From 262f61d869b95f63b393ae48d683b13e70322478 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 10 Sep 2008 15:59:53 +0200 Subject: added properties "inputname" and "$myhostname" - added message property "inputname", which contains the name of the input (module) that generated it. Presence is depending on suport in each input module (else it is blank). - added system property "$myhostname", which contains the name of the local host as it knows itself. --- ChangeLog | 5 +++++ dirty.h | 2 +- doc/property_replacer.html | 27 ++++++++++++++++++++++++--- plugins/imfile/imfile.c | 1 + plugins/imklog/imklog.c | 2 ++ plugins/imrelp/imrelp.c | 2 +- plugins/imudp/imudp.c | 2 +- plugins/imuxsock/imuxsock.c | 2 +- runtime/msg.c | 37 +++++++++++++++++++++++++++++++++++++ runtime/msg.h | 5 ++++- runtime/obj.c | 2 +- tcps_sess.c | 12 ++++++++---- tools/syslogd.c | 23 +++++++++++++++++++---- 13 files changed, 105 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 62b84500..e9708572 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ Version 3.21.5 [DEVEL] (rgerhards), 2008-09-?? - added new capability to property replacer: multiple immediately successive field delimiters are treated as a single one. Thanks to Zhuang Yuyao for the patch. +- added message property "inputname", which contains the name of the + input (module) that generated it. Presence is depending on suport in + each input module (else it is blank). +- added system property "$myhostname", which contains the name of the + local host as it knows itself. --------------------------------------------------------------------------- Version 3.21.4 [DEVEL] (rgerhards), 2008-09-04 - removed compile time fixed message size limit (was 2K), limit can now diff --git a/dirty.h b/dirty.h index 8aa2ed4f..74c1ea86 100644 --- a/dirty.h +++ b/dirty.h @@ -40,7 +40,7 @@ rsRetVal submitMsg(msg_t *pMsg); rsRetVal logmsgInternal(int iErr, int pri, uchar *msg, int flags); -rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType); +rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlTypeu, uchar *pszInputName); /* TODO: the following 2 need to go in conf obj interface... */ rsRetVal cflineParseTemplateName(uchar** pp, omodStringRequest_t *pOMSR, int iEntry, int iTplOpts, uchar *dfltTplName); diff --git a/doc/property_replacer.html b/doc/property_replacer.html index ad3ae552..f666fb76 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -72,7 +72,7 @@ BSD syslogd. For example, when TAG is "named[12345]", programname is "syslog.info") -iut +iut the monitorware InfoUnitType - used when talking to a MonitorWare backend (also for phpLogCon) @@ -138,10 +138,26 @@ draft-ietf-syslog-protocol draft-ietf-syslog-protocol -msgid -The contents of the MSGID field from +msgid +The contents of the MSGID field from IETF draft draft-ietf-syslog-protocol +inputname +The name of the input module that generated the +message (e.g. "imuxsock", "imudp"). Note that not all modules +necessarily provide this property. If not provided, it is an +empty string. Also note that the input module may provide +any value of its liking. Most importantly, it is not +necessarily the module input name. Internal sources can also +provide inputnames. Currently, "rsyslogd" is defined as inputname +for messages internally generated by rsyslogd, for example startup +and shutdown and error messages. +This property is considered useful when trying to filter messages +based on where they originated - e.g. locally generated messages +("rsyslogd", "imuxsock", "imklog") should go to a different place +than messages generated somewhere. + + $now The current date stamp in the format YYYY-MM-DD @@ -177,6 +193,11 @@ range from 0 to 3 (for the four quater hours that are in each hour) $minute The current minute (2-digit) + +$myhostname +The name of the current host as it knows itself (probably useful +for filtering in a generic way) +

Properties starting with a $-sign are so-called system diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c index 3bc07b9c..e8e10fca 100644 --- a/plugins/imfile/imfile.c +++ b/plugins/imfile/imfile.c @@ -94,6 +94,7 @@ static rsRetVal enqLine(fileInfo_t *pInfo, cstr_t *cstrLine) CHKiRet(msgConstruct(&pMsg)); MsgSetFlowControlType(pMsg, eFLOWCTL_FULL_DELAY); + MsgSetInputName(pMsg, "imfile"); MsgSetUxTradMsg(pMsg, (char*)rsCStrGetSzStr(cstrLine)); MsgSetRawMsg(pMsg, (char*)rsCStrGetSzStr(cstrLine)); MsgSetMSG(pMsg, (char*)rsCStrGetSzStr(cstrLine)); diff --git a/plugins/imklog/imklog.c b/plugins/imklog/imklog.c index 1fbc2874..9fb2f239 100644 --- a/plugins/imklog/imklog.c +++ b/plugins/imklog/imklog.c @@ -94,6 +94,8 @@ enqMsg(uchar *msg, uchar* pszTag, int iFacility, int iSeverity) CHKiRet(msgConstruct(&pMsg)); MsgSetFlowControlType(pMsg, eFLOWCTL_LIGHT_DELAY); + MsgSetInputName(pMsg, "imklog"); + MsgSetRawMsg(pMsg, (char*)msg); MsgSetUxTradMsg(pMsg, (char*)msg); MsgSetRawMsg(pMsg, (char*)msg); MsgSetMSG(pMsg, (char*)msg); diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index 5c9bbce1..b01dd98b 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -84,7 +84,7 @@ onSyslogRcv(uchar *pHostname, uchar __attribute__((unused)) *pIP, uchar *pMsg, s { DEFiRet; parseAndSubmitMessage(pHostname, (uchar*) "[unset]", pMsg, lenMsg, MSG_PARSE_HOSTNAME, - NOFLAG, eFLOWCTL_LIGHT_DELAY); + NOFLAG, eFLOWCTL_LIGHT_DELAY, (uchar*)"imrelp"); RETiRet; } diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c index 92d930d4..64413e45 100644 --- a/plugins/imudp/imudp.c +++ b/plugins/imudp/imudp.c @@ -196,7 +196,7 @@ CODESTARTrunInput if(net.isAllowedSender(net.pAllowedSenders_UDP, (struct sockaddr *)&frominet, (char*)fromHostFQDN)) { parseAndSubmitMessage(fromHost, fromHostIP, pRcvBuf, l, - MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY); + MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY, (uchar*)"imudp"); } else { dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN); if(glbl.GetOption_DisallowWarning) { diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index 6e0fa1d3..d94ee34c 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -221,7 +221,7 @@ static rsRetVal readSocket(int fd, int iSock) if (iRcvd > 0) { parseAndSubmitMessage(funixHName[iSock] == NULL ? glbl.GetLocalHostName() : funixHName[iSock], (uchar*)"127.0.0.1", pRcv, - iRcvd, funixParseHost[iSock], funixFlags[iSock], funixFlowCtl[iSock]); + iRcvd, funixParseHost[iSock], funixFlags[iSock], funixFlowCtl[iSock], (uchar*)"imuxsock"); } else if (iRcvd < 0 && errno != EINTR) { char errStr[1024]; rs_strerror_r(errno, errStr, sizeof(errStr)); diff --git a/runtime/msg.c b/runtime/msg.c index 28cb235a..f4eb9414 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -42,6 +42,7 @@ #include "msg.h" #include "var.h" #include "datetime.h" +#include "glbl.h" #include "regexp.h" #include "atomic.h" @@ -49,6 +50,7 @@ DEFobjStaticHelpers DEFobjCurrIf(var) DEFobjCurrIf(datetime) +DEFobjCurrIf(glbl) DEFobjCurrIf(regexp) static syslogCODE rs_prioritynames[] = @@ -287,6 +289,8 @@ CODESTARTobjDestruct(msg) free(pThis->pszTAG); if(pThis->pszHOSTNAME != NULL) free(pThis->pszHOSTNAME); + if(pThis->pszInputName != NULL) + free(pThis->pszInputName); if(pThis->pszRcvFrom != NULL) free(pThis->pszRcvFrom); if(pThis->pszRcvFromIP != NULL) @@ -453,6 +457,7 @@ static rsRetVal MsgSerialize(msg_t *pThis, strm_t *pStrm) objSerializePTR(pStrm, pszUxTradMsg, PSZ); objSerializePTR(pStrm, pszTAG, PSZ); objSerializePTR(pStrm, pszHOSTNAME, PSZ); + objSerializePTR(pStrm, pszInputName, PSZ); objSerializePTR(pStrm, pszRcvFrom, PSZ); objSerializePTR(pStrm, pszRcvFromIP, PSZ); @@ -1219,6 +1224,18 @@ char *getHOSTNAME(msg_t *pM) } +uchar *getInputName(msg_t *pM) +{ + if(pM == NULL) + return (uchar*) ""; + else + if(pM->pszInputName == NULL) + return (uchar*) ""; + else + return pM->pszInputName; +} + + char *getRcvFrom(msg_t *pM) { if(pM == NULL) @@ -1399,6 +1416,19 @@ static int getAPPNAMELen(msg_t *pM) return (pM->pCSAPPNAME == NULL) ? 0 : rsCStrLen(pM->pCSAPPNAME); } +/* rgerhards 2008-09-10: set pszInputName in msg object + */ +void MsgSetInputName(msg_t *pMsg, char* pszInputName) +{ + assert(pMsg != NULL); + if(pMsg->pszInputName != NULL) + free(pMsg->pszInputName); + + pMsg->iLenInputName = strlen(pszInputName); + if((pMsg->pszInputName = malloc(pMsg->iLenInputName + 1)) != NULL) { + memcpy(pMsg->pszInputName, pszInputName, pMsg->iLenInputName + 1); + } +} /* rgerhards 2004-11-16: set pszRcvFrom in msg object */ @@ -1685,6 +1715,8 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, pRes = getRawMsg(pMsg); } else if(!strcmp((char*) pName, "uxtradmsg")) { pRes = getUxTradMsg(pMsg); + } else if(!strcmp((char*) pName, "inputname")) { + pRes = (char*) getInputName(pMsg); } else if(!strcmp((char*) pName, "fromhost")) { pRes = getRcvFrom(pMsg); } else if(!strcmp((char*) pName, "fromhost-ip")) { @@ -1772,6 +1804,8 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, return "***OUT OF MEMORY***"; } else *pbMustBeFreed = 1; /* all of these functions allocate dyn. memory */ + } else if(!strcmp((char*) pName, "$myhostname")) { + pRes = (char*) glbl.GetLocalHostName(); } else { /* there is no point in continuing, we may even otherwise render the * error message unreadable. rgerhards, 2007-07-10 @@ -2368,6 +2402,8 @@ rsRetVal MsgSetProperty(msg_t *pThis, var_t *pProp) MsgSetUxTradMsg(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr)); } else if(isProp("pszTAG")) { MsgSetTAG(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr)); + } else if(isProp("pszInputName")) { + MsgSetInputName(pThis, (char*) rsCStrGetSzStrNoNULL(pProp->val.pStr)); } else if(isProp("pszRcvFromIP")) { MsgSetRcvFromIP(pThis, rsCStrGetSzStrNoNULL(pProp->val.pStr)); } else if(isProp("pszRcvFrom")) { @@ -2430,6 +2466,7 @@ BEGINObjClassInit(msg, 1, OBJ_IS_CORE_MODULE) /* request objects we use */ CHKiRet(objUse(var, CORE_COMPONENT)); CHKiRet(objUse(datetime, CORE_COMPONENT)); + CHKiRet(objUse(glbl, CORE_COMPONENT)); /* set our own handlers */ OBJSetMethodHandler(objMethod_SERIALIZE, MsgSerialize); diff --git a/runtime/msg.h b/runtime/msg.h index c428237a..21cb2c64 100644 --- a/runtime/msg.h +++ b/runtime/msg.h @@ -91,9 +91,11 @@ struct msg { int iLenRcvFrom; /* Length of pszRcvFrom */ uchar *pszRcvFromIP; /* IP of system message was received from */ int iLenRcvFromIP; /* Length of pszRcvFromIP */ + uchar *pszInputName; /* name of the input module that submitted this message */ + int iLenInputName; /* Length of pszInputName */ short iProtocolVersion;/* protocol version of message received 0 - legacy, 1 syslog-protocol) */ cstr_t *pCSProgName; /* the (BSD) program name */ - cstr_t *pCSStrucData;/* STRUCTURED-DATA */ + cstr_t *pCSStrucData; /* STRUCTURED-DATA */ cstr_t *pCSAPPNAME; /* APP-NAME */ cstr_t *pCSPROCID; /* PROCID */ cstr_t *pCSMSGID; /* MSGID */ @@ -135,6 +137,7 @@ char *getSeverity(msg_t *pM); char *getSeverityStr(msg_t *pM); char *getFacility(msg_t *pM); char *getFacilityStr(msg_t *pM); +void MsgSetInputName(msg_t *pMsg, char*); rsRetVal MsgSetAPPNAME(msg_t *pMsg, char* pszAPPNAME); char *getAPPNAME(msg_t *pM); rsRetVal MsgSetPROCID(msg_t *pMsg, char* pszPROCID); diff --git a/runtime/obj.c b/runtime/obj.c index 082aa691..2a9df9ed 100644 --- a/runtime/obj.c +++ b/runtime/obj.c @@ -780,7 +780,7 @@ Deserialize(void *ppObj, uchar *pszTypeExpected, strm_t *pStrm, rsRetVal (*fFixu DEFiRet; rsRetVal iRetLocal; obj_t *pObj = NULL; - int oVers = 0; /* after all, it is totally useless but takes up some execution time... */ + int oVers = 0; /* keep compiler happy, but it is totally useless but takes up some execution time... */ cstr_t *pstrID = NULL; objInfo_t *pObjInfo; diff --git a/tcps_sess.c b/tcps_sess.c index 0cb23fd0..f5420fc0 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -229,7 +229,8 @@ PrepareClose(tcps_sess_t *pThis) * this case. */ dbgprintf("Extra data at end of stream in legacy syslog/tcp message - processing\n"); - parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY); + parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, + NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */ pThis->bAtStrtOfFram = 1; } @@ -311,7 +312,8 @@ processDataRcvd(tcps_sess_t *pThis, char c) if(pThis->iMsg >= iMaxLine) { /* emergency, we now need to flush, no matter if we are at end of message or not... */ dbgprintf("error: message received is larger than max msg size, we split it\n"); - parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY); + parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, + MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */ pThis->iMsg = 0; /* we might think if it is better to ignore the rest of the * message than to treat it as a new one. Maybe this is a good @@ -321,7 +323,8 @@ processDataRcvd(tcps_sess_t *pThis, char c) } if(c == '\n' && pThis->eFraming == TCP_FRAMING_OCTET_STUFFING) { /* record delemiter? */ - parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY); + parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, + MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */ pThis->iMsg = 0; pThis->inputState = eAtStrtFram; } else { @@ -339,7 +342,8 @@ processDataRcvd(tcps_sess_t *pThis, char c) pThis->iOctetsRemain--; if(pThis->iOctetsRemain < 1) { /* we have end of frame! */ - parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY); + parseAndSubmitMessage(pThis->fromHost, pThis->fromHostIP, pThis->pMsg, pThis->iMsg, + MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_LIGHT_DELAY, NULL); /* TODO: add real InputName */ pThis->iMsg = 0; pThis->inputState = eAtStrtFram; } diff --git a/tools/syslogd.c b/tools/syslogd.c index bf42a7ef..96fbee05 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -576,8 +576,14 @@ void untty(void) * rgerhards, 2008-05-16: * I added an additional calling parameter (hnameIP) to enable specifying the IP * of a remote host. + * + * rgerhards, 2008-09-11: + * Interface change: added new parameter "InputName", permits the input to provide + * a string that identifies it. May be NULL, but must be a valid char* pointer if + * non-NULL. */ -rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int flags, flowControl_t flowCtlType) +rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int flags, flowControl_t flowCtlType, + uchar *pszInputName) { DEFiRet; register uchar *p; @@ -586,6 +592,8 @@ rsRetVal printline(uchar *hname, uchar *hnameIP, uchar *msg, int bParseHost, int /* Now it is time to create the message object (rgerhards) */ CHKiRet(msgConstruct(&pMsg)); + if(pszInputName != NULL) + MsgSetInputName(pMsg, (char*) pszInputName); MsgSetFlowControlType(pMsg, flowCtlType); MsgSetRawMsg(pMsg, (char*)msg); @@ -671,9 +679,15 @@ finalize_it: * rgerhards, 2008-05-16: * I added an additional calling parameter (hnameIP) to enable specifying the IP * of a remote host. + * + * rgerhards, 2008-09-11: + * Interface change: added new parameter "InputName", permits the input to provide + * a string that identifies it. May be NULL, but must be a valid char* pointer if + * non-NULL. */ rsRetVal -parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType) +parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bParseHost, int flags, flowControl_t flowCtlType, + uchar *pszInputName) { DEFiRet; register int iMsg; @@ -786,7 +800,7 @@ parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bPa */ if(iMsg == iMaxLine) { *(pMsg + iMsg) = '\0'; /* space *is* reserved for this! */ - printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType); + printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType, pszInputName); } else { /* This case in theory never can happen. If it happens, we have * a logic error. I am checking for it, because if I would not, @@ -838,7 +852,7 @@ parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int bPa *(pMsg + iMsg) = '\0'; /* space *is* reserved for this! */ /* typically, we should end up here! */ - printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType); + printline(hname, hnameIP, tmpline, bParseHost, flags, flowCtlType, pszInputName); finalize_it: if(tmpline != NULL) @@ -881,6 +895,7 @@ logmsgInternal(int iErr, int pri, uchar *msg, int flags) DEFiRet; CHKiRet(msgConstruct(&pMsg)); + MsgSetInputName(pMsg, "rsyslogd"); MsgSetUxTradMsg(pMsg, (char*)msg); MsgSetRawMsg(pMsg, (char*)msg); MsgSetHOSTNAME(pMsg, (char*)glbl.GetLocalHostName()); -- cgit