uchar*) "";
+ else
+ if(pM->pszInputName == NULL)
+ return (uchar*) "";
+ else
+ return pM->pszInputName;
+}
+
+
char *getRcvFrom(msg_t *pM)
{
if(pM == NULL)
@@ -1399,6 +1416,19 @@ static int getAPPNAMELen(msg_t *pM)
return (pM->pCSAPPNAME == NULL) ? 0 : rsCStrLen(pM->pCSAPPNAME);
}
+/* rgerhards 2008-09-10: set pszInputName in msg object
+ */
+void MsgSetInputName(msg_t *pMsg, char* pszInputName)
+{
+ assert(pMsg != NULL);
+ if(pMsg->pszInputName != NULL)
+ free(pMsg->pszInputName);
+
+ pMsg->iLenInputName = strlen(pszInputName);
+ if((pMsg->pszInputName = malloc(pMsg->iLenInputName + 1)) != NULL) {
+ memcpy(pMsg->pszInputName, pszInputName, pMsg->iLenInputName + 1);
+ }
+}
/* rgerhards 2004-11-16: set pszRcvFrom in msg object
*/
@@ -1685,6 +1715,8 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
pRes = getRawMsg(pMsg);
} else if(!strcmp((char*) pName, "uxtradmsg")) {
pRes = getUxTradMsg(pMsg);
+ } else if(!strcmp((char*) pName, "inputname")) {
+ pRes = (char*) getInputName(pMsg);
} else if(!strcmp((char*) pName, "fromhost")) {
pRes = getRcvFrom(pMsg);
} else if(!strcmp((char*) pName, "fromhost-ip")) {
@@ -1772,6 +1804,8 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
return "***OUT OF MEMORY***";
} else
*pbMustBeFreed = 1; /* all of these functions allocate dyn. memory */
+ } else if(!strcmp((char*) pName, "$myhostname")) {
+ pRes = (char*) glbl.GetLocalHostName();
} else {
/* there is no point in continuing, we may even otherwise render the
* error message unreadable. rgerhards, 2007-07-10
@@ -2368,6 +2402,8 @@ rsRetVal MsgSetProperty(msg_t *pThis, var_t *pProp)
MsgSetUxTradMsg(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr));
} else if(isProp("pszTAG")) {
MsgSetTAG(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr));
+ } else if(isProp("pszInputName")) {
+ MsgSetInputName(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr));
} else if(isProp("pszRcvFromIP")) {
MsgSetRcvFromIP(pThis, rsCStrGetSzStrNoNULL(pProp->val.pStr));
} else if(isProp("pszRcvFrom")) {
@@ -2430,6 +2466,7 @@ BEGINObjClassInit(msg, 1, OBJ_IS_CORE_MODULE)
/* request objects we use */
CHKiRet(objUse(var, CORE_COMPONENT));
CHKiRet(objUse(datetime, CORE_COMPONENT));
+ CHKiRet(objUse(glbl, CORE_COMPONENT));
/* set our own handlers */
OBJSetMethodHandler(objMethod_SERIALIZE, MsgSerialize);
diff --git a/runtime/msg.h b/runtime/msg.h
index c428237a..21cb2c64 100644
--- a/runtime/msg.h
+++ b/runtime/msg.h
@@ -91,9 +91,11 @@ struct msg {
int iLenRcvFrom; /* Length of pszRcvFrom */
uchar *pszRcvFromIP; /* IP of system message was received from */
int iLenRcvFromIP; /* Length of pszRcvFromIP */
+ uchar *pszInputName; /* name of the input module that submitted this message */
+ int iLenInputName; /* Length of pszInputName */
short iProtocolVersion;/* protocol version of message received 0 - legacy, 1 syslog-protocol) */
cstr_t *pCSProgName; /* the (BSD) program name */
- cstr_t *pCSStrucData;/* STRUCTURED-DATA */
+ cstr_t *pCSStrucData; /* STRUCTURED-DATA */
cstr_t *pCSAPPNAME; /* APP-NAME */
cstr_t *pCSPROCID; /* PROCID */
cstr_t *pCSMSGID; /* MSGID */
@@ -135,6 +137,7 @@ char *getSeverity(msg_t *pM);
char *getSeverityStr(msg_t *pM);
char *getFacility(msg_t *pM);
char *getFacilityStr(msg_t *pM);
+void MsgSetInputName(msg_t *pMsg, char*);
rsRetVal MsgSetAPPNAME(msg_t *pMsg, char* pszAPPNAME);
char *getAPPNAME(msg_t *pM);
rsRetVal MsgSetPROCID(msg_t *pMsg, char* pszPROCID);
diff --git a/runtime/obj.c b/runtime/obj.c
index 082aa691..2a9df9ed 100644
--- a/runtime/obj.c
+++ b/runtime/obj.c
@@ -780,7 +780,7 @@ Deserialize(void *ppObj, uchar *pszTypeExpected, strm_t *pStrm, rsRetVal (*fFixu
DEFiRet;
rsRetVal iRetLocal;
obj_t *pObj = NULL;
- int oVers = 0; /* after all, it is totally useless but takes up some execution time... */
+ int oVers = 0; /* keep compiler happy, but it is totally useless but takes up some execution time... */
cstr_t *pstrID = NULL;
objInfo_t *pObjInfo;
diff --git a/tcps_sess.c b/tcps_sess.c
index 0cb23fd0..f5420fc0 100644
--- a/tcps_sess.c
+++ b/tcps_sess.c
@@ -229,7 +229,8 @@ PrepareClose(tcps_sess_t *pThis)
* this case.
*/
dbgprintf("Extra data at end of stream in legacy syslog/tcp message - processing\n");
- parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY);
+ parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME,
+ NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */
pThis->bAtStrtOfFram = 1;
}
@@ -311,7 +312,8 @@ processDataRcvd(tcps_sess_t *pThis, char c)
if(pThis->iMsg >= iMaxLine) {
/* emergency, we now need to flush, no matter if we are at end of message or not... */
dbgprintf("error: message received is larger than max msg size, we split it\n");
- parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY);
+ parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg,
+ MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */
pThis->iMsg = 0;
/* we might think if it is better to ignore the rest of the
* message than to treat it as a new one. Maybe this is a good
@@ -321,7 +323,8 @@ processDataRcvd(tcps_sess_t *pThis, char c)
}
if(c == '\n' && pThis->eFraming == TCP_FRAMING_OCTET_STUFFING) { /* record delemiter? */
- parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY);
+ parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg,
+ MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */
pThis->iMsg = 0;
pThis->inputState = eAtStrtFram;
} else {
@@ -339,7 +342,8 @@ processDataRcvd(tcps_sess_t *pThis, char c)
pThis->iOctetsRemain--;
if(pThis->iOctetsRemain < 1) {
/* we have end of frame! */
- parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY);
+ parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg,
+ MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */
pThis->iMsg = 0;
pThis->inputState = eAtStrtFram;
}
diff --git a/tools/syslogd.c b/tools/syslogd.c
index bf42a7ef..96fbee05 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -576,8 +576,14 @@ void untty(void)
* rgerhards, 2008-05-16:
* I added an additional calling parameter (hnameIP) to enable specifying the IP
* of a remote host.
+ *
+ * rgerhards, 2008-09-11:
+ * Interface change: added new parameter "InputName", permits the input to provide
+ * a string that identifies it. May be NULL, but must be a valid char* pointer if
+ * non-NULL.
*/
-rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int flags, flowControl_t flowCtlType)
+rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int flags, flowControl_t flowCtlType,
+ uchar *pszInputName)
{
DEFiRet;
register uchar *p;
@@ -586,6 +592,8 @@ rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int
/* Now it is time to create the message object (rgerhards) */
CHKiRet(msgConstruct(&pMsg));
+ if(pszInputName != NULL)
+ MsgSetInputName(pMsg, (char*) pszInputName);
MsgSetFlowControlType(pMsg, flowCtlType);
MsgSetRawMsg(pMsg, (char*)msg);
@@ -671,9 +679,15 @@ finalize_it:
* rgerhards, 2008-05-16:
* I added an additional calling parameter (hnameIP) to enable specifying the IP
* of a remote host.
+ *
+ * rgerhards, 2008-09-11:
+ * Interface change: added new parameter "InputName", permits the input to provide
+ * a string that identifies it. May be NULL, but must be a valid char* pointer if
+ * non-NULL.
*/
rsRetVal
-parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType)
+parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType,
+ uchar *pszInputName)
{
DEFiRet;
register int iMsg;
@@ -786,7 +800,7 @@ parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bPa
*/
if(iMsg == iMaxLine) {
*(pMsg + iMsg) = '\0'; /* space *is* reserved for this! */
- printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType);
+ printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType, pszInputName);
} else {
/* This case in theory never can happen. If it happens, we have
* a logic error. I am checking for it, because if I would not,
@@ -838,7 +852,7 @@ parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bPa
*(pMsg + iMsg) = '\0'; /* space *is* reserved for this! */
/* typically, we should end up here! */
- printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType);
+ printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType, pszInputName);
finalize_it:
if(tmpline != NULL)
@@ -881,6 +895,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags)
DEFiRet;
CHKiRet(msgConstruct(&pMsg));
+ MsgSetInputName(pMsg, "rsyslogd");
MsgSetUxTradMsg(pMsg, (char*)msg);
MsgSetRawMsg(pMsg, (char*)msg);
MsgSetHOSTNAME(pMsg, (char*)glbl.GetLocalHostName());