From e4c926bfbca3aab3fe34fc9cfedb7343423de016 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 5 Aug 2010 15:44:01 +0200 Subject: changed omudpspoof default spoof address to simplify typical use case --- ChangeLog | 2 ++ doc/omudpspoof.html | 23 +++++++++++++++++++---- plugins/omudpspoof/omudpspoof.c | 9 ++++----- tools/syslogd.c | 3 +++ 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 099f57da..f27ddd6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ --------------------------------------------------------------------------- Version 5.5.7 [V5-BETA] (rgerhards), 2010-08-?? +- changed omudpspoof default spoof address to simplify typical use case + thanks to David Lang for suggesting this - doc bugfix: pmlastmsg doc samples had errors - bugfix[minor]: pmrfc3164sd had invalid name (resided in rsyslog name space, what should not be the case for a contributed module) diff --git a/doc/omudpspoof.html b/doc/omudpspoof.html index 64f83752..16cb9b13 100644 --- a/doc/omudpspoof.html +++ b/doc/omudpspoof.html @@ -17,10 +17,15 @@ source ports.

Configuration Directives:

Sample:

+

The following sample forwards all syslog messages in standard form to the +remote server server.example.com. The original sender's address is used. We do not +care about the source port. This example is considered the typical use case for +omudpspoof. +

+ +

The following sample forwards all syslog messages in unmodified form to the -remote server server.example.com. The sender address 192.0.2.1 with the fixed +remote server server.example.com. The sender address 192.0.2.1 with fixed source port 514 is used.

-

The following sample is similar to the first, but uses as many defaults as possible. +

The following sample is similar to the previous, but uses as many defaults as possible. In that sample, a source port in the range 32000..42000 is used. The message is formatted according to rsyslog's canned default forwarding format. Note that if any parameters have been changed, the previously set defaults will be used! diff --git a/plugins/omudpspoof/omudpspoof.c b/plugins/omudpspoof/omudpspoof.c index 50bc6c9a..3ead5447 100644 --- a/plugins/omudpspoof/omudpspoof.c +++ b/plugins/omudpspoof/omudpspoof.c @@ -381,6 +381,7 @@ ENDdoAction BEGINparseSelectorAct + uchar *sourceTpl; CODESTARTparseSelectorAct CODE_STD_STRING_REQUESTparseSelectorAct(2) /* first check if this config line is actually for us */ @@ -392,10 +393,8 @@ CODE_STD_STRING_REQUESTparseSelectorAct(2) p += sizeof(":omudpspoof:") - 1; /* eat indicator sequence (-1 because of '\0'!) */ CHKiRet(createInstance(&pData)); - if(pszSourceNameTemplate == NULL) { - errmsg.LogError(0, NO_ERRCODE, "No $ActionOMUDPSpoofSourceNameTemplate given, can not continue with this action."); - ABORT_FINALIZE(RS_RET_NO_SRCNAME_TPL); - } + sourceTpl = (pszSourceNameTemplate == NULL) ? UCHAR_CONSTANT("RSYSLOG_omudpspoofDfltSourceTpl") + : pszSourceNameTemplate; if(pszTargetHost == NULL) { errmsg.LogError(0, NO_ERRCODE, "No $ActionOMUDPSpoofTargetHost given, can not continue with this action."); @@ -408,7 +407,7 @@ CODE_STD_STRING_REQUESTparseSelectorAct(2) pData->port = NULL; else CHKmalloc(pData->port = ustrdup(pszTargetPort)); - CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(pszSourceNameTemplate), OMSR_NO_RQD_TPL_OPTS)); + CHKiRet(OMSRsetEntry(*ppOMSR, 1, ustrdup(sourceTpl), OMSR_NO_RQD_TPL_OPTS)); pData->compressionLevel = iCompressionLevel; pData->sourcePort = pData->sourcePortStart = iSourcePortStart; pData->sourcePortEnd = iSourcePortEnd; diff --git a/tools/syslogd.c b/tools/syslogd.c index 9b7b77ab..2c8c3e17 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -333,6 +333,7 @@ static uchar template_WallFmt[] = "\"\r\n\7Message from syslogd@%HOSTNAME% at %t static uchar template_StdUsrMsgFmt[] = "\" %syslogtag%%msg%\n\r\""; static uchar template_StdDBFmt[] = "\"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')\",SQL"; static uchar template_StdPgSQLFmt[] = "\"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-pgsql%', '%timegenerated:::date-pgsql%', %iut%, '%syslogtag%')\",STDSQL"; +static uchar template_spoofadr[] = "\"%fromhost-ip%\""; /* end templates */ @@ -2168,6 +2169,8 @@ static rsRetVal mainThread() tplAddLine(" StdDBFmt", &pTmp); pTmp = template_StdPgSQLFmt; tplLastStaticInit(tplAddLine(" StdPgSQLFmt", &pTmp)); + pTmp = template_spoofadr; + tplLastStaticInit(tplAddLine("RSYSLOG_omudpspoofDfltSourceTpl", &pTmp)); CHKiRet(init()); -- cgit