From addadb75ebd22d1175c7e20d1095e35a46b71448 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 25 Jun 2008 12:52:18 +0200 Subject: bugfix: comments after actions were not properly treated. For some actions (e.g. forwarding(, this could also lead to invalid configuration. --- ChangeLog | 2 ++ conf.c | 10 ++++------ omfwd.c | 27 +++++++++------------------ plugins/omgssapi/omgssapi.c | 21 +++++++-------------- 4 files changed, 22 insertions(+), 38 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e515f87..0e962776 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ --------------------------------------------------------------------------- Version 3.17.5 (rgerhards), 2008-06-?? +- bugfix: comments after actions were not properly treated. For some + actions (e.g. forwarding(, this could also lead to invalid configuration --------------------------------------------------------------------------- Version 3.17.4 (rgerhards), 2008-06-16 - changed default for $KlogSymbolLookup to "off". The directive is diff --git a/conf.c b/conf.c index e11c609f..5a53480f 100644 --- a/conf.c +++ b/conf.c @@ -473,28 +473,26 @@ rsRetVal cflineParseTemplateName(uchar** pp, omodStringRequest_t *pOMSR, int iEn { uchar *p; uchar *tplName; - DEFiRet; cstr_t *pStrB; + DEFiRet; ASSERT(pp != NULL); ASSERT(*pp != NULL); ASSERT(pOMSR != NULL); p =*pp; - /* a template must follow - search it and complain, if not found - */ + /* a template must follow - search it and complain, if not found */ skipWhiteSpace(&p); if(*p == ';') ++p; /* eat it */ else if(*p != '\0' && *p != '#') { errmsg.LogError(NO_ERRCODE, "invalid character in selector line - ';template' expected"); - iRet = RS_RET_ERR; - goto finalize_it; + ABORT_FINALIZE(RS_RET_ERR); } skipWhiteSpace(&p); /* go to begin of template name */ - if(*p == '\0') { + if(*p == '\0' || *p == '#') { /* no template specified, use the default */ /* TODO: check NULL ptr */ tplName = (uchar*) strdup((char*)dfltTplName); diff --git a/omfwd.c b/omfwd.c index 67ef4b64..dfa9b98b 100644 --- a/omfwd.c +++ b/omfwd.c @@ -502,7 +502,7 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') * now skip to port and then template name. rgerhards 2005-07-06 */ - for(q = p ; *p && *p != ';' && *p != ':' ; ++p) + for(q = p ; *p && *p != ';' && *p != ':' && *p != '#' ; ++p) /* JUST SKIP */; pData->port = NULL; @@ -528,30 +528,22 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) /* now skip to template */ bErr = 0; - while(*p && *p != ';') { - if(*p && *p != ';' && !isspace((int) *p)) { - if(bErr == 0) { /* only 1 error msg! */ - bErr = 1; - errno = 0; - errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " - "what was intended"); - } - } - ++p; - } - + while(*p && *p != ';' && *p != '#' && !isspace((int) *p)) + ++p; /*JUST SKIP*/ + /* TODO: make this if go away! */ - if(*p == ';') { + if(*p == ';' || *p == '#' || isspace(*p)) { + uchar cTmp = *p; *p = '\0'; /* trick to obtain hostname (later)! */ CHKmalloc(pData->f_hname = strdup((char*) q)); - *p = ';'; + *p = cTmp; } else { CHKmalloc(pData->f_hname = strdup((char*) q)); } /* process template */ CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, - (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); + (pszTplName == NULL) ? (uchar*)"RSYSLOG_TraditionalForwardFormat" : pszTplName)); /* first set the pData->eDestState */ memset(&hints, 0, sizeof(hints)); @@ -566,8 +558,7 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) pData->eDestState = eDestFORW; pData->f_addr = res; } - /* - * Otherwise the host might be unknown due to an + /* Otherwise the host might be unknown due to an * inaccessible nameserver (perhaps on the same * host). We try to get the ip number later, like * FORW_SUSP. diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c index 28c3880b..34abfe0a 100644 --- a/plugins/omgssapi/omgssapi.c +++ b/plugins/omgssapi/omgssapi.c @@ -554,7 +554,7 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') * now skip to port and then template name. rgerhards 2005-07-06 */ - for(q = p ; *p && *p != ';' && *p != ':' ; ++p) + for(q = p ; *p && *p != ';' && *p != ':' && *p != '#' ; ++p) /* JUST SKIP */; pData->port = NULL; @@ -578,25 +578,18 @@ CODE_STD_STRING_REQUESTparseSelectorAct(1) } } + /* now skip to template */ bErr = 0; - while(*p && *p != ';') { - if(*p && *p != ';' && !isspace((int) *p)) { - if(bErr == 0) { /* only 1 error msg! */ - bErr = 1; - errno = 0; - errmsg.LogError(NO_ERRCODE, "invalid selector line (port), probably not doing " - "what was intended"); - } - } - ++p; - } + while(*p && *p != ';' && *p != '#' && !isspace((int) *p)) + ++p; /*JUST SKIP*/ /* TODO: make this if go away! */ - if(*p == ';') { + if(*p == ';' || *p == '#' || isspace(*p)) { + uchar cTmp = *p; *p = '\0'; /* trick to obtain hostname (later)! */ CHKmalloc(pData->f_hname = strdup((char*) q)); - *p = ';'; + *p = cTmp; } else { CHKmalloc(pData->f_hname = strdup((char*) q)); } -- cgit From 86414704b48e4f011f8f5a0fd7f0b1a523b90bdc Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 25 Jun 2008 12:56:39 +0200 Subject: fixed typo --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0e962776..c40545a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ --------------------------------------------------------------------------- Version 3.17.5 (rgerhards), 2008-06-?? - bugfix: comments after actions were not properly treated. For some - actions (e.g. forwarding(, this could also lead to invalid configuration + actions (e.g. forwarding), this could also lead to invalid configuration --------------------------------------------------------------------------- Version 3.17.4 (rgerhards), 2008-06-16 - changed default for $KlogSymbolLookup to "off". The directive is -- cgit From b46151989f97aaa3bc520c56f3c87fe2bc068958 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 25 Jun 2008 14:55:04 +0200 Subject: preparing for 3.16.2 release --- ChangeLog | 2 +- configure.ac | 2 +- doc/manual.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b91f79be..831f5aa2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,5 @@ --------------------------------------------------------------------------- -Version 3.16.2 (rgerhards), 2008-05-14 +Version 3.16.2 (rgerhards), 2008-06-25 - fixed potential segfault due to invalid call to cfsysline thanks to varmojfekoj for the patch - bugfix: some whitespaces where incorrectly not ignored when parsing diff --git a/configure.ac b/configure.ac index 8f107207..cac215ff 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[3.16.1],[rsyslog@lists.adiscon.com]) +AC_INIT([rsyslog],[3.16.2],[rsyslog@lists.adiscon.com]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([syslogd.c]) AC_CONFIG_HEADERS([config.h]) diff --git a/doc/manual.html b/doc/manual.html index 3792fad8..21cfe396 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -16,7 +16,7 @@ relay chains while at the same time being very easy to setup for the novice user. And as we know what enterprise users really need, there is also professional rsyslog support available directly from the source!

-

This documentation is for version 3.16.1 (v3-stable branch) of rsyslog. +

This documentation is for version 3.16.2 (v3-stable branch) of rsyslog. Visit the rsyslog status page to obtain current version information and project status.

If you like rsyslog, you might -- cgit From 2f405ef14aa6427ff8e2a02304dd9c00e431fd3a Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 27 Jun 2008 16:11:49 +0200 Subject: added doc: howto set up a reliable connection to remote server via queued mode (and plain tcp protocol) --- ChangeLog | 2 + doc/manual.html | 15 ++-- doc/rsyslog_reliable_forwarding.html | 152 +++++++++++++++++++++++++++++++++++ 3 files changed, 160 insertions(+), 9 deletions(-) create mode 100644 doc/rsyslog_reliable_forwarding.html diff --git a/ChangeLog b/ChangeLog index 7861ca49..850a4771 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ --------------------------------------------------------------------------- Version 3.17.5 (rgerhards), 2008-06-?? +- added doc: howto set up a reliable connection to remote server via + queued mode (and plain tcp protocol) - bugfix: comments after actions were not properly treated. For some actions (e.g. forwarding), this could also lead to invalid configuration --------------------------------------------------------------------------- diff --git a/doc/manual.html b/doc/manual.html index c3a623f1..a416277a 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -50,14 +50,11 @@ modules

  • rsyslogd man page

    We have some in-depth papers on

    Our rsyslog history page is for you if you would like to learn a little more diff --git a/doc/rsyslog_reliable_forwarding.html b/doc/rsyslog_reliable_forwarding.html new file mode 100644 index 00000000..870ca9b7 --- /dev/null +++ b/doc/rsyslog_reliable_forwarding.html @@ -0,0 +1,152 @@ + +Reliable Forwarding of syslog Messages (via plain TCP syslog) + + +

    Reliable Forwarding of syslog Messages with Rsyslog

    +

    Written by + Rainer + Gerhards (2008-06-27)

    +

    Abstract

    +

    In this paper, I describe how to forward +syslog + + messages (quite) reliable to a central rsyslog server. +This depends on rsyslog being installed on the client system and +it is recommended to have it installed on the server system. Please note +that industry-standard +plain TCP syslog protocol is not fully reliable +(thus the "quite reliable"). If you need a truely reliable solution, you need +to look into RELP (natively supported by rsyslog).

    + +

    The Intention

    +

    Whenever two systems talk over a network, something can go wrong. +For example, the communications link may go down, or a client or server may abort. +Even in regular cases, the server may be offline for a short period of time +because of routine maintenance. +

    A logging system should be capable of avoiding message loss in situations where the +server is not reachable. To do so, unsent data needs to be buffered at the client while the +server is offline. Then, once the server is up again, this data is to be sent. +

    This can easily be acomplished by rsyslog. In rsyslog, every action runs on its own queue +and each queue can be set to buffer data if the action is not ready. Of course, +you must be able to detect that "the action is not ready", which means the remote +server is offline. This can be detected with plain TCP syslog and RELP, but not with UDP. +So you need to use either of the two. In this howto, we use plain TCP syslog. +

    Please note that we are using rsyslog-specific features. The are required on the +client, but not on the server. So the client system must run rsyslog (at least version 3.12.0), while on the +server another syslogd may be running, as long as it supports plain tcp syslog. +

    The rsyslog queueing subsystem tries to buffer to memory. So even if the +remote server goes +offline, no disk file is generated. File on disk are created only if there is +need to, for example if rsyslog runs out of (configured) memory queue space or needs +to shutdown (and thus persist yet unsent messages). Using main memory and going to the +disk when needed is a huge performance benefit. You do not need to care about it, +because, all of it is handled automatically and transparently by rsyslog.

    +

    How To Setup

    +

    First, you need to create a working directory for rsyslog. This is where it +stores its queue files (should need arise). You may use any location on your +local system. +

    Next, you need to do is instruct rsyslog to use a +disk queue and then configure your action. There is nothing else to do. With the +following simple config file, you forward anything you receive to a remote server +and have buffering applied automatically when it goes down. This must be done on the +client machine.

    + +

    The port given above is optional. It may not be specified, in which case you only +provide the server name. The "$ActionQueueFileName" is used to create queue files, should need +arise. This value must be unique inside rsyslog.conf. No two rules must use the same queue file. +Also, for obvious reasons, it must only contain those characters that can be used inside a +valid file name. Rsyslog possibly adds some characters in front and/or at the end of that name +when it creates files. So that name should not be at the file size name length limit (which +should not be a problem these days). +

    Please note that actual spool files are only created if the remote server is down +and there is no more space in the in-memory queue. By default, a short failure +of the remote server will never result in the creation of a disk file as a couple of +hundered messages can be held in memory by default. [These parameters can be fine-tuned. However, +then you need to either fully understand how the queue works +(read elaborate doc) or +use professional services +to have it done based on +your specs ;) - what that means is that fine-tuning queue parameters is far from +being trivial...] +

    If you would like to test if your buffering scenario works, you need to +stop, wait a while and restart you central server. Do not watch for files being created, +as this usually does not happen and never happens immediately. + +

    Forwarding to More than One Server

    +

    If you have more than one server you would like to forward to, that's quickly done. +Rsyslog has no limit on the number or type of actions, so you can define as many targets +as you like. What is important to know, however, is that the full set of directives make +up an action. So you can not simply add (just) a second forwarding rule, but need to +duplicate the rule configuration as well. Be careful that you use different queue +file names for the second action, else you will mess up your system. +

    A sample for forwarding to two hosts looks like this: +

    + +

    Note the filename used for the first rule it is "srvrfwd1" and for the second it +is "srvrfwd2". I have used a server without port name in the second forwarding rule. +This was just to illustrate how this can be done. You can also specify a port there +(or drop the port from server1). +

    When there are multiple action queues, they all work independently. Thus, if server1 +goes down, server2 still receives data in real-time. The client will not block +and wait for server1 to come back online. Similarily, server1's operation will not +be affected by server2's state. + +

    Some Final Words on Reliability ...

    +

    Using plain TCP syslog provides a lot of reliability over UDP syslog. However, +plain TCP syslog is not a fully reliable transport. In order to get full reliability, +you need to use the RELP protocol. +

    Folow the next link to learn more about +the +problems you may encounter with plain tcp syslog. +

    Feedback requested

    +

    I would appreciate feedback on this tutorial. If you have additional ideas, +comments or find bugs (I *do* bugs - no way... ;)), please +let me know.

    +

    Revision History

    + +

    Copyright

    +

    Copyright (c) 2008 +Rainer Gerhards and +Adiscon.

    +

    Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.2 + or any later version published by the Free Software Foundation; + with no Invariant Sections, no Front-Cover Texts, and no Back-Cover + Texts. A copy of the license can be viewed at + +http://www.gnu.org/copyleft/fdl.html.

    + + -- cgit From b9a6f0e19240ce2e8f08b35903deaf99a0109359 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 27 Jun 2008 17:13:39 +0200 Subject: preparing for 3.17.5 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 850a4771..0169a2fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,5 @@ --------------------------------------------------------------------------- -Version 3.17.5 (rgerhards), 2008-06-?? +Version 3.17.5 (rgerhards), 2008-06-27 - added doc: howto set up a reliable connection to remote server via queued mode (and plain tcp protocol) - bugfix: comments after actions were not properly treated. For some -- cgit From 87d891e532d96cd93ea87ae554e975ec57bf580a Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 27 Jun 2008 17:24:30 +0200 Subject: added forgotten html file to distribution tarball --- doc/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Makefile.am b/doc/Makefile.am index 6eb82b81..653ed627 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -21,6 +21,7 @@ html_files = \ rsyslog_high_database_rate.html \ rsyslog_php_syslog_ng.html \ rsyslog_recording_pri.html \ + rsyslog_reliable_forwarding.html \ rsyslog_stunnel.html \ syslog-protocol.html \ version_naming.html \ -- cgit From a16cbe655541421fefdcc852087219228bbc5c94 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 1 Jul 2008 12:46:14 +0200 Subject: doc: added info on which version ommail was first available with --- doc/ommail.html | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/ommail.html b/doc/ommail.html index ba06a366..62ded6d0 100644 --- a/doc/ommail.html +++ b/doc/ommail.html @@ -5,6 +5,7 @@

    Mail Output Module (ommail)

    Module Name:    ommail

    +

    Available since:    3.17.0

    Author: Rainer Gerhards <rgerhards@adiscon.com>

    Description:

    -- cgit