From 413fba03dc88bafb581554bcb07eacfdb9327588 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 8 Apr 2008 11:48:07 +0200 Subject: finalized mail output support --- doc/features.html | 4 +- doc/ommail.html | 107 +++++++++++++++++++++++++++++++++++++++++ doc/rsyslog_conf.html | 2 +- doc/rsyslog_ng_comparison.html | 18 ++++--- plugins/ommail/ommail.c | 36 +++++++++++--- rsyslog.h | 2 + 6 files changed, 154 insertions(+), 15 deletions(-) create mode 100644 doc/ommail.html diff --git a/doc/features.html b/doc/features.html index f74f2aaf..13fc34c6 100644 --- a/doc/features.html +++ b/doc/features.html @@ -23,7 +23,7 @@ to MySQL databases

native support for writing to Postgres databases

direct support for Firebird/Interbase, OpenTDS (MS SQL, Sybase), SQLLite, Ingres, Oracle, and mSQL via libdbi, -a database abstraction layer (almost as good as native)

+a database abstraction layer (almost as good as native)

native support for sending mail messages (first seen in 3.17.0)

support for (plain) tcp based syslog - much better reliability

support for sending and receiving compressed syslog messages

@@ -35,7 +35,7 @@ into syslog messages (one per line)

ability to configure backup syslog/database servers - if the primary fails, control is switched to a prioritized list of backups

support for receiving messages via reliable -RFC 3195 delivery

+RFC 3195 delivery (a bit clumpsy to build right now...)

ability to generate file names and directories (log targets) dynamically, based on many different properties

control of log output format, including ability to present diff --git a/doc/ommail.html b/doc/ommail.html new file mode 100644 index 00000000..e147e94c --- /dev/null +++ b/doc/ommail.html @@ -0,0 +1,107 @@ + +mail output module - sending syslog messages via mail + + + +

Mail Output Module (ommail)

Module Name: ommail

Author: Rainer Gerhards +<rgerhards@adiscon.com>

Description:

This module supports sending syslog messages via mail. Each +syslog message is sent via its own mail. Obviously, you will want to +apply rigorous filtering, otherwise your mailbox (and mail server) will +be heavily spammed. The ommail plugin is primarily meant for alerting +users. As such, it is assume that mails will only be sent in an +extremely limited number of cases.

Please note that ommail is especially well-suited to work in +tandem with imfile to +watch files for the occurence of specific things to be alerted on. So +its scope is far broader than forwarding syslog messages to mail +recipients.

+Ommail uses two templates, one for the mail body and one for the +subject line. If neither is provided, a quite meaningless subject line +is used and the mail body will be a syslog message just as if it were +written to a file. It is expected that the users customizes both +messages. In an effort to support cell phones (including SMS gateways), +there is an option to turn off the body part at all. This is considered +to be useful to send a short alert to a pager-like device. +

Configuration Directives:

$ActionMailSMTPServer
+Name or IP address of the SMTP server to be used. Must currently be +set. The default is 127.0.0.1, the SMTP server on the local machine. +Obviously it is not good to expect one to be present on each machine, +so this value should be specified.
+
$ActionMailSMTPPort
+Port number or name of the SMTP port to be used. The default is 25, the +standard SMTP port.
$ActionMailFrom
+The email address used as the senders address. There is no default.
$ActionMailTo
+The recipients email address. There is no default.
$ActionMailSubject
+The name of the template +to be used as the mail subject. If this is not specified, a more or +less meaningless mail subject is generated (we don't tell you the exact +text because that can change - if you want to have something specific, +configure it!).
$ActionMailEnableBody
+Setting this to "off" permits to exclude the actual message body. This +may be useful for pager-like devices or cell phone SMS messages. The +default is "on", which is appropriate for allmost all cases. Turn it +off only if you know exactly what you do!

+Caveats/Known Bugs: +

The current ommail implementation supports SMTP-direct mode +only. In that mode, the plugin talks to the mail server via SMTP +protocol. No other process is involved. This mode offers best +reliability as it is not depending on any external entity except the +mail server. Mail server downtime is acceptable if the action is put +onto its own action queue, so that it may wait for the SMTP server to +come back online. However, the module implements only the bare SMTP +essentials. Most importantly, it does not provide any authentication +capabilities. So your mail server must be configured to accept incoming +mail from ommail without any authentication needs (this may be change +in the future as need arises, but you may also be referred to +sendmail-mode).

In theory, ommail should also offer a mode where it uses the +sendmail utility to send its mail (sendmail-mode). +This is somewhat less reliable (because we depend on an entity we do +not have close control over - sendmail). It also requires dramatically +more system ressources, as we need to load the external process (but +that should be no problem given the expected infrequent number of calls +into this plugin). The big advantage of sendmail mode is that it +supports all the bells and whistles of a full-blown SMTP implementation +and may even work for local delivery without a SMTP server being +present. Sendmail mode will be implemented as need arises. So if you +need it, please drop us a line (I nobody does, sendmail mode will +probably never be implemented).

Sample:

The following sample alerts the operator if the string "hard +disk fatal failure" is present inside a syslog message. The mail server +at mail.example.net is used and the subject shall be "disk problem on +<hostname>". Note how \r\n is included inside the body +text +to create line breaks.
+

+ +

[rsyslog.conf overview] +[manual index] [rsyslog site]

This documentation is part of the +rsyslog +project.
+Copyright © 2008 by Rainer +Gerhards and +Adiscon. +Released under the GNU GPL version 3 or higher.

+ \ No newline at end of file diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 2a0f0c60..481abb38 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -32,7 +32,7 @@ trap output module

omrelp - RELP output module

ompgsql - output module for PostgreSQL

omlibdbi - generic database output module (Firebird/Interbase, MS SQL, Sybase, -SQLLite, Ingres, Oracle, mSQL)

+SQLLite, Ingres, Oracle, mSQL)

ommail - permits rsyslog to alert folks by mail if something important happens

imfile - input module for text files

imrelp - RELP input module

imudp - udp syslog message input

diff --git a/doc/rsyslog_ng_comparison.html b/doc/rsyslog_ng_comparison.html index 4ee8c10b..28413337 100644 --- a/doc/rsyslog_ng_comparison.html +++ b/doc/rsyslog_ng_comparison.html @@ -1,11 +1,11 @@ - -rsyslog vs. syslog-ng - a comparison +rsyslog vs. syslog-ng - a comparison +

rsyslog vs. syslog-ng

Written by Rainer Gerhards -(2008-02-28)

+(2008-04-08)

We have often been asked about a comparison sheet between rsyslog and syslog-ng. Unfortunately, I do not know much about syslog-ng, I did not even use it once. Also, there seems to be no @@ -341,7 +341,9 @@ be placed on different disk ability to process spooled messages only during a configured timeframe (e.g. process messages only during off-peak hours, during peak hours they are enqueued only) -yes
(can independently be configured for the main queue and each action queue) +yes
+(can independently be configured for the main queue and each action +queue) no @@ -424,6 +426,10 @@ including ability to present channel and priority as visible log data yes not sure... +native ability to send mail messages +yes (ommail, introduced in 3.17.0) +not sure... + good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone @@ -572,6 +578,6 @@ feature sheet. I have not yet been able to fully work through it. In the mean time, you may want to read it in parallel. It is available at Balabit's site.

This document is current as of 2008-04-07 and definitely +

This document is current as of 2008-04-08 and definitely incomplete (I did not yet manage to complete it!).

- + \ No newline at end of file diff --git a/plugins/ommail/ommail.c b/plugins/ommail/ommail.c index 944a2870..218c73c9 100644 --- a/plugins/ommail/ommail.c +++ b/plugins/ommail/ommail.c @@ -49,12 +49,14 @@ #include "srUtils.h" #include "cfsysline.h" #include "module-template.h" +#include "errmsg.h" MODULE_TYPE_OUTPUT /* internal structures */ DEF_OMOD_STATIC_DATA +DEFobjCurrIf(errmsg) static uchar *pszSrv = NULL; static uchar *pszSrvPort = NULL; @@ -183,15 +185,27 @@ serverConnect(instanceData *pData) { struct addrinfo *res = NULL; struct addrinfo hints; + char *smtpPort; + char *smtpSrv; char errStr[1024]; DEFiRet; assert(pData != NULL); + if(pData->md.smtp.pszSrv == NULL) + smtpSrv = "127.0.0.1"; + else + smtpSrv = (char*)pData->md.smtp.pszSrv; + + if(pData->md.smtp.pszSrvPort == NULL) + smtpPort = "25"; + else + smtpPort = (char*)pData->md.smtp.pszSrvPort; + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; /* TODO: make configurable! */ hints.ai_socktype = SOCK_STREAM; - if(getaddrinfo((char*)pData->md.smtp.pszSrv, (char*)pData->md.smtp.pszSrvPort, &hints, &res) != 0) { + if(getaddrinfo(smtpSrv, smtpPort, &hints, &res) != 0) { dbgprintf("error %d in getaddrinfo\n", errno); ABORT_FINALIZE(RS_RET_IO_ERROR); } @@ -510,6 +524,19 @@ CODESTARTparseSelectorAct FINALIZE; /* TODO: check strdup() result */ + + if(pszFrom == NULL) { + errmsg.LogError(NO_ERRCODE, "no sender address given - specify $ActionMailFrom"); + ABORT_FINALIZE(RS_RET_MAIL_NO_FROM); + } + if(pszTo == NULL) { + errmsg.LogError(NO_ERRCODE, "no recipient address given - specify $ActionMailTo"); + ABORT_FINALIZE(RS_RET_MAIL_NO_TO); + } + + pData->md.smtp.pszFrom = (uchar*) strdup((char*)pszFrom); + pData->md.smtp.pszTo = (uchar*) strdup((char*)pszTo); + if(pszSubject == NULL) { /* if no subject is configured, we need just one template string */ CODE_STD_STRING_REQUESTparseSelectorAct(1) @@ -522,10 +549,6 @@ CODESTARTparseSelectorAct pData->md.smtp.pszSrv = (uchar*) strdup((char*)pszSrv); if(pszSrvPort != NULL) pData->md.smtp.pszSrvPort = (uchar*) strdup((char*)pszSrvPort); - if(pszFrom != NULL) - pData->md.smtp.pszFrom = (uchar*) strdup((char*)pszFrom); - if(pszTo != NULL) - pData->md.smtp.pszTo = (uchar*) strdup((char*)pszTo); pData->bEnableBody = bEnableBody; /* process template */ @@ -566,6 +589,7 @@ CODESTARTmodExit freeConfigVariables(); /* release what we no longer need */ + objRelease(errmsg, CORE_COMPONENT); ENDmodExit @@ -591,7 +615,7 @@ CODESTARTmodInit *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ CODEmodInit_QueryRegCFSLineHdlr /* tell which objects we need */ - /* so far: none */ + CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionmailsmtpserver", 0, eCmdHdlrGetWord, NULL, &pszSrv, STD_LOADABLE_MODULE_ID)); CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionmailsmtpport", 0, eCmdHdlrGetWord, NULL, &pszSrvPort, STD_LOADABLE_MODULE_ID)); diff --git a/rsyslog.h b/rsyslog.h index b52e08b1..93b5c149 100644 --- a/rsyslog.h +++ b/rsyslog.h @@ -169,6 +169,8 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_MODULE_LOAD_ERR_INIT_FAILED = -2068, /**< module could not be loaded - init() failed */ RS_RET_NO_SOCKET = -2069, /**< socket could not be obtained or was not provided */ RS_RET_SMTP_ERROR = -2070, /**< error during SMTP transation */ + RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */ + RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ -- cgit